Headline
CVE-2023-5297: Xinghu OA v2.3.2 sensitive information leaked · Issue #2 · magicwave18/vuldb
A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927.
1、Access the url to back up the sql file and return success successfully.
task.php?m=sys|runt&a=beifen
2、Then the sql data will be backed up to upload/data in json format.
The folder naming format is: current time.random number within 10000
The specific SQL data file name is: table name_number of fields_number of data rows. The number of fields is fixed in the data table. You only need to explode the number of rows. The number of fields in the admin table is 43, and the number of rows defaults to 8.
Finally, you need to blast the folder name (1000-9999) and the number of data rows in the OA user table
Then access the corresponding json file to obtain the backed up data, and then obtain the administrator password