Weak Password of Didi taxi OA system can cause internal information leakage and password change is required
Morality often leads to flaws in wisdom. However, wisdom always fills in gaps in morality.
At first, I ran the domain name and found that OA was using seeyou, but I didn't guess the log file. Then I went to the OA background after a manual test once or twice, I don't know whether it's luck or wit? (Face of Director Jin | ~~)
The reviewer remembers to recode the vulnerability proof ~~~
OA background address:
Mask Region
1. http: // **. **. ** 2. http: // **. **. **/management/index. jsp: Password 123456
Mask Region
*****?? * ********* Address 1 ************ password 9 *****
Mask Region
*****??? * ********* 1.1 ************ password? *****
This can cause internal information leakage ~ Illustration:
Solution:
1. Restrict Access
2. Change to a complex password