某OA系统SQL注射漏洞（SA权限）

简要描述： RT 详细说明： 海天OA存在一处sql注入 海天OA官网：http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了，下面就用5个案例来做安全测试！ SQL注入点： /ZhuanTi/OAZTDocDisplayNewWindow.asp?OAID= 漏洞证明： 案例： mask 区域 1.http://.. /ZhuanTi/OAZTDocDisplayNewWindow.asp?OAID=1 mask 区域 1.http://.. /ZhuanTi/OAZTDocDisplayNewWindow.asp?OAID=1 mask ...

Founder of the Desai paper authorization submission system vulnerabilities-vulnerability warning-the black bar safety net

Founder of the Desai paper authorization submission system Its description: http://baike.baidu.com/view/785813.htm That is a forum upload system. Many universities are using this system. In the following we will use the system vulnerabilities to invade Peking University. This exploits the basic...