DingTalk RCE Vulnerability

DingTalk RCE Vulnerability

Affected version

Version: 6.3.5

https://dtapp-pub.dingtalk.com/dingtalk-desktop/win_installer/Release/DingTalk_v6.3.5.11308701.exe

trigger method

dingtalk://dingtalkclient/page/link?url=127.0.0.1/test.html&pc_slide=true

Successfully reproduced

POC

Reference https://github.com/crazy0x70/dingtalk-RCE

Repair method

Upgrade to the latest version 6.3.25