Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

ibos OA v4.5.5 SQL Injection vulnerability

Project download address:https://gitee.com/ibos/IBOS

There is a vulnerability route:file/personal/del&op=recycle

Vulnerability parameters exist:filds

1.Function point: file cabinet delete folder

WPS图片(1)

WPS图片(2)

WPS图片(3)

  1. Source code analysis

Receive the fids parameter and process the incoming fids through the fetchAllByFids() method under the model

WPS图片(4)

The SQL statement is encapsulated in the fetchAllByFids() method, and queryAll() executes the SQL statement to cause the SQL injection

WPS图片(5)

WPS图片(6)

This will call the YII framework with an error.

WPS图片(7)