CVE-2020-8656 PoC — EyesOfNetwork SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-8656.yaml

Associated Vulnerability

Title:EyesOfNetwork SQL注入漏洞 (CVE-2020-8656)
Description:EyesOfNetwork（EON）是一套开源的、免费的IT监控解决方案。该方案提供业务流程配置工具、在活动队列中发生事件时生成弹出窗口等功能。 EyesOfNetwork 5.3版本（API 2.4.2版本）中存在SQL注入漏洞。攻击者可利用该漏洞执行多种操作，例如：绕过身份验证。

Description

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.

File Snapshot


 id: CVE-2020-8656

info:
  name: EyesOfNetwork - Hardcoded API Key & SQL Injection
  author: ritikch

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!