125 matches found
SQL Injection Vulnerability in the getInfo Interface Function of Jiusi OA System
Ninth OA system is the OA system to install, implement, learn, operate and maintain. A SQL injection vulnerability exists in the Ninth OA System. The lack of filtering of the 'getInfo' parameter allows an attacker to exploit the vulnerability to obtain sensitive information about the database...
XXE Vulnerability in Ninth OA System
Ninth OA system is the OA system to install, implement, learn, operate and maintain. Ninth OA system DocumentBuilder db = ex.newDocumentBuilder; Document doc = db.parserequest.getInputStream; XXE vulnerability exists. An attacker can read arbitrary files on the server and obtain sensitive...
Ruvar OA system WorkPlanAttachDownLoad. aspx parameters sys_file_storage_id SQL injection vulnerability
No description provided by source...
Limits of the OA system /inc/finger/use_finger.php file USER_ID parameter SQL injection vulnerability
No description provided by source...
Ruvar OA system pm_gatt_inc. aspx SQL injection vulnerability
No description provided by source...
JINGLUN OA system /Systems/code/Code_edit. aspx file ChannelId parameter SQL injection vulnerability
No description provided by source...
JINGLUN OA system /Systems/user_priv/manage. aspx file id parameter SQL injection vulnerability
No description provided by source...
Dimensions OA system notes.php parameter nid SQL injection vulnerability
No description provided by source...
Mastery OA system /general/document/index. php/recv/register/turn parameter rid of the SQL injection vulnerability
http://xxx/general/document/index.php/recv/register/turn post:SERVER=&rid=expselectfromselect concat0x7e7e7e,@@version,0x7e7e7e from user limit 0,1x...
泛微 eweaver OA系统 filebrowser.jsp 参数dir 目录遍历
No description provided by source...
kingdee 金蝶OA系统/oa/admin/application/file_download.jsp 参数filePath 任意文件下载漏洞
No description provided by source...
金蝶kingdee OA办公系统 /kingdee/disk/add_folder.jsp 等2处 SQL盲注漏洞
No description provided by source...
通达OA系统 logincheck.php SQL注入
No description provided by source...
SQL Injection Vulnerability in Zhixiang OA Office System/mainpage/msg.aspx?user=parameters
Zhixiang OA office system is an enterprise office system. A SQL injection vulnerability exists in the OpenWindows/OpenleibiezlMc.aspx?id= parameter of the Zhixiang OA Office System, which can be exploited by an attacker to obtain sensitive information from the database...
SQL Injection Vulnerability in OAID Parameter of Haitian OA System/Documents/OA_WordDocDisplay.asp Page
Haitian OA network office system is suitable for enterprises and institutions of the general-purpose network office software, the system adopts the leading B / S browser / server mode of operation, so that the network office is not subject to geographical restrictions. A SQL injection vulnerabili...
53kf多站点配置不当导致整站可下载
简要描述: 详细说明: http://oa1.53kf.com/.svn/entries http://test2.53kf.com/.svn/entries http://test4.53kf.com/.svn/entries SVN泄露可导致整站下载 其中一个是OA系统 其他两个看源码疑似管理系统 漏洞证明: http://oa1.53kf.com/.svn/entries http://test2.53kf.com/.svn/entries http://test4.53kf.com/.svn/entries SVN泄露可导致整站下载 其中一个是OA系统 其他两个看源码疑似管理系统...
某OA系统高危漏洞无需登陆Getshell
简要描述: 危害比较大把 详细说明: 我这个说的是前台无需登录的,前人好像说要注入后登录其实构造表单就可以了 海天OA官网:http://www.haitiansoft.com:8080/ 存在一处不需要登录就可以getshell的高危漏洞! Upload bug: None...
某OA办公系统储存型XSS#2
简要描述: 某OA办公系统储存型XSSdemo演示 详细说明: 漏洞证明: 官方站:http://www.oa8000.com/online.htm 官方演示站:http://demo.oa8000.com/OAapp/WebObjects/OAapp.woa 普通用户登录,工作中心--任务管理--新建任务 在任务标题处写入XSS代码/" 查看我们发布的信息,直接查看任务即可,不用查看具体信息。...
New Oriental OA system patches timely thinkphp vulnerability to execute arbitrary system commands(getshell)-vulnerability warning-the black bar safety net
Brief description: New Oriental OA system patch is not timely, the thinkphp vulnerability to execute arbitrary system commandsgetshell Detailed description: ! https://. xdf. cn/mapp/index. php/module/action/param1/$%7B@printvardumpDAdmin-%3Eselect%7D The results are as follows: --------- array1 0...
某OA系统SQL注射漏洞(SA权限)
简要描述: RT 详细说明: 海天OA存在一处sql注入 海天OA官网:http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了,下面就用5个案例来做安全测试! SQL注入点: /ZhuanTi/OALoadlink.asp?OAID= 漏洞证明: 案例: http://180.166.7.94/ZhuanTi/OALoadlink.asp?OAID=1 http://oa.tjfsu.edu.cn/ZhuanTi/OALoadlink.asp?OAID=1...