某OA系统通用SQL注入(SA权限)

2014-11-10T00:00:00
ID SSV:95401
Type seebug
Reporter Root
Modified 2014-11-10T00:00:00

Description

简要描述:

RT

详细说明:

海天OA存在一处sql注入 海天OA官网:http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了,下面就用5个案例来做安全测试! SQL注射点:

/ZhuanTi/OA_WordDocDisplay.asp?OAID=1

漏洞证明:

案例:

``` <fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/ZhuanTi/OA_WordDocDisplay.asp?OAID=1

<fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/ZhuanTi/OA_WordDocDisplay.asp?OAID=1

<fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..**/oa </mask></pre>

</fieldset>

/ZhuanTi/OA_WordDocDisplay.asp?OAID=1

<fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..**/vos </mask></pre>

</fieldset>

/ZhuanTi/OA_WordDocDisplay.asp?OAID=1

<fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/ZhuanTi/OA_WordDocDisplay.asp?OAID=1 ```

案例一:

``` <fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/ZhuanTi/OA_WordDocDisplay.asp?OAID=1

[&lt;img src="https://images.seebug.org/upload/201411/080713216636a9924dd6dd594adeb59ac0b0c76e.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201411/080713216636a9924dd6dd594adeb59ac0b0c76e.jpg)

[&lt;img src="https://images.seebug.org/upload/201411/080713292ad80f2e11904da8e50e5438e091f266.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201411/080713292ad80f2e11904da8e50e5438e091f266.jpg)

```

案例二:

``` <fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/ZhuanTi/OA_WordDocDisplay.asp?OAID=1

[&lt;img src="https://images.seebug.org/upload/201411/08071435d4b178a4365d678b23fa7cb236238c11.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201411/08071435d4b178a4365d678b23fa7cb236238c11.jpg)

```

案例三:

``` <fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/oa/ZhuanTi/OA_WordDocDisplay.asp?OAID=1

[&lt;img src="https://images.seebug.org/upload/201411/08071920d48331f27987a47410cffb154be58a27.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201411/08071920d48331f27987a47410cffb154be58a27.jpg)

```

案例四:

``` <fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/vos/ZhuanTi/OA_WordDocDisplay.asp?OAID=1

[&lt;img src="https://images.seebug.org/upload/201411/08072125c77159dd78bcd18e167479a2b42fbf61.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201411/08072125c77159dd78bcd18e167479a2b42fbf61.jpg)

```

案例五:

``` <fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/ZhuanTi/OA_WordDocDisplay.asp?OAID=1

[&lt;img src="https://images.seebug.org/upload/201411/080722584dc915d733be9e5d4cfe44ebf55989cc.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201411/080722584dc915d733be9e5d4cfe44ebf55989cc.jpg)

```