A teaching system of the present injection vulnerability

2015-04-14T00:00:00
ID SSV:95607
Type seebug
Reporter Root
Modified 2015-04-14T00:00:00

Description

Brief description:

RT

Detailed description:

SQL injection file:

/anmai/SF_Manage/lookbookpreeshow. aspx

Case:

http://218.78.241.80/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://jmzx.xmedu.cn:9999/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://www.gxbyzx.cn:88/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://oa.w12z.com/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://www.xwgjzx.com:8888/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1

Vulnerability to prove:

SQL injection test:

http://218.78.241.80/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 01.jpg ``

The current user and database

[<img src="https://images.seebug.org/upload/201504/09170953680ee020be0596bed2c9e43d75125cd3.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/09170953680ee020be0596bed2c9e43d75125cd3.jpg)

``

SQL injection test II:

http://jmzx.xmedu.cn:9999/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 03.jpg ``

The current user and database

[<img src="https://images.seebug.org/upload/201504/09171021d5ab6e5d1cdc66fe7f95f7b13eb70963.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/09171021d5ab6e5d1cdc66fe7f95f7b13eb70963.jpg)

``

SQL injection test three:

http://www.gxbyzx.cn:88/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 05.jpg ``

The current user and database

[<img src="https://images.seebug.org/upload/201504/09171048d95382be2ecbea2584fe088d5ab71f3a.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/09171048d95382be2ecbea2584fe088d5ab71f3a.jpg)

``