admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create seaflysoft_ERP_getylist_login.do_SQL_Injection.md

Browse Source 
add  seaflysoft_ERP_getylist_login.do_SQL_Injection
This commit is contained in:
Goby 2023-05-12 18:20:18 +08:00 committed by GitHub
parent 8bca2d6c49
commit a0870fc05f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
seaflysoft_ERP_getylist_login.do_SQL_Injection.md Normal file
View File

@ -0,0 +1,12 @@
## seaflysoft ERP getylist_login.do SQL Injection
| **Vulnerability** | **seaflysoft ERP getylist_login.do SQL Injection** |
| :----: | :-----|
| **Chinese name** | 海翔云平台 getylist_login.do SQL 注入漏洞 |
| **CVSS core** | 8.0 |
| **FOFA Query** (click to view the results directly)| [body=\"checkMacWaitingSecond\"](https://en.fofa.info/result?qbase64=Ym9keT0iY2hlY2tNYWNXYWl0aW5nU2Vjb25kIg%3D%3D) |
| **Number of assets affected** | 773 |
| **Description** | seaflysoft cloud platform one-stop overall solution provider, business covers wholesale, chain, retail industry ERP solutions, wms warehousing solutions, e-commerce, field work, mobile terminal (PDA, APP, small program) solutions. There is a SQL injection vulnerability in the system getylist_login.do, through which an attacker can obtain database permissions |
| **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. |
![](https://s3.bmp.ovh/imgs/2023/05/12/416d432cd922426c.gif)