E-Manage MySchool SQL injection vulnerability-vulnerability warning-the black bar safety net

2011-05-28T00:00:00
ID MYHACK58:62201130631
Type myhack58
Reporter 佚名
Modified 2011-05-28T00:00:00

Description

Vulnerability description:

E-Manage MySchool SQL injection vulnerability

E-Manage MySchool is a Web-based school website content management system. It is a comprehensive user-oriented system that provides a variety of functions, students, parents, teachers and school management. It presents a between all parties well organized and effective collaboration tools. E-Manage MySchool 7.02 due to design flaws, leading tosql injectionvulnerabilities.

E-Manage MySchool SQL injection vulnerability

Vulnerability type:

E-Manage MySchool SQL injection vulnerability

sql injection, sql blind injection, script injection, the injection vulnerability

E-Manage MySchool SQL injection vulnerability

Vulnerability test:

E-Manage MySchool SQL injection vulnerability

http://myhack58.com/index.php?do=show_details&ID=[sql]

E-Manage MySchool SQL injection vulnerability

http://myhack58.com/index.php?do=show_details&ID=2 9'

E-Manage MySchool SQL injection vulnerability

http://myhack58.com/show_page.php?Page_ID=[sql]

E-Manage MySchool SQL injection vulnerability

http://myhack58.com/show_page.php?Page_ID=&table=users'

E-Manage MySchool SQL injection vulnerability

Background:

E-Manage MySchool SQL injection vulnerability

http://myhack58.com/login.php

E-Manage MySchool SQL injection vulnerability