Yonyou TurboCRM is a customer relationship management system.
Yonyou TurboCRM has SQL injection vulnerabilities. Attackers can use the vulnerabilities to obtain sensitive database information.
Visit http://yuor-target/login/changepswd.php and click OK
Capture the packet and enter the SQL statement WAITFOR DELAY '0:0:16' in the orgcode parameter--
There is a delay and an error is reported:
Yonyou TurboCRM is a customer relationship management system.

Yonyou TurboCRM has SQL injection vulnerabilities. Attackers can use the vulnerabilities to obtain sensitive database information.
Visit http://yuor-target/login/changepswd.php and click OK
Capture the packet and enter the SQL statement WAITFOR DELAY '0:0:16' in the orgcode parameter--

There is a delay and an error is reported:
Use SQLmap to scan for injection points

reference:
https://www.cnvd.org.cn/flaw/show/CNVD-2020-21956
The text was updated successfully, but these errors were encountered: