阿帕比数字资源平台系统mssql注入

2015-03-23T00:00:00
ID SSV:95494
Type seebug
Reporter Root
Modified 2015-03-23T00:00:00

Description

简要描述:

一处mssql的注入

详细说明:

厂商:

http://gw.apabi.com/ 北京方正阿帕比技术有限公司

用户量比较多:

<img src="https://images.seebug.org/upload/201503/210053566744932b6475dd4b80dea8db61062062.jpg" alt="0.jpg" width="600" onerror="javascript:errimg(this);">

SQL注入点:

/AddMyFavourite.asp?lang=gb&DocID= 其中DocID存在sql注入

互联网自动采集案例5枚:

http://ebook.nwu.edu.cn/AddMyFavourite.asp?lang=gb&DocID=1 http://dlib.gsjtxy.edu.cn/dlib/AddMyFavourite.asp?lang=gb&DocID=1 http://book.sdjnlib.net:81/AddMyFavourite.asp?lang=gb&DocID=1 http://apabi.hfslib.com/AddMyFavourite.asp?lang=gb&DocID=1 http://211.81.174.133:81/dlib/AddMyFavourite.asp?lang=gb&DocID=1

漏洞证明:

为节省时间,我就测试两个案例了: 1、

<img src="https://images.seebug.org/upload/201503/2100474046529940ff9697860c66d06a30506523.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/21004812f99516c167eee45d723213f7d8ca05b5.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/210048400f1979e53b68cd7d41d9f53e67a68d52.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">

2、

<img src="https://images.seebug.org/upload/201503/210052290ae6a9f90d9d59a9cca85494a6055175.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/2100523772631560f8ee0d0285dacc2d98268a7f.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">