某非书资料管理系统通用型SQL注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: ### 详细说明: Manufacturers: ``` http://www.metadata.com.cn/ 杭州麦达电子有限公司 ``` SQL Injection: ``` /poweb/Ip.do?method=addIp&schoolid=*** 其中schoolid存在注入 ``` Case: ``` http://59.74.114.252:84/poweb/Ip.do?method=addIp&schoolid=301041 http://219.222.177.236:8080/poweb/Ip.do?method=addIp&schoolid=281041 http://222.29.253.58:8080/poweb/Ip.do?method=addIp&schoolid=011002 http://202.206.242.26:88/poweb/Ip.do?method=addIp&schoolid=171024 http://211.67.126.11:8088/poweb/Ip.do?method=addIp&schoolid=051042 ``` ### 漏洞证明: ``` 1、 ``` [<img src="https://images.seebug.org/upload/201504/11151643e1b98982fda48c0cbc6ffab354f7b27f.png" alt="01.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/11151643e1b98982fda48c0cbc6ffab354f7b27f.png) ``` ``` [<img src="https://images.seebug.org/upload/201504/11151650fa9d25173d2a7d4cf11bb001de6da770.png" alt="02.png" width="600"...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息