漏洞描述
全程云oa办公系统/OA/PM/svc.asmx页面参数过滤不当,导致存在sql注入漏洞,可利用该漏洞获取数据库中的敏感信息。
全程云oa办公系统svc.asmx SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- POC gcloud-func-inactive-svc-acc: Inactive Service Accounts in Google Cloud Functions
- POC gcp-func-default-svc-acc: Google Cloud Functions Using Default Service Account
- POC k8s-svc-acct-issuer-set: Checks if service-account-issuer is correctly configured
- POC k8s-svc-acct-key: Ensure service-account-key-file set
- POC k8s-svc-acct-lookup-set: Ensure service-account-lookup set
- POC jindie-yunxingkong-dynamicformservice-rce: 金蝶云星空DynamicFormService.CloseForm.common.kdsvc远程代码执行漏洞
- POC kingdee-erp-rce: Kingdee OA Yunxingkong kdsvc - Remote Code Execution
- 金蝶云星空 /Kingdee.BOS.ServiceFacade.ServicesStub.InOutDataService.GetImportOutData.common.kdsvc 命令执行漏洞
- 金蝶云星空 BusinessDataService.BatchLoad.common.kdsvc 远程代码执行漏洞
- POC 金蝶云星空 /Kingdee.BOS.ServiceFacade.ServicesStub.AppDesigner.AppDesignerService.RecordCurDevCodeInfo.common.kdsvc 命令执行漏洞
- 金蝶云星空 /kingdee.BOS.ServiceFacade.ServicesStub.BusinessData.BusinessDataService.BatchLoad.common.kdsvc 代码执行漏洞
- 金蝶云星空 /Kingdee.BOS.ServiceFacade.ServicesStub.ServiceGateway.GetServiceUri.common.kdsvc 代码执行漏洞
- 金蝶云星空 /Kingdee.BOS.ServiceFacade.ServicesStub.User.UserService.SaveUserPassport.common.kdsvc 代码执行漏洞