漏洞描述
万户OA存在SQL注入漏洞。该漏洞出现在 /defaultroot/platform/report/graphreport/graph_include.jsp 路径中,攻击者可以通过在注入恶意SQL代码来操纵数据库。在成功利用此漏洞后,攻击者不仅可以读取、修改或删除数据库中的敏感数据,还可能进一步获取数据库服务器的系统权限,执行系统命令,从而对整个系统造成更广泛的破坏和控制。
万户OA graph_include.jsp SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- 万户 ezOFFICE /defaultroot/platform/report/graphreport/graph_include.jsp SQL 注入漏洞
- POC wanhu-oa-rhinoscript-engineservice-rce: 万户OA-RhinoScriptEngineService命令执行
- POC wanhu-download-ftp-file-read: Wanhu OA download_ftp.jsp - Arbitrary File Read
- POC wanhu-download-old-file-read: Wanhu OA download_old.jsp - Arbitrary File Read
- POC wanhu-oa-fileupload-controller: Wanhu OA Fileupload Controller - Arbitrary File Upload
- POC wanhu-teleconferenceservice-xxe: Wanhu OA TeleConferenceService Interface - XML External Entity Injection
- POC wanhuoa-downloadservlet-lfi: Wanhu OA DownloadServlet - Remote File Disclosure
- POC wanhuoa-officeserverservlet-file-upload: Wanhu OA OfficeServerServlet - Arbitrary File Upload
- POC wanhuoa-smartupload-file-upload: Wanhu OA smartUpload.jsp - Arbitrary File Upload
- 万户OA /defaultroot/public/iWebOfficeSign/Dossier_DocumentEdit SQL 注入漏洞
- 万户OA TeleConferenceService XXE漏洞
- 万户OA TeleConferenceService XXE漏洞
- 万户 EZOFFICE系统 graph_include.jsp 未授权 SQL注入漏洞