weaverOA_sql_RCE

泛微OA某版本的SQL代码执行漏洞

2022.04.20

经过测试，该漏洞属于泛微OA msssql远程代码执行漏洞。测试如图：

POC: PS:url结尾不能有[/],例如：http://127.0.0.1:8080，不能为http://127.0.0.1:8080/

Url ending cannot have [/], for example, http://127.0.0.1:8080, not for http://127.0.0.1:8080/

pocsuite -r weaverOA_sql_injection_POC_EXP.py -u url --verify

EXP:pocsuite -r weaverOA_sql_injection_POC_EXP.py -u url --attack --command "[command]"

PS:url结尾不能有[/],例如：http://127.0.0.1:8080，不能为http://127.0.0.1:8080/

Url ending cannot have [/], for example, http://127.0.0.1:8080, not for http://127.0.0.1:8080/

免责声明

此工具仅用于学习、研究和自查。不应将其用于非法目的。使用本工具产生的一切风险与我无关！

Disclaimer

This tool is for study, research, and self-examination only. It should not be used for illegal purposes. All risks arising from the use of this tool have nothing to do with me!

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
README.md		README.md
weaverOA_sql_injection_POC_EXP.py		weaverOA_sql_injection_POC_EXP.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

weaverOA_sql_RCE

泛微OA某版本的SQL代码执行漏洞

2022.04.20

免责声明

此工具仅用于学习、研究和自查。不应将其用于非法目的。使用本工具产生的一切风险与我无关！

Disclaimer

This tool is for study, research, and self-examination only. It should not be used for illegal purposes. All risks arising from the use of this tool have nothing to do with me!

About

Releases

Packages

Languages

Wrin9/weaverOA_sql_RCE

Folders and files

Latest commit

History

Repository files navigation

weaverOA_sql_RCE

泛微OA某版本的SQL代码执行漏洞

2022.04.20

免责声明

此工具仅用于学习、研究和自查。不应将其用于非法目的。使用本工具产生的一切风险与我无关！

Disclaimer

This tool is for study, research, and self-examination only. It should not be used for illegal purposes. All risks arising from the use of this tool have nothing to do with me!

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages