### 简要描述: ### 详细说明: 某学位论文提交系统通用SQL注入。 案例: http://**.**.**.**:8001/paper/submit1.jsp **.**.**.**:8001/paper/submit1.jsp http://**.**.**.**:8080/paper/submit1.jsp **.**.**.**:8001/paper/submit1.jsp http://**.**.**.**:8001/paper/submit1.jsp ### 漏洞证明: 注入证明:(POST) 例:http://**.**.**.**:8001/paper/submit1.jsp [<img src="https://images.seebug.org/upload/201507/121358094df1297a1470c39b2791f2500621ba5d.png" alt="QQ图片20150712135239.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/121358094df1297a1470c39b2791f2500621ba5d.png) 单引号输出报错 [<img src="https://images.seebug.org/upload/201507/121358446a4f06f5af21c0093acb8b6b6cb1358b.png" alt="QQ图片20150712135327.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/121358446a4f06f5af21c0093acb8b6b6cb1358b.png) ``` POST数据 POST /papercon HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap,...
### 简要描述: ### 详细说明: 某学位论文提交系统通用SQL注入。 案例: http://**.**.**.**:8001/paper/submit1.jsp **.**.**.**:8001/paper/submit1.jsp http://**.**.**.**:8080/paper/submit1.jsp **.**.**.**:8001/paper/submit1.jsp http://**.**.**.**:8001/paper/submit1.jsp ### 漏洞证明: 注入证明:(POST) 例:http://**.**.**.**:8001/paper/submit1.jsp [<img src="https://images.seebug.org/upload/201507/121358094df1297a1470c39b2791f2500621ba5d.png" alt="QQ图片20150712135239.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/121358094df1297a1470c39b2791f2500621ba5d.png) 单引号输出报错 [<img src="https://images.seebug.org/upload/201507/121358446a4f06f5af21c0093acb8b6b6cb1358b.png" alt="QQ图片20150712135327.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/121358446a4f06f5af21c0093acb8b6b6cb1358b.png) ``` POST数据 POST /papercon HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */* Referer: http://**.**.**.**:8001/paper/submit1.jsp Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded DontTrackMeHere: gzip, deflate Host: **.**.**.**:8001 Content-Length: 762 Proxy-Connection: Keep-Alive Pragma: no-cache Cookie: JSESSIONID=8E9AC98447079C6DFA33746E7D2BEE6F action=submit1&title=1&username=1&code=1&email=11@**.**.**.**&password=1&p_password=1&subject=%B9%DC%C0%ED%D1%A7&snumber=12°ree=2&department=10046&r_title=%B1%EA%CC%E2%B2%BB%C4%DC%CE%AA%BF%D5%A3%A1&r_email=email%B2%BB%C4%DC%CE%AA%BF%D5%A3%A1&e_email=email%B8%F1%CA%BD%B4%ED%CE%F3%A3%A1&r_username=%D0%D5%C3%FB%B2%BB%C4%DC%CE%AA%BF%D5%A3%A1&C_username=%C8%A5%B5%F4%D0%D5%C3%FB%D6%D0%BF%D5%B8%F1%A3%A1&r_password=%C3%DC%C2%EB%B2%BB%C4%DC%CE%AA%BF%D5%A3%A1&r_code=%D1%A7%BA%C5%B2%BB%C4%DC%CE%AA%BF%D5%A3%A1&l_code=%D1%A7%BA%C5%CE%BB%CA%FD%B2%BB%D5%FD%C8%B7%A3%AC%C7%EB%CA%E4%C8%EB10%CE%BB%A3%A1&r_degree=%D1%A7%CE%BB%B2%BB%C4%DC%CE%AA%BF%D5%A3%A1&r_subject=%D1%A7%BF%C6%B2%BB%C4%DC%CE%AA%BF%D5%A3%A1&r_department=%C5%E0%D1%F8%B5%A5%CE%BB%B2%BB%C4%DC%CE%AA%BF%D5%A3%A1 ``` SQLMAP注入: [<img src="https://images.seebug.org/upload/201507/121359531161d3da2dd3551d36522f77ccccd70d.png" alt="04112024500f7626115437bb1bc30f2b6a6feafc.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/121359531161d3da2dd3551d36522f77ccccd70d.png) [<img src="https://images.seebug.org/upload/201507/1214000146f9b938ca39e93b2cf4c623bd267b81.jpg" alt="0411203275cc85b4dadd89236ee20885ebf95ad3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/1214000146f9b938ca39e93b2cf4c623bd267b81.jpg)
