某数字资源平台系统mssql注入

2015-03-23T00:00:00
ID SSV:95495
Type seebug
Reporter Root
Modified 2015-03-23T00:00:00

Description

简要描述:

mssql注入

详细说明:

厂商:

http://gw.apabi.com/ 北京方正阿帕比技术有限公司

SQL注入点:

/tree/deeptree.asp?DocGroupID=2&hide=1&CategoryTypeID=1 其中DocGroupI存在注入

报错:

Microsoft OLE DB Provider for SQL Server 错误 '80040e14' ' where a.CategoryID <>') or a.CategoryTypeID in (select CategoryTypeID from DocGroup where DocGroupID=2' 附近有语法错误。 D:\PROGRAM FILES\FOUNDER\DLIBRARY\ROOT\TREE\..\..\include\Config.inc.asp,行 284

互联网自动采集案例5枚:

http://sxebooks.com/tree/deeptree.asp?DocGroupID=2&hide=1&CategoryTypeID=1 http://reserve.calis.edu.cn/dlib/tree/deeptree.asp?DocGroupID=2&hide=1&CategoryTypeID=1 http://61.167.120.67:8083/DLib/tree/deeptree.asp?DocGroupID=2&hide=1&CategoryTypeID=1 http://59.60.28.71/DLib/tree/deeptree.asp?DocGroupID=2&hide=1&CategoryTypeID=1 http://ebook.nwu.edu.cn/tree/deeptree.asp?DocGroupID=2&hide=1&CategoryTypeID=1

漏洞证明:

我就随意测试2个例子了: 1、

<img src="https://images.seebug.org/upload/201503/21002704e0f2f1669aef0891a22752ab5a5baa57.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/210027122f712e76d5d2faf6685863b2ed92c300.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/210027191cf916994b6acaa9bcab4456368764ba.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">

2、

<img src="https://images.seebug.org/upload/201503/21003056b6e068098bc7a5a0663e5bab86483dfe.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/2100310418d1d9a06747cdc2e85ad821af5179e3.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">