金和OA --北京金和网络股份有限公司
GoogleDork: "inurl:JHSoft.web.login" | 金和软件 @2015 Jinher Software | inurl:sub/viewDetail.jsp?newsid=
BingDork: JHSoft.Web.login | PassWordSlide.aspx
百度:inurl:Jhsoft.Web.login
数据库:sqlserver
版本:
C6V3 数据库密码:sha1加密 | 登录地址: /PassWordSlide.aspx
低版本登录地址:/PassWordNew.aspx | PassWord.aspx
登录地址:/c6/JHSoft.MobileApp/Login/login.html
历史漏洞
CNNVD-201908-2377 SQLI(未公开)
T00ls-2017-00050 存储型XSS跨站脚漏洞 (未公开)
WooYun-2016-188283 SQLI
wooyun-2015-0114059 SQLI -- /goa/Jhsoft.Web.login/NewView.aspx?ID=1018
wooyun-2015-0132554 SQLI(基于时间) -- /UploadImageDownLoadIn.aspx?FileID=1
wooyun-2015-0124505 SQLI
/c6/Jhsoft.Web.login/NewView.aspx?ID=1104
/c6/Jhsoft.Web.login/NewCList.aspx?ID=29
/c6/Jhsoft.Web.login/NewCView.aspx?ID=1002
wooyun-2015-095445 SQLI
/C6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=123456
wooyun-2015-0125788 SQLI //重复
wooyun-2015-0118987 SQLI
/c6/JHSoft.WCF/POSTServiceForAndroid.svc/LoginNew
wooyun-2015-0127135 SQLI
/c6/Jhsoft.Web.login/NewList.aspx?ID=1
wooyun-2015-0134240 SQLI
登录处修改POST参数
wooyun-2015-0141624 SQLI
/c6v32/Jhsoft.Web.login/PassWordSlide.aspx
wooyun-2014-062569 SQLI
/C6/JHSoft.Web.Login/GetPassWord.aspx?flag=getEmail&UserName=test
wooyun-2014-084078 SQLI
/C6/Jhsoft.Web.login/AjaxForLogin.aspx //https://wooyun.laolisafe.com/bug_detail.php?wybug_id=wooyun-2014-084022
/C6/JHSoft.Web.Message/ToolBar/SearchList.aspx
wooyun-2014-061825 通用数据库账号:sqlserver数据库账号为jh***e,密码为jh***e
wooyun-2014-080514 Struts2漏洞
/jc6/platform/sys/login!intro.action