35 lines
1.5 KiB
YAML
35 lines
1.5 KiB
YAML
id: weaver-checkserver-sqli
|
|
|
|
info:
|
|
name: Ecology OA CheckServer - SQL Injection
|
|
author: SleepingBag945
|
|
severity: high
|
|
description: |
|
|
Ecology OA system improperly filters incoming data from users, resulting in a SQL injection vulnerability. Remote and unauthenticated attackers can use this vulnerability to conduct SQL injection attacks and steal sensitive database information.
|
|
reference:
|
|
- https://stack.chaitin.com/techblog/detail?id=81
|
|
- https://github.com/lal0ne/vulnerability/blob/main/%E6%B3%9B%E5%BE%AE/E-Cology/CheckServer/README.md
|
|
- https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/weaver-ecology-oa-plugin-checkserver-setting-sqli.yaml
|
|
classification:
|
|
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: weaver
|
|
product: e-cology
|
|
fofa-query: app="泛微-协同办公OA"
|
|
tags: weaver,ecology,sqli
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/mobile/plugin/CheckServer.jsp?type=mobileSetting"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "status_code == 200"
|
|
- "contains_all(header, 'application/json','ecology_')"
|
|
- "contains(body, 'error\":\"system error') && !contains(body, 'securityIntercept')"
|
|
condition: and
|
|
# digest: 490a00463044022049e2a7844594de8cfb74e4a5724a43764db613face71abe571ada613ca5f50dc02207952845137a37ebb869f0aa28b3e306866c111026a0ba59b4038aeea236f46ae:922c64590222798bb761d5b6d8e72950 |