第一个 Parameter Command Injection 。 测试请求直接往我参数里塞命令 { "currenPage": " ping+-c+1+ping.311_e885d7f4-ad03-4cef-8287- d62b4c076fee.securityip.appsechcl.com", "pageSize": 10, "issueState": 1 }
当然我也检测拦截了,currenPage 是 int 类型,它传 string
{ "code": 4002, "message": " 参数格式不正确或缺少参数", "result": [ { "field": "$.currenPage", "message": "The JSON value could not be converted to System.Int32. Path: $.currenPage | LineNumber: 0 | BytePositionInLine: 96." } ] }
可客户不这么想,人家只知道软件扫出高危,硬要你修复。
还有一种 shell 命令注入
{ "flowState": " 0$(../../../../../../../../../../../../bin/sleep 11)", "title": "", "schoolName": "", "currenPage": 1, "pageSize": 10 }
这真的能执行吗?(请原谅,小弟真不熟练 Makedown,这点内容用上得写个一小时)
1
Select Language