某通用型大学生管理系统SQL注入

2015-05-13T00:00:00
ID SSV:95790
Type seebug
Reporter Root
Modified 2015-05-13T00:00:00

Description

简要描述:

RT

详细说明:

注入链接:

/zhanshikebiao.aspx?centid=

案例:

http://syjx.njxzc.edu.cn/zhanshikebiao.aspx?centid=799&date=2013-12-20&xyid= http://lab.njnu.edu.cn/dkysy/zhanshikebiao.aspx?centid=23&date=2013-12-13&xyid= http://coalab.njupt.edu.cn/nykzsy/zhanshikebiao.aspx?centid=702&date=2015-3-21&xyid= http://sygl.njfu.edu.cn/zhanshikebiao.aspx?centid=32&xykcid=71&skjsid=68671&labid=290&xqid=5 http://dxscx.forestpolice.net/zhanshikebiao.aspx?centid=32&date=2015-3-21&xyid=

漏洞证明:

SQL注入测试一:

http://syjx.njxzc.edu.cn/zhanshikebiao.aspx?centid=799&date=2013-12-20&xyid= <img src="https://images.seebug.org/upload/201505/12222150bd3fc3986c1806abddbf346b0165e2ea.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);"> ```

当前用户和数据库

[&lt;img src="https://images.seebug.org/upload/201505/12222835e93b8f8da6a0e6a4e2330021211bc99f.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201505/12222835e93b8f8da6a0e6a4e2330021211bc99f.jpg)

```

SQL注入测试二:

http://lab.njnu.edu.cn/dkysy/zhanshikebiao.aspx?centid=23&date=2013-12-13&xyid= <img src="https://images.seebug.org/upload/201505/122228558e17021c67c0627d83dd82cfb690a7ba.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);"> ```

当前用户和数据库

[&lt;img src="https://images.seebug.org/upload/201505/1222290596051695320fc8b24c6f59f68dc459ca.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201505/1222290596051695320fc8b24c6f59f68dc459ca.jpg)

```

SQL注入测试二:

http://coalab.njupt.edu.cn/nykzsy/zhanshikebiao.aspx?centid=702&date=2015-3-21&xyid= <img src="https://images.seebug.org/upload/201505/12222923a0d3f0c695fb1a0cb12732a38c4ea3a0.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);"> ```

当前用户和数据库

[&lt;img src="https://images.seebug.org/upload/201505/122229332245c347eba20a4a6835faf5f576200b.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201505/122229332245c347eba20a4a6835faf5f576200b.jpg)

```