VULHUB ™

### 简要描述： RT ### 详细说明： 海天OA存在一处sql注入 海天OA官网：http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了，下面就用6个案例来做安全测试！ SQL注入点： ``` /Documents/FolderInfor.asp?OAID=1 ``` 注意是注入参数是OAID不是POAID ### 漏洞证明： 案例一： ``` http://180.166.7.94/Documents/FolderInfor.asp?OAID=1 ``` [<img src="https://images.seebug.org/upload/201409/27202917cff73f7015d6207bebee824dd9b55966.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/27202917cff73f7015d6207bebee824dd9b55966.jpg) ``` ``` [<img src="https://images.seebug.org/upload/201409/272023245e2e7fcf6be2353d7a0efe094035a752.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/272023245e2e7fcf6be2353d7a0efe094035a752.jpg) ``` ``` 案例二： ``` http://oa.tjfsu.edu.cn/Documents/FolderInfor.asp?OAID=1 ``` [<img src="https://images.seebug.org/upload/201409/27202422ef7b1417615555074c4ea3e4b5ff3382.jpg" alt="03.jpg" width="600"...

### 简要描述： RT ### 详细说明： 海天OA存在一处sql注入 海天OA官网：http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了，下面就用6个案例来做安全测试！ SQL注入点： ``` /Documents/FolderInfor.asp?OAID=1 ``` 注意是注入参数是OAID不是POAID ### 漏洞证明： 案例一： ``` http://180.166.7.94/Documents/FolderInfor.asp?OAID=1 ``` [<img src="https://images.seebug.org/upload/201409/27202917cff73f7015d6207bebee824dd9b55966.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/27202917cff73f7015d6207bebee824dd9b55966.jpg) ``` ``` [<img src="https://images.seebug.org/upload/201409/272023245e2e7fcf6be2353d7a0efe094035a752.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/272023245e2e7fcf6be2353d7a0efe094035a752.jpg) ``` ``` 案例二： ``` http://oa.tjfsu.edu.cn/Documents/FolderInfor.asp?OAID=1 ``` [<img src="https://images.seebug.org/upload/201409/27202422ef7b1417615555074c4ea3e4b5ff3382.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/27202422ef7b1417615555074c4ea3e4b5ff3382.jpg) ``` ``` 案例三： ``` http://www.fzsyxx.com/oa/Documents/FolderInfor.asp?OAID=1 ``` [<img src="https://images.seebug.org/upload/201409/2720245927df9acf04ba7dd0b218a15353d28385.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2720245927df9acf04ba7dd0b218a15353d28385.jpg) ``` ``` 案例四： ``` http://vos.tjufe.edu.cn/Documents/FolderInfor.asp?OAID=1 ``` [<img src="https://images.seebug.org/upload/201409/2720262979f78f0a591a32456b9ea979e0b07005.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2720262979f78f0a591a32456b9ea979e0b07005.jpg) ``` ``` 案例五： ``` http://www.shhjwl.com/vos/Documents/FolderInfor.asp?OAID=1 ``` [<img src="https://images.seebug.org/upload/201409/27202655ff4a016af17a955a62769a40b1e013e4.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/27202655ff4a016af17a955a62769a40b1e013e4.jpg) ``` ``` 案例六： ``` http://www.cnshuiyu.com/Documents/FolderInfor.asp?OAID=11 ``` [<img src="https://images.seebug.org/upload/201409/2720271555666e87eae4320e434d65229fe04c1d.jpg" alt="07.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2720271555666e87eae4320e434d65229fe04c1d.jpg) ``` ```