### 简要描述:
越权删除别人通知、公共等的回复
### 详细说明:
测试版本:通达OA 2013增强版 (125MB)
下载地址:http://www.tongda2000.com/download/2013adv.php
更新于 2013-12-26 13:30
在新闻、公告、通知等回复处,可越权删除别人的回复,只需要别人回复内容的id即可,没有权限限制
[<img src="https://images.seebug.org/upload/201401/141050303ee20dab9096372fa73558550484a231.png" alt="1.PNG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141050303ee20dab9096372fa73558550484a231.png)
[<img src="https://images.seebug.org/upload/201401/14105048fb05be26bb76dcd5a0dead66b89dd0c7.png" alt="2.PNG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/14105048fb05be26bb76dcd5a0dead66b89dd0c7.png)
[<img src="https://images.seebug.org/upload/201401/14105101a3c1441b762dd72373dc4783c01446a9.png" alt="3.PNG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/14105101a3c1441b762dd72373dc4783c01446a9.png)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201401/141050303ee20dab9096372fa73558550484a231.png" alt="1.PNG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141050303ee20dab9096372fa73558550484a231.png)
[<img src="https://images.seebug.org/upload/201401/14105048fb05be26bb76dcd5a0dead66b89dd0c7.png" alt="2.PNG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/14105048fb05be26bb76dcd5a0dead66b89dd0c7.png)
[<img src="https://images.seebug.org/upload/201401/14105101a3c1441b762dd72373dc4783c01446a9.png" alt="3.PNG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/14105101a3c1441b762dd72373dc4783c01446a9.png)
京公网安备 11010502034610号
暂无评论