VULHUB ™

### 简要描述： RT ### 详细说明： 注入链接： ``` /zhanshikebiao.aspx?centid= ``` 案例： ``` http://syjx.njxzc.edu.cn/zhanshikebiao.aspx?centid=799&date=2013-12-20&xyid= http://lab.njnu.edu.cn/dkysy/zhanshikebiao.aspx?centid=23&date=2013-12-13&xyid= http://coalab.njupt.edu.cn/nykzsy/zhanshikebiao.aspx?centid=702&date=2015-3-21&xyid= http://sygl.njfu.edu.cn/zhanshikebiao.aspx?centid=32&xykcid=71&skjsid=68671&labid=290&xqid=5 http://dxscx.forestpolice.net/zhanshikebiao.aspx?centid=32&date=2015-3-21&xyid= ``` ### 漏洞证明： SQL注入测试一： ``` http://syjx.njxzc.edu.cn/zhanshikebiao.aspx?centid=799&date=2013-12-20&xyid= ``` [<img src="https://images.seebug.org/upload/201505/12222150bd3fc3986c1806abddbf346b0165e2ea.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/12222150bd3fc3986c1806abddbf346b0165e2ea.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201505/12222835e93b8f8da6a0e6a4e2330021211bc99f.jpg" alt="02.jpg" width="600"...

### 简要描述： RT ### 详细说明： 注入链接： ``` /zhanshikebiao.aspx?centid= ``` 案例： ``` http://syjx.njxzc.edu.cn/zhanshikebiao.aspx?centid=799&date=2013-12-20&xyid= http://lab.njnu.edu.cn/dkysy/zhanshikebiao.aspx?centid=23&date=2013-12-13&xyid= http://coalab.njupt.edu.cn/nykzsy/zhanshikebiao.aspx?centid=702&date=2015-3-21&xyid= http://sygl.njfu.edu.cn/zhanshikebiao.aspx?centid=32&xykcid=71&skjsid=68671&labid=290&xqid=5 http://dxscx.forestpolice.net/zhanshikebiao.aspx?centid=32&date=2015-3-21&xyid= ``` ### 漏洞证明： SQL注入测试一： ``` http://syjx.njxzc.edu.cn/zhanshikebiao.aspx?centid=799&date=2013-12-20&xyid= ``` [<img src="https://images.seebug.org/upload/201505/12222150bd3fc3986c1806abddbf346b0165e2ea.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/12222150bd3fc3986c1806abddbf346b0165e2ea.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201505/12222835e93b8f8da6a0e6a4e2330021211bc99f.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/12222835e93b8f8da6a0e6a4e2330021211bc99f.jpg) ``` ``` SQL注入测试二： ``` http://lab.njnu.edu.cn/dkysy/zhanshikebiao.aspx?centid=23&date=2013-12-13&xyid= ``` [<img src="https://images.seebug.org/upload/201505/122228558e17021c67c0627d83dd82cfb690a7ba.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/122228558e17021c67c0627d83dd82cfb690a7ba.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201505/1222290596051695320fc8b24c6f59f68dc459ca.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/1222290596051695320fc8b24c6f59f68dc459ca.jpg) ``` ``` SQL注入测试二： ``` http://coalab.njupt.edu.cn/nykzsy/zhanshikebiao.aspx?centid=702&date=2015-3-21&xyid= ``` [<img src="https://images.seebug.org/upload/201505/12222923a0d3f0c695fb1a0cb12732a38c4ea3a0.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/12222923a0d3f0c695fb1a0cb12732a38c4ea3a0.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201505/122229332245c347eba20a4a6835faf5f576200b.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/122229332245c347eba20a4a6835faf5f576200b.jpg) ``` ```