VULHUB ™

### 简要描述： RT ### 详细说明： SQL注入文件： ``` /anmai/SF_Manage/lookbookpreeshow.aspx ``` 案例： ``` http://218.78.241.80/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://jmzx.xmedu.cn:9999/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://www.gxbyzx.cn:88/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://oa.w12z.com/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://www.xwgjzx.com:8888/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 ``` ### 漏洞证明： SQL注入测试一： ``` http://218.78.241.80/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 ``` [<img src="https://images.seebug.org/upload/201504/0917092943ce9aaed6afba8059a720f49c1f93b7.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0917092943ce9aaed6afba8059a720f49c1f93b7.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201504/09170953680ee020be0596bed2c9e43d75125cd3.jpg" alt="02.jpg" width="600"...

### 简要描述： RT ### 详细说明： SQL注入文件： ``` /anmai/SF_Manage/lookbookpreeshow.aspx ``` 案例： ``` http://218.78.241.80/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://jmzx.xmedu.cn:9999/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://www.gxbyzx.cn:88/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://oa.w12z.com/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://www.xwgjzx.com:8888/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 ``` ### 漏洞证明： SQL注入测试一： ``` http://218.78.241.80/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 ``` [<img src="https://images.seebug.org/upload/201504/0917092943ce9aaed6afba8059a720f49c1f93b7.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0917092943ce9aaed6afba8059a720f49c1f93b7.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201504/09170953680ee020be0596bed2c9e43d75125cd3.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/09170953680ee020be0596bed2c9e43d75125cd3.jpg) ``` ``` SQL注入测试二： ``` http://jmzx.xmedu.cn:9999/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 ``` [<img src="https://images.seebug.org/upload/201504/0917100146b0675e6a834dc1c8892e749c090a6e.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0917100146b0675e6a834dc1c8892e749c090a6e.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201504/09171021d5ab6e5d1cdc66fe7f95f7b13eb70963.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/09171021d5ab6e5d1cdc66fe7f95f7b13eb70963.jpg) ``` ``` SQL注入测试三： ``` http://www.gxbyzx.cn:88/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 ``` [<img src="https://images.seebug.org/upload/201504/09171034e13a17fea33e9d6722f8c18cc1d68eac.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/09171034e13a17fea33e9d6722f8c18cc1d68eac.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201504/09171048d95382be2ecbea2584fe088d5ab71f3a.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/09171048d95382be2ecbea2584fe088d5ab71f3a.jpg) ``` ```