一卡通信息管理系统 SQL注入漏洞

From PwnWiki
Revision as of 09:57, 5 July 2021 by Pwnwiki (talk | contribs) (Created page with "该漏洞已通过验证")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎中文(中国大陆)‎ • ‎中文(繁體)‎
Check.png 该漏洞已通过验证

本页面的EXP/POC/Payload经测试可用,漏洞已经成功复现。

漏洞信息

此系統存在默認弱口令,以及前台sql注入。

FOFA

"Content/images/login/logo.png" && "/Content/js/core/knockout-2.2.1.js"

弱口令

super

1234

SQL注入

用戶名處存在SQL注入漏洞,使用BurpSuite插件利用(在用戶名處加入*)。

https://github.com/c0ny1/sqlmap4burp-plus-plus/


參考

https://mp.weixin.qq.com/s/zxxOWSYgzY-z8GbBxEP_TQ

Retrieved from "https://pwnwiki.com/index.php?title=一卡通信息管理系統_SQL注入漏洞/zh-cn&oldid=6285"