VULHUB ™

### 简要描述： RT ### 详细说明： 海天OA存在一处sql注入 海天OA官网：http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了，下面就用5个案例来做安全测试！ SQL注入点： ``` /include/user/treedata.asp?bumenid=70 ``` ### 漏洞证明： 案例 ``` http://180.166.7.94/include/user/treedata.asp?bumenid=70 http://oa.tjfsu.edu.cn/include/user/treedata.asp?bumenid=70 http://www.fzsyxx.com/oa/include/user/treedata.asp?bumenid=70 http://www.shhjwl.com/vos/include/user/treedata.asp?bumenid=70 http://www.cnshuiyu.com/include/user/treedata.asp?bumenid=70 http://vos.tjufe.edu.cn/include/user/treedata.asp?bumenid=70 ``` 案例1 ``` http://180.166.7.94/include/user/treedata.asp?bumenid=70 ``` [<img src="https://images.seebug.org/upload/201411/0116344721ae18c8c19c64fbe8d4005c0d45e920.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/0116344721ae18c8c19c64fbe8d4005c0d45e920.jpg) ``` ``` [<img src="https://images.seebug.org/upload/201411/011634588311007bd6e10aab98865c4346b6dc6d.jpg" alt="02.jpg" width="600"...

### 简要描述： RT ### 详细说明： 海天OA存在一处sql注入 海天OA官网：http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了，下面就用5个案例来做安全测试！ SQL注入点： ``` /include/user/treedata.asp?bumenid=70 ``` ### 漏洞证明： 案例 ``` http://180.166.7.94/include/user/treedata.asp?bumenid=70 http://oa.tjfsu.edu.cn/include/user/treedata.asp?bumenid=70 http://www.fzsyxx.com/oa/include/user/treedata.asp?bumenid=70 http://www.shhjwl.com/vos/include/user/treedata.asp?bumenid=70 http://www.cnshuiyu.com/include/user/treedata.asp?bumenid=70 http://vos.tjufe.edu.cn/include/user/treedata.asp?bumenid=70 ``` 案例1 ``` http://180.166.7.94/include/user/treedata.asp?bumenid=70 ``` [<img src="https://images.seebug.org/upload/201411/0116344721ae18c8c19c64fbe8d4005c0d45e920.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/0116344721ae18c8c19c64fbe8d4005c0d45e920.jpg) ``` ``` [<img src="https://images.seebug.org/upload/201411/011634588311007bd6e10aab98865c4346b6dc6d.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/011634588311007bd6e10aab98865c4346b6dc6d.jpg) ``` ``` 案例2 ``` http://oa.tjfsu.edu.cn/include/user/treedata.asp?bumenid=70 ``` [<img src="https://images.seebug.org/upload/201411/011635207a4d6176e917ff1e031381cd9a5904ad.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/011635207a4d6176e917ff1e031381cd9a5904ad.jpg) ``` ``` 案例3 ``` http://www.fzsyxx.com/oa/include/user/treedata.asp?bumenid=70 ``` [<img src="https://images.seebug.org/upload/201411/011635399cdfadec58edecb6d8961408a77c24a9.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/011635399cdfadec58edecb6d8961408a77c24a9.jpg) ``` ``` 案例4 ``` http://www.shhjwl.com/vos/include/user/treedata.asp?bumenid=70 ``` [<img src="https://images.seebug.org/upload/201411/01163558924eeebaec3950f717a61fe7b6778461.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/01163558924eeebaec3950f717a61fe7b6778461.jpg) ``` ``` 案例5 ``` http://www.cnshuiyu.com/include/user/treedata.asp?bumenid=70 ``` [<img src="https://images.seebug.org/upload/201411/011636196bb0b3199bf89a2e209e74b505db11d5.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/011636196bb0b3199bf89a2e209e74b505db11d5.jpg) ``` ``` 案例6 ``` http://vos.tjufe.edu.cn/include/user/treedata.asp?bumenid=70 ``` [<img src="https://images.seebug.org/upload/201411/01163659254db31ad764ed26aa599e33c53f1b04.jpg" alt="07.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/01163659254db31ad764ed26aa599e33c53f1b04.jpg) ``` ```