From 6ad1f2600c62bc825d5f851e7854674a94c20567 Mon Sep 17 00:00:00 2001 From: Goby <50955360+gobysec@users.noreply.github.com> Date: Fri, 12 May 2023 18:17:45 +0800 Subject: [PATCH] Create SQL_injection_exists_on_Lotus_ERP_DictionaryEdit.aspx_pag.md add SQL_injection_exists_on_Lotus_ERP_DictionaryEdit.aspx_pag --- ...on_exists_on_Lotus_ERP_DictionaryEdit.aspx_pag.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 SQL_injection_exists_on_Lotus_ERP_DictionaryEdit.aspx_pag.md diff --git a/SQL_injection_exists_on_Lotus_ERP_DictionaryEdit.aspx_pag.md b/SQL_injection_exists_on_Lotus_ERP_DictionaryEdit.aspx_pag.md new file mode 100644 index 0000000..e79deec --- /dev/null +++ b/SQL_injection_exists_on_Lotus_ERP_DictionaryEdit.aspx_pag.md @@ -0,0 +1,12 @@ +## SQL injection exists on Lotus ERP DictionaryEdit.aspx pag + +| **Vulnerability** | **SQL injection exists on Lotus ERP DictionaryEdit.aspx pag** | +| :----: | :-----| +| **Chinese name** | 商混ERP系统 DictionaryEdit.aspx 页面存在SQL注入 | +| **CVSS core** | 8.5 | +| **FOFA Query** (click to view the results directly)| [title="商混ERP系统"](https://en.fofa.info/result?qbase64=dGl0bGU9IuWVhua3t0VSUOezu%2Be7nyI%3D) | +| **Number of assets affected** | 616 | +| **Description** | Hangzhou Lotus Software Co., Ltd. developed the commercial ERP system. This system mainly deals with the management of the mixing station of the construction company or various projects, including the sales module, production management module, laboratory module, personnel management, etc. The company's commercial concrete ERP system/Sys/DictionaryEdit dict at aspx_ SQL error injection vulnerability exists in the key parameter, which allows attackers to obtain database permissions. | +| **Impact** | In addition to taking advantage of SQL injection vulnerabilities to obtain information in the database (for example, administrator background password, site user personal information), attackers can even write Trojan horses to the server under high permissions to further obtain server system permissions. | + +![](https://s3.bmp.ovh/imgs/2023/05/12/7fe36b3b6ee2d967.gif)