Invia #180664: 泛微e-cology存在sql注入informazioni

Titolo泛微e-cology存在sql注入
Descrizione产品名称:上海泛微网络科技股份有限公司-泛微e-cology 受影响版本: 1. 部分e-cology 8且补丁版本<10.58.0 2. 部分e-cology 9且补丁版本<10.58.0 影响范围:万级 补丁链接:https://www.weaver.com.cn/cs/securityDownload.asp# 漏洞细节: 1.检查isFromOutImg变量的值是否等于字符串"1",并且fleidStr变量不为空,以及fleidStr转换为整数后的值是否小于0 2.对应代码 E:\WEAVER\ecology\classbean\weaver\filelFileDownloadForOutDoc.class 3.当 isFromOutImg=1 时,会执行sql语句 select COMEFROM from imagefile where imagefileid=rfileidl, fileid参数未过滤导致存在sql注入,攻击者可以通过构造payload,例如: 通过外联读取管理员密码 漏洞复现: 1. post 请求 http://xxx.com/weaver/weaver.file.FileDownloadForOutDoc 2. POST 请求体: fileid=1+WAITFOR+DELAY%270%3A1%3A5%27&isFromOutImg=1
Utente
 Hiroki Sawada (UID 49685)
Sottomissione11/07/2023 11:27 (3 anni fa)
Moderazione20/07/2023 09:51 (9 days later)
StatoAccettato
Voce VulDB235061 [Weaver e-cology prima 10.58.0 HTTP POST Request filelFileDownloadForOutDoc.class fileid iniezione SQL]
Punti17

Do you know our Splunk app?

Download it now for free!