qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Weaver-e-cology-OA-getdata....

71 lines
3.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Weaver e-cology OA getdata.jsp sqli",
"Description": "<p>Fenwei ecology collaborative business office system has SQL injection vulnerabilities, which may cause data leakage and even server intrusion.</p>",
"Product": "Weaver-OA",
"Homepage": "https://www.weaver.com.cn/",
"DisclosureDate": "2020-06-21",
"Author": "1291904552@qq.com",
"FofaQuery": "app=\"Weaver-OA\"||app=\"泛微-协同办公OA\"",
"GobyQuery": "app=\"Weaver-OA\"||app=\"泛微-协同办公OA\"",
"Level": "2",
"Impact": "<p>Fenwei ecology collaborative business office system has SQL injection vulnerabilities, which may cause data leakage and even server intrusion.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.weaver.com.cn\">https://www.weaver.com.cn</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "泛微 ecology 协同商务办公系统 SQL 注入",
"VulType": [
"SQL注入"
],
"Description": "<p>泛微ecology协同商务办公系统存在SQL注入漏洞可能造成数据泄漏甚至服务器被入侵。</p>",
"Impact": "<p>泛微ecology协同商务办公系统存在SQL注入漏洞攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在数据库权限足够的情况下可以向服务器中写入一句话木马,从而获取 webshell 或进一步获取服务器系统权限。</p>",
"Product": "泛微-协同商务系统",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://www.weaver.com.cn\">https://www.weaver.com.cn</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Weaver e-cology OA getdata.jsp sqli",
"VulType": [
"sqli"
],
"Description": "<p>Fenwei ecology collaborative business office system has SQL injection vulnerabilities, which may cause data leakage and even server intrusion.</p>",
"Impact": "<p>Fenwei ecology collaborative business office system has SQL injection vulnerabilities, which may cause data leakage and even server intrusion.</p>",
"Product": "Weaver-OA",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.weaver.com.cn\">https://www.weaver.com.cn</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://fofa.so"
],
"HasExp": true,
"ExpParams": [
{
"name": "sqlQuery",
"type": "input",
"value": "select password as id from HrmResourceManager"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"sqli"
],
"VulType": [
"sqli"
],
"CVEIDs": [
""
],
"CVSSScore": "0.0",
"AttackSurfaces": {
"Application": ["Weaver-OA"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
""
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink