Invia #181667: ibos oa system v4.5.5 sql injectioninformazioni

Titoloibos oa system v4.5.5 sql injection
DescrizioneSQL injection vulnerability exists in ibos oa v4.5.5 official website:http://www.ibos.com.cn/ version:4.5.5 In the ibos oa v4.5.5 website deployment, at the function point ==> "Integrated office" = "Recruitment management" = "Status" = "Interview" . There is an sql injection point in the parameter passed by post, and the root user can be obtained. Using burpsuite to capture the packet, it returned a json format of information, and found a sql error return. Save the POST package and use sqlmap for sql injection and finnally get a root user.
Fonte⚠️ https://github.com/Wkingxc/CVE/blob/master/ibos_OA.md
Utente
 wkingxc (UID 50531)
Sottomissione12/07/2023 16:54 (3 anni fa)
Moderazione21/07/2023 22:23 (9 days later)
StatoAccettato
Voce VulDB235147 [IBOS OA 4.5.5 Interview edit&op=status resumeid iniezione SQL]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Do you know our Splunk app?

Download it now for free!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>