Invia #516025: Beijing Jinher Network Co., Ltd Jinher OA v1.0 SQL Injectioninformazioni

TitoloBeijing Jinher Network Co., Ltd Jinher OA v1.0 SQL Injection
DescrizioneIncentivePlanFulfillAppprove.aspx In addition to exploiting the SQL injection vulnerability to obtain information in the database (such as the administrator's background password and the site's user personal information), attackers can even write Trojans to the server in the case of high privilege to further obtain server system permissions. poc: GET /C6/JHSoft.Web.IncentivePlan/IncentivePlanFulfillAppprove.aspx/?httpOID=1;WAITFOR+DELAY'0:0:4'-- HTTP/1.1 Host:
Fonte⚠️ https://flowus.cn/share/75512a54-e78f-4bfb-80e7-236521b43a02?code=HC3R4E
Utente
 afish (UID 82290)
Sottomissione07/03/2025 07:14 (1 Anno fa)
Moderazione21/03/2025 07:29 (14 days later)
StatoAccettato
Voce VulDB300567 [Jinher OA C6 1.0 IncentivePlanFulfillAppprove.aspx httpOID iniezione SQL]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Might our Artificial Intelligence support you?

Check our Alexa App!