某学科竞赛系统存在SQL注入漏洞

2014-11-13T00:00:00
ID SSV:95796
Type seebug
Reporter Root
Modified 2014-11-13T00:00:00

Description

简要描述:

RT

详细说明:

南京先极科技有限公司的学科竞赛系统存在SQL注入漏洞 前人也有提交这个公司的,我就写5个案例 注入连接:MoreNews.aspx?NewsType=DongTai 案例:

``` <fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/xkjs/MoreNews.aspx?NewsType=TongZhi

<fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/js/MoreNews.aspx?NewsType=TongZhi

<fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/xkjs/MoreNews.aspx?NewsType=TongZhi

<fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/xkjs/MoreNews.aspx?NewsType=WenJian

<fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/jingsai/MoreNews.aspx?NewsType=DongTai ```

漏洞证明:

案例一:

``` <fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/xkjs/MoreNews.aspx?NewsType=TongZhi

[&lt;img src="https://images.seebug.org/upload/201411/11161904cb820c69489643b2790bd39126e4db89.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201411/11161904cb820c69489643b2790bd39126e4db89.jpg)

[&lt;img src="https://images.seebug.org/upload/201411/11161919f8b10c58fbc8cb8a714a4ba084364858.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201411/11161919f8b10c58fbc8cb8a714a4ba084364858.jpg)

```

案例二:

``` <fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/js/MoreNews.aspx?NewsType=TongZhi

[&lt;img src="https://images.seebug.org/upload/201411/111619469e949bb531c6114519d973e733ea92cc.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201411/111619469e949bb531c6114519d973e733ea92cc.jpg)

```

案例三:

``` <fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/xkjs/MoreNews.aspx?NewsType=TongZhi

[&lt;img src="https://images.seebug.org/upload/201411/11162007415a78c8eeee3b4c169fc4b6222e18ce.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201411/11162007415a78c8eeee3b4c169fc4b6222e18ce.jpg)

```

案例四:

``` <fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/xkjs/MoreNews.aspx?NewsType=WenJian

[&lt;img src="https://images.seebug.org/upload/201411/11162026a75f792836b4fda9915765fdf6763b84.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201411/11162026a75f792836b4fda9915765fdf6763b84.jpg)

```

案例五:

``` <fieldset class="fieldset fieldset-mask">

<legend>mask 区域</legend>

<pre><mask>1.http://..** </mask></pre>

</fieldset>

/jingsai/MoreNews.aspx?NewsType=DongTai

[&lt;img src="https://images.seebug.org/upload/201411/111621010967ff4223998fe38a500129b02849b4.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);"&gt;](https://images.seebug.org/upload/201411/111621010967ff4223998fe38a500129b02849b4.jpg)

```

虽然数据库名不同,但是都是一样的