SQL Injection exists in the OA system of a branch of CNPC
An OA of CNPC has SQL InjectionDetailed description:
POST /Login1.aspx HTTP/1.1Host: **.**.**.**:8080User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http:
Write a phishing page to get the website's OA system account
I found the storage type XSS before, but found that the session is actually http-only. Well, the cooking skill is not enough and cannot be obtained.So I came up with this kind of damage...
0x1 stepIf you are using phishing, do you have to place traps? So I found the most convenient and direct place! Login page...View the source code and find that this location can capture the plaintext. The
I. GoalsIn terms of permissions, implementing the functions of the Group Edition is actually the implementation mode of SAAS. In the Feifei OA system, you can set up the parent company and subsidiaries to implement the equity system between the parent company and its subsidiaries. In addition, it refers to the functional modules available to the subcompany and the system administrator of the subcompany.
The sub-company system is relatively independen
Development attempt of Tongda Oa to directly Query Form Content in a Workflow
A friend raised the need to directly query the Form Content at work. They used the workflow as a business system and used the workflow to the extreme. In order to realize the direct query function in image software, he wants to directly query the content in the form when handling the workflow.
By studying the workflow database, we can find the new version of the workflow a
Tongda OA uses C # Socket programming to replace the original operation.
Tongda OA adopts the PHP language for programming, and some IM operations adopt Socket for communication. Recently, a program needs to be implemented using C #, which involves this part. It is rewritten using C #. Further test results are required.
using System;using System.Collections.Generic;using System.Net;using System.Net.Socket
Tongda OA mysql adds a column of commands at a certain position in the table to be judged by a program.
You have to write a document and use a program in the middle to determine whether a Column exists. If it does not exist, add the document. If it does not exist, simply display a result. The written program is as follows:
If exists (select * from information_schema.columns where table_name = "flow_process" and column_name = "X_test2" AND table_sche
A new project in the lab involves OA and workflow. Although I know something about it, I have never done it. I have to spend some time learning about it. Collect several excellent WF sites in China and learn about them first. I cannot figure out how the workflow of the B/S structure is automatically completed ???
Site collection:Enterprise OA (http://www.oa789.com/index.htm)Workflow Forum (http://www.wf8
Tongda OA uses C # Socket programming to replace Socket operations in PHP. Tongda OA adopts the PHP language for programming. Similarly, some operations on IM use Socket for communication. Recently, a program needs to be implemented using C #, which involves this part. it is rewritten using C #. further test results are required.
Using System; using System. collections. generic; using System. net; usi
Simple OA, do it by yourself
OA required by the company
The function is relatively simple, took a day to do
But the architecture I think is good, using MVC, I designed it myself.
Now the function is just file classification sub-departmental storage
Only four tables, but the design of the time to consider the future of internal news, personnel, commute registration
Put up, I hope you see, give some
Tags: des style blog HTTP Io color OS ar Java
Note: This tutorial is a free OA project video my text version practice note published by Dr. Tang sunshine of Chuanzhi podcast. I use this to strengthen my development knowledge, if some netizens repost the content, please note it. Thank you.
1. Add constructor to privilege. Java in the permission class to initialize permission data, as shown below:
Public privilege (){
}
Public privilege (st
Label: style Io color ar use SP strong on CTI
Note: This tutorial isChuanzhi podcast Tang YangguangThe free OA project video posted by the lecturer my text version practice notes, I use this to enhance my development knowledge, if some netizens reprint, please note. Thank you.
1. An error is left over in the previous section.
Two passwords MD5 encryption:
Import package: commons-codec.jar
In useraction, change the password setting code:
// Use
Label: blog HTTP Ar data 2014 on log working sizeA friend raised the need to directly query the Form Content at work. They used the workflow as a business system and used the workflow to the extreme. In order to realize the direct query function in image software, he wants to directly query the content in the form when handling the workflow.By studying the workflow database, we can find the new version of the workflow and store the data in a single table. Each flow has a separate data table.By i
The My97datepicker date control is a very useful date control, a very good date control.To achieve a good page refresh, with the date control can have a better enjoyment, this time the OA calendar function also benefited from this control, the specific effect of the figure is as follows:
Part of the code:Default page layout a calendar date control
Default page CS Code:
Using System;
Using System.Collections.Generic;
Using System
Home to work new company, the first project: OA. has not done before OA, because design to workflow this piece of things, so I went to the relevant understanding, so have this blog (the following text is just personal understanding, master drift). Environment: mvc2+sql2008
The workflow is divided into several steps: form (design, parsing), process (design), merging is a complete workflow. Let's go to the p
The important position of the table in HTML, which is equivalent to the concrete frame in the building line, can be the table before the div is large. The role of the table in the page is mainly to page layout and positioning, through the integration of table planning to design a reasonable page layout.Of course, the table is more important to the role of data display, this is not the other code can be replaced.For ease of viewing, set the table border after the effect:Access
):
$ {Expression} in El expression JSP}In the ognl expression strtus2 (in the custom tag of struts2, Struts. xml ...)
Use the % {expression} in the property value of the custom tag of struts2 to use ognl}
In struts. XML, if you want to use ognl, use $ {expression}
Syntax:
% {Name} indicates that the name attribute is obtained first from the object stack in the value stack.
% {# Name} indicates that the name attribute is obtained from the map in the value stack.
% {# User. name} indicates
Name: bbs_comment description:
Field name
Type
Empty or not
Default Value
Description
Comment_id
INT (11)
No
No.
Board_id
INT (11)
No
0
Plate ID
User_id
Varchar (20)
No
User ID
Author_name
Varchar (50)
No
Author name
Type
Varchar (50)
No
Category
Subject
Varchar (200)
No
Topic
Cont
Inconsistency between the Tongda OA web page and the updated content displayed by the genie
This problem was found in the previous section, that is, the updated information in the developed phone query, but the original information is displayed in the Wizard dialog box, in this way, the new development portal cannot be used to update information. At first, I thought it was a factory upgrade. I changed the structure of the stored table. I felt that al
There are still a lot of problems with this OA. This is a temporary modification for emergency use some time ago (no official patches have been provided yet ), this modification allows "handled/To-Do items" to retain the last query conditions and take effect after refreshing.
Modify the file: yyoa/infomgr/processinfo/toolbar. jsp
Change the content of the two TD versions starting with 659th:String _ condition _ = "";
If (session. getattribute ("_ sear
business systems, there are two types of permission management: one is the management of functional permissions, and the other is the management of resource permissions, function permissions can be reused, while resource permissions cannot.
For the characteristics of the OA system, the permissions are described as follows:
Permission
In the system, the permission passesModule+ActionThe module is a sub-module in the system, which may corres
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.