# 金和OA C6 管理员默认口令

## 漏洞描述

金和OA C6 存在管理员默认账户口令 admin/000000 ，攻击者将以管理员身份登陆后台

## 漏洞影响

> [!NOTE]
>
> 金和OA

## FOFA

> [!NOTE]
>
> app="Jinher-OA"

## 漏洞复现

账号密码 admin/000000

![](http://wikioss.peiqi.tech/vuln/jh-1.png?x-oss-process=image/auto-orient,1/quality,q_90/watermark,image_c2h1aXlpbi9zdWkucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTQvYnJpZ2h0LC0zOS9jb250cmFzdCwtNjQ,g_se,t_17,x_1,y_10)

登录后台

![](http://wikioss.peiqi.tech/vuln/jh-2.png?x-oss-process=image/auto-orient,1/quality,q_90/watermark,image_c2h1aXlpbi9zdWkucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTQvYnJpZ2h0LC0zOS9jb250cmFzdCwtNjQ,g_se,t_17,x_1,y_10)

## Goby & POC

> [!NOTE]
>
> 已上传 https://github.com/PeiQi0/PeiQi-WIKI-POC Goby & POC 目录中
>
> JingHe_OA_C6_Default_password

![](http://wikioss.peiqi.tech/vuln/jh-3.png?x-oss-process=image/auto-orient,1/quality,q_90/watermark,image_c2h1aXlpbi9zdWkucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTQvYnJpZ2h0LC0zOS9jb250cmFzdCwtNjQ,g_se,t_17,x_1,y_10)