某OA系统存在SQL注入(sa权限)

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: RT ### 详细说明: 前人也有提交过,我就拿几个案例来测试 海天OA官网:http://www.haitiansoft.com:8080/ 注入点: ``` /Documents/OA_DocDisplay_NewWindow.asp?OAID= ``` ### 漏洞证明: 案例: ``` http://180.166.7.94/Documents/OA_DocDisplay_NewWindow.asp?OAID=1 http://124.65.69.14/Documents/OA_DocDisplay_NewWindow.asp?OAID=1 http://vos.tjufe.edu.cn/Documents/OA_DocDisplay_NewWindow.asp?OAID=1 http://oa.ccib.com.cn/Documents/OA_DocDisplay_NewWindow.asp?OAID=1 http://www.cnshuiyu.com/Documents/OA_DocDisplay_NewWindow.asp?OAID=1 http://116.228.82.237/Documents/OA_DocDisplay_NewWindow.asp?OAID=1 ``` 案例一: ``` http://180.166.7.94/Documents/OA_DocDisplay_NewWindow.asp?OAID=1 ``` [<img src="https://images.seebug.org/upload/201411/09175506dfb0e85fe83498053c2cfbc7d41dbe0c.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/09175506dfb0e85fe83498053c2cfbc7d41dbe0c.jpg) ``` ``` 案例二: ``` http://124.65.69.14/Documents/OA_DocDisplay_NewWindow.asp?OAID=1 ``` [<img...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息