Discoverer:hh
Product official website:https://www.zentao.net/
The zentao Enterprise Edition has expanded horizontally based on the project management process on the basis of the open source version, adding functions such as operation and maintenance management, feedback management, and OA office management to meet the online collaboration needs of more roles, forming a closed-loop management system. The Enterprise Edition is more adaptable to the personalized needs of enterprises, adding functions such as custom workflows, custom large screens, custom pivot tables, custom charts, and AI prompt designers, providing more comprehensive support for enterprise project management. In terms of service, the Enterprise Edition can provide one-on-one customer successful services such as user training, technical support, and review guidance to ensure the implementation of the system.
Zentao <=4.1.3 has a URL redirect vulnerability, which prevents the system from functioning properly
Background→integration→ ZDOO→ interface address function in zentao
Fill in http://127.0.0.1/sys/sso-check.html,Click to save
After refreshing, it will be found that the system automatically redirects to the 127.0.0.1 website, and whether you re-enter the login page or other pages, it will instantly redirect to 127.0.0.1, causing the Zentao function to be completely unusable. The screenshot of the jump is as follows:
Background→integration→ ZDOO→ interface address function in zentao
Fill in http://127.0.0.1/sys/sso-check.html,Click to save