Skip to content
Nuclei Templates

Ecology OA CheckServer - SQL Injection

ID: weaver-checkserver-sqli

Severity: high

Author: SleepingBag945

Tags: weaver,ecology,sqli

Description

Section titled “Description”

Ecology OA system improperly filters incoming data from users, resulting in a SQL injection vulnerability. Remote and unauthenticated attackers can use this vulnerability to conduct SQL injection attacks and steal sensitive database information.

YAML Source

Section titled “YAML Source”
id: weaver-checkserver-sqli


info:
  name: Ecology OA CheckServer - SQL Injection
  author: SleepingBag945
  severity: high
  description: |
    Ecology OA system improperly filters incoming data from users, resulting in a SQL injection vulnerability. Remote and unauthenticated attackers can use this vulnerability to conduct SQL injection attacks and steal sensitive database information.
  reference:
    - https://stack.chaitin.com/techblog/detail?id=81
    - https://github.com/lal0ne/vulnerability/blob/main/%E6%B3%9B%E5%BE%AE/E-Cology/CheckServer/README.md
    - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/weaver-ecology-oa-plugin-checkserver-setting-sqli.yaml
  classification:
    cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: weaver
    product: e-cology
    fofa-query: app="泛微-协同办公OA"
  tags: weaver,ecology,sqli


http:
  - method: GET
    path:
      - "{{BaseURL}}/mobile/plugin/CheckServer.jsp?type=mobileSetting"


    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains_all(header, 'application/json','ecology_')"
          - contains(body, 'error\":\"system error') && !contains(body, 'securityIntercept')
        condition: and
# digest: 490a00463044022046565b0258df9fb1647c09806b12841af09c13e181a7170234ee81688fa7da0a02200581bc5bc3f14328d2b5e9f8f6aedfddbee2bc2d4e5c97d3dc437e7a62c1c695:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/vulnerabilities/weaver/weaver-checkserver-sqli.yaml"

View on Github