nuclei-templates/http/vulnerabilities/tongda/tongda-meeting-unauth.yaml

id: tongda-meeting-unauth

info:
  name: Tongda OA Meeting - Unauthorized Access
  author: SleepingBag945
  severity: medium
  description: |
    Tongda Meeting Unauthorized Access were Detected.
  reference:
    - https://github.com/hktalent/scan4all/blob/2a7faf7862265eab33699034fd193bcf11b44e0f/config/poc/%E9%80%9A%E8%BE%BEoa/%E9%80%9A%E8%BE%BEoa-meeting-unauthorized-access.json#L10
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="TDXK-通达OA"
    product: office_anywhere
    vendor: tongda2000
  tags: tongda,unauth,misconfig

  classification:
    cpe: cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*
http:
  - method: GET
    path:
      - "{{BaseURL}}/general/calendar/arrange/get_cal_list.php?starttime=1548058874&endtime=33165447106&view=agendaDay"

    matchers:
      - type: dsl
        dsl:
          - status_code == 200 && contains(header, 'application/json')
          - contains_all(body, 'creator\":', 'originalTitle\":', 'view\":', 'type\":')
        condition: and

# digest: 4a0a00473045022029eb9d9d545baec4d0f578a10dc5d80bec85c87e3f1cf9ba17933bd242cbb164022100d83d82f1c8bde2f33f1bc331ba22cd156b9984612a602d9e47e5599a498f3dbd:922c64590222798bb761d5b6d8e72950
Minor - Updates 2023-09-06 19:45:50 +00:00			`id: tongda-meeting-unauth`

			`info:`
			`name: Tongda OA Meeting - Unauthorized Access`
			`author: SleepingBag945`
			`severity: medium`
			`description: \|`
templates update -2 2023-09-14 19:11:38 +00:00			`Tongda Meeting Unauthorized Access were Detected.`
Minor - Updates 2023-09-06 19:45:50 +00:00			`reference:`
templates update -2 2023-09-14 19:11:38 +00:00			`- https://github.com/hktalent/scan4all/blob/2a7faf7862265eab33699034fd193bcf11b44e0f/config/poc/%E9%80%9A%E8%BE%BEoa/%E9%80%9A%E8%BE%BEoa-meeting-unauthorized-access.json#L10`
Minor - Updates 2023-09-06 19:45:50 +00:00			`metadata:`
			`verified: true`
templateman update 2023-10-14 11:27:55 +00:00			`max-request: 1`
templates update -2 2023-09-14 19:11:38 +00:00			`fofa-query: app="TDXK-通达OA"`
Add missing cpes Added missing cpes 2024-09-10 08:22:50 +00:00			`product: office_anywhere`
			`vendor: tongda2000`
Minor - Updates 2023-09-06 19:45:50 +00:00			`tags: tongda,unauth,misconfig`

Add missing cpes Added missing cpes 2024-09-10 08:22:50 +00:00			`classification:`
			`cpe: cpe:2.3:a:tongda2000:office_anywhere::::::::`
Minor - Updates 2023-09-06 19:45:50 +00:00			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/general/calendar/arrange/get_cal_list.php?starttime=1548058874&endtime=33165447106&view=agendaDay"`

			`matchers:`
templates update -2 2023-09-14 19:11:38 +00:00			`- type: dsl`
			`dsl:`
			`- status_code == 200 && contains(header, 'application/json')`
			`- contains_all(body, 'creator\":', 'originalTitle\":', 'view\":', 'type\":')`
templateman update 2023-10-14 11:27:55 +00:00			`condition: and`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4a0a00473045022029eb9d9d545baec4d0f578a10dc5d80bec85c87e3f1cf9ba17933bd242cbb164022100d83d82f1c8bde2f33f1bc331ba22cd156b9984612a602d9e47e5599a498f3dbd:922c64590222798bb761d5b6d8e72950`