VULHUB ™

### 简要描述： RT ### 详细说明： SQL注入文件： ``` /anmai/Edis/home_school/restoredelete.aspx ``` 案例： ``` http://jmzx.xmedu.cn:9999/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 http://www.gxbyzx.cn:88/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 http://szxx.pudong-edu.sh.cn/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 http://218.78.241.80/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 http://www.xwgjzx.com:8888/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1s ``` ### 漏洞证明： SQL注入测试一： ``` http://jmzx.xmedu.cn:9999/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 ``` [<img src="https://images.seebug.org/upload/201503/2322325757010257601047ae68ae4d3fe66a1c67.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2322325757010257601047ae68ae4d3fe66a1c67.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201503/23223307922f15b99fcee29a845a1ae461a7454c.jpg"...

### 简要描述： RT ### 详细说明： SQL注入文件： ``` /anmai/Edis/home_school/restoredelete.aspx ``` 案例： ``` http://jmzx.xmedu.cn:9999/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 http://www.gxbyzx.cn:88/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 http://szxx.pudong-edu.sh.cn/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 http://218.78.241.80/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 http://www.xwgjzx.com:8888/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1s ``` ### 漏洞证明： SQL注入测试一： ``` http://jmzx.xmedu.cn:9999/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 ``` [<img src="https://images.seebug.org/upload/201503/2322325757010257601047ae68ae4d3fe66a1c67.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2322325757010257601047ae68ae4d3fe66a1c67.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201503/23223307922f15b99fcee29a845a1ae461a7454c.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/23223307922f15b99fcee29a845a1ae461a7454c.jpg) ``` ``` SQL注入测试二： ``` http://www.gxbyzx.cn:88/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 ``` [<img src="https://images.seebug.org/upload/201503/2322332466e94bb7ad4b1182edd33fd2bd12d1ed.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2322332466e94bb7ad4b1182edd33fd2bd12d1ed.jpg) ``` 当前数据库和用户 ``` [<img src="https://images.seebug.org/upload/201503/2322333969a52249fffa26b7a8edf481b3290a60.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2322333969a52249fffa26b7a8edf481b3290a60.jpg) ``` ``` SQL注入测试三： ``` http://szxx.pudong-edu.sh.cn/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 ``` [<img src="https://images.seebug.org/upload/201503/23223402bbb13738eb9e38c57a05b5f57267115d.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/23223402bbb13738eb9e38c57a05b5f57267115d.jpg) ``` 当前用户和数据库 ``` [<img src="https://images.seebug.org/upload/201503/232234130e4a377877a34ad711da83337665d2f2.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/232234130e4a377877a34ad711da83337665d2f2.jpg) ``` ```