VULHUB ™

### 简要描述： RT ### 详细说明： SQL注入文件： ``` /anmai/teacher/zonghe/singleSearch.aspx ``` 案例： ``` http://218.78.241.80/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://jmzx.xmedu.cn:9999/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://www.gxbyzx.cn:88/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://oa.w12z.com/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://www.xwgjzx.com:8888/anmai/teacher/zonghe/singleSearch.aspx?action1=1 ``` ### 漏洞证明： SQL注入测试一： ``` http://218.78.241.80/anmai/teacher/zonghe/singleSearch.aspx?action1=1 ``` [<img src="https://images.seebug.org/upload/201504/101929597f5984e567bacb31d25d105cee4a3854.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/101929597f5984e567bacb31d25d105cee4a3854.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201504/10193010ec03b932ba9ce8c037af7a8901f376de.jpg" alt="02.jpg" width="600"...

### 简要描述： RT ### 详细说明： SQL注入文件： ``` /anmai/teacher/zonghe/singleSearch.aspx ``` 案例： ``` http://218.78.241.80/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://jmzx.xmedu.cn:9999/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://www.gxbyzx.cn:88/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://oa.w12z.com/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://www.xwgjzx.com:8888/anmai/teacher/zonghe/singleSearch.aspx?action1=1 ``` ### 漏洞证明： SQL注入测试一： ``` http://218.78.241.80/anmai/teacher/zonghe/singleSearch.aspx?action1=1 ``` [<img src="https://images.seebug.org/upload/201504/101929597f5984e567bacb31d25d105cee4a3854.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/101929597f5984e567bacb31d25d105cee4a3854.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201504/10193010ec03b932ba9ce8c037af7a8901f376de.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/10193010ec03b932ba9ce8c037af7a8901f376de.jpg) ``` ``` SQL注入测试二： ``` http://jmzx.xmedu.cn:9999/anmai/teacher/zonghe/singleSearch.aspx?action1=1 ``` [<img src="https://images.seebug.org/upload/201504/101930307e3ec2291739287d4fd54343d4153afc.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/101930307e3ec2291739287d4fd54343d4153afc.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201504/101930418024c4717a8bfb60824db03257b6c477.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/101930418024c4717a8bfb60824db03257b6c477.jpg) ``` ``` SQL注入测试三： ``` http://www.gxbyzx.cn:88/anmai/teacher/zonghe/singleSearch.aspx?action1=1 ``` [<img src="https://images.seebug.org/upload/201504/101931028d92f6ef8d655070009dfcbbe490e418.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/101931028d92f6ef8d655070009dfcbbe490e418.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201504/10193112b7d1e92fffce220f9474442cb2cc22b9.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/10193112b7d1e92fffce220f9474442cb2cc22b9.jpg) ``` ```