漏洞描述
通达OA(Office Anywhere网络智能办公系统)是由北京通达信科科技有限公司自主研发的协同办公自动化软件,是与中国企业管理实践相结合形成的综合管理办公平台。通达OA /get_columns.php 接口存在SQL注入。攻击者可以利用 SQL 注入漏洞获取数据库中的信息,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。
通达OA /get_columns.php SQL 注入漏洞
PoC代码
暂无相关漏洞推荐
- POC tongda-action-uploadfile: Tongda OA v2017 action_upload - Arbitrary File Upload
- POC tongda-api-file-upload: Tongda OA v11.8 api.ali.php - Arbitrary File Upload
- POC tongda-auth-bypass: Tongda OA 11.7 - Authentication Bypass
- POC tongda-contact-list-exposure: Tongda OA v2014 Get Contactlistt - Sensitive Information Disclosure
- POC tongda-getdata-rce: Tongda OA v11.9 getadata - Remote Code Execution
- POC tongda-getway-rfi: Tongda OA v11.8 getway.php - Remote File Inclution
- POC tongda-insert-sqli: Tongda OA v11.6 Insert Parameter - SQL Injection
- POC tongda-login-code-authbypass: Tongda OA v11.8 logincheck_code.php - Authentication Bypass
- POC tongda-meeting-unauth: Tongda OA Meeting - Unauthorized Access
- POC tongda-report-func-sqli: Tongda OA v11.6 report_bi.func.php - SQL injection
- POC tongda-video-file-read: Tongda OA V2017 Video File - Arbitrary File Read
- POC tongdaoa-auth-bypass: Tongda OA - Authentication Bypass
- 通达OA /mysql/index.php 未授权访问漏洞