漏洞描述
泛微e-office是泛微公司面向中小型组织推出的OA产品,简单易用高效,部署快、投资少。提供免费试用体验。login_other.php文件auth参数存在sql注入,黑客可以利用该注入点获取数据库敏感信息,由于泛微E-Office数据库用户默认为root,可以直接Getshell
泛微eoffice login_other.php 注入漏洞
PoC代码
暂无相关漏洞推荐
- 泛微 eoffice /E-mobile/App/Weixin/WeiServiceApi.php 权限绕过漏洞
- e-weaver-eoffice-webservice-upload-fileupload: E-Weaver EOffice webservice upload file upload
- POC e-office-v10-sql-inject: 泛微 eoffice v10 前台 SQL 注入
- POC eoffice-v9-mobile-upload-save-fileupload: 泛微 E-Office v9.5 mobile_upload_save 任意文件上传漏洞
- POC eoffice-v9-uploadify-fileupload: 泛微 E-Office v9.5 uploadify 任意文件上传漏洞
- POC weaver-eoffice-file-upload: Weaver E-Office v9.5 - Arbitrary File Upload
- 泛微E-Office SignatureDel.php SQL注入漏洞
- 泛微e-office SignatureDel.php sql注入漏洞
- 泛微e-office /webservice/upload.php 文件上传漏洞
- 泛微e-office sms_page.php sql注入
- 泛微e-office index.php sql注入
- 泛微 E-Office10 /eoffice10/server/ext/qysw/index.php 信息泄露漏洞
- 泛微e-office前台远程代码执行漏洞