Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
poc:
Host: api.boot.jeecg.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: application/json, text/plain, */* Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X-Sign: 7AE7A7990565A3187D8CE30725C82718 X-Timestamp: 20211229152402 X-Access-Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDA3NjI2NTMsInVzZXJuYW1lIjoiamVlY2cifQ.SX0HjEOmrGFDZt-oNUUOlTNYn9ftCOmhQIOgED9HZRM Tenant-Id: 2 Origin: http://boot.jeecg.com Referer: http://boot.jeecg.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Te: trailers Connection: close
The text was updated successfully, but these errors were encountered:
jl
Sorry, something went wrong.
已经处理,感谢
No branches or pull requests
version: <=3.0
precondition: After logged in the website,click 流程管理 proxy burp,the parameter "column" can be made SQL injection.
Screenshot & code :
poc:
The text was updated successfully, but these errors were encountered: