SQL injection exists in ibos Office OA v4.5.5
official website:http://www.ibos.com.cn/
version:v4.5.5
Function point: Integrated office = "Recruitment management =" Contact record = "Export
POC
Route: r=recruit/contact/export&contactids=x
The injection parameter contactids exists
Successfully burst the database name by reporting an error injection
Find the actionExport() method, which accepts only one parameter, contactids, and then fetchAll() under model to execute the SQL statement.
Fetchall() is still some data processing operation.
