漏洞描述
通天星CMSV6车载视频监控平台存在一个SQL注入漏洞。攻击者可以通过在特定的GET请求中注入恶意SQL代码,利用该漏洞对数据库执行任意SQL操作。漏洞存在于/edu_security_officer/disable;downloadLogger.action接口,攻击者可以在ids参数中注入SQL语句,导致数据库执行时间延迟,从而确认SQL注入的成功。此漏洞可能导致数据库中的敏感信息泄露、篡改或删除,严重威胁系统的安全性和数据完整性。
通天星CMSV6车载视频监控平台 disable SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- 通天星CMSV6车载定位监控平台 /edu_security_officer/disable;downloadLogger.action SQL 注入漏洞
- POC ack-cluster-auditing-disable: Cluster Auditing with Simple Log Service - Disabled
- POC ack-cluster-cloud-monitor-disable: Cloud Monitor for ACK Clusters - Disable
- POC ack-cluster-health-disable: ACK Clusters Check - Disable
- POC ack-cluster-network-policies-disable: Enforced Cluster Support for Network Policies - Disabled
- POC multi-region-logging-disabled: Global Service (Multi-Region) Logging - Disabled
- POC unattached-disk-encryption-disabled: Encryption for Unattached Disks - Disabled
- POC unattached-vminstance-encryption-disabled: Encryption for VM Instance Disks - Disabled
- POC access-logoss-disabled: Access Logging for OSS Buckets - Disabled
- POC limit-networkaccess-disabled: Limit Network Access to Selected Networks - Disabled
- POC secure-transfeross-disabled: Secure Transfer for OSS Buckets - Disabled
- POC sse-cmk-disabled: Server-Side Encryption with Customer Managed Key - Disabled
- POC sse-smk-disabled: Server-Side Encryption with Service Managed Key - Disabled