漏洞描述
IPTV是一套优秀开源的系统程序,适配协议全面支持http https rtsp rtmp m3u8 flv mp4 msc p2p p3p p4p p5pp6p p7p p8p p9p tvbus vjms等等几乎所有格式,该系统vpn.php文件存在SQL注入。注入格式/vpn.php?id=322030and sleep(3)--+,需要先遍历出id数,可配合sleep()进行爆破。
IPTV-管理系统-vpn.php id参数SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- 锐捷vpn /cgi-bin/main.cgi 未授权访问漏洞
- tamronos-iptv-rce: Tamronos iptv rce
- sangfor-vpn-supersession-rce: Sangfor VPN SuperSession TO RCE
- ainopol IPTV 网关 /network/net/login.php 文件 host 参数 命令执行漏洞
- POC vpn-tunnel-down: AWS VPN Tunnel Down
- POC openvpn-monitor-disclosure: OpenVPN Monitor Disclosure
- POC array-vpn-addfolder-fileread: ArrayVPN 任意文件读取漏洞
- POC gcloud-org-vpn-peer-ips: VPN Peer IP Addresses Not Restricted
- POC milesight-vpn-serverjs-fileread: Milesight VPN server.js 任意文件读取漏洞
- POC sangfor-sslvpn-rce: Sangfor SSLVPN RCE
- POC secvpn-admin-commonuser-sqli: 中远麒麟堡垒机 SQL 注入
- POC sonicwall-ssl-vpn-rce: SonicWall SSL-VPN 远程命令执行漏洞
- POC sslvpn-client-rce: SSL VPN Client RCE