某教学教育系统存在注入漏洞

2015-04-09T00:00:00
ID SSV:95610
Type seebug
Reporter Root
Modified 2015-04-09T00:00:00

Description

简要描述:

RT

详细说明:

SQL注入文件:

/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx

SQL注入案例:

http://218.78.241.80/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a http://jmzx.xmedu.cn:9999/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a http://www.gxbyzx.cn:88/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a http://oa.w12z.com/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a http://www.xwgjzx.com:8888/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a

漏洞证明:

SQL注入测试一:

http://218.78.241.80/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a <img src="https://images.seebug.org/upload/201504/07225103e95e8349be4e7712db117d3291d43316.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);"> ```

当前用户和数据库

[&lt;img src="https://images.seebug.org/upload/201504/072258469a4da5446503445d452f87a5564cf69d.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201504/072258469a4da5446503445d452f87a5564cf69d.jpg)

当前用户和数据库

[&lt;img src="https://images.seebug.org/upload/201504/07230243ac05c63906feec30ddc1f5021c15b4dc.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201504/07230243ac05c63906feec30ddc1f5021c15b4dc.jpg)

```

SQL注入测试二:

http://jmzx.xmedu.cn:9999/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a

SQL注入测试三:

http://www.gxbyzx.cn:88/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a <img src="https://images.seebug.org/upload/201504/0723025454f23ce213f5a22d7519bfaf23b62463.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);"> ```

当前用户和数据库

[&lt;img src="https://images.seebug.org/upload/201504/072303086a8a3c348cc3211a19fabc94dad7b2e6.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201504/072303086a8a3c348cc3211a19fabc94dad7b2e6.jpg)

```