用友致远A6协同办公系统存在一处DBA权限SQL注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: RT ### 详细说明: 漏洞位于:/yyoa/checkWaitdo.jsp文件中 ``` <% uName = request.getParameter("userID");//接收参数 // System.out.println(uName); if (uName != "null") { Connection con = ConnectionPoolBean.getConnection(); //System.out.println("手动检查的结果中有问题的记录:"); boolean l = false; try { uID = XiaoxsDbHelper.getInt(con, "select id from person where truename like '%" + uName + "%'");//sql语句直接拼接,无任何处理 uName = XiaoxsDbHelper.getString(con, "select truename from person where id=" + uID+" and isaway=0 and delflag=0 "); allrun=XiaoxsDbHelper.getInt(con,"select allrun from waitdoctrl where perid="+uID); for (int i = 1; i < 11; i++) { if (i == 1){ mtypeName = "协同"; runName="docrun"; } else if (i == 2){ mtypeName = "收文"; runName="govrec"; } else if (i == 3){ mtypeName = "发文"; runName="govsend"; } else if (i == 4){ mtypeName = "事件"; runName="rout"; } else if (i == 5){ mtypeName = "会议"; runName="meet"; } else if (i == 6){ mtypeName = "待发送"; runName="exsend"; } else if (i == 7){ mtypeName = "待签收";...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息