VULHUB ™

### 简要描述： RT ### 详细说明： 海天OA存在一处sql注入 海天OA官网：http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了，下面就用5个案例来做安全测试！ SQL注入点： ``` Include/ChaXunDetail.asp?FID=1 ``` ### 漏洞证明： 案例1： ``` 1.http://www.cnshuiyu.com/Include/ChaXunDetail.asp?FID=1 ``` [<img src="https://images.seebug.org/upload/201409/21173817db4be58a550978f86364e38a657d7afd.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21173817db4be58a550978f86364e38a657d7afd.jpg) ``` ``` 案例2： ``` 2.http://www.fzsyxx.com/oa/Include/ChaXunDetail.asp?FID=1 ``` [<img src="https://images.seebug.org/upload/201409/211738531f60226870a1c33ddabdd366b2ba0001.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/211738531f60226870a1c33ddabdd366b2ba0001.jpg) ``` ``` 案例3 ``` 3.http://121.30.226.44/Include/ChaXunDetail.asp?FID=1 ``` [<img src="https://images.seebug.org/upload/201409/21174031f732f42685712768e2084208fa3501cb.jpg" alt="03.jpg"...

### 简要描述： RT ### 详细说明： 海天OA存在一处sql注入 海天OA官网：http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了，下面就用5个案例来做安全测试！ SQL注入点： ``` Include/ChaXunDetail.asp?FID=1 ``` ### 漏洞证明： 案例1： ``` 1.http://www.cnshuiyu.com/Include/ChaXunDetail.asp?FID=1 ``` [<img src="https://images.seebug.org/upload/201409/21173817db4be58a550978f86364e38a657d7afd.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21173817db4be58a550978f86364e38a657d7afd.jpg) ``` ``` 案例2： ``` 2.http://www.fzsyxx.com/oa/Include/ChaXunDetail.asp?FID=1 ``` [<img src="https://images.seebug.org/upload/201409/211738531f60226870a1c33ddabdd366b2ba0001.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/211738531f60226870a1c33ddabdd366b2ba0001.jpg) ``` ``` 案例3 ``` 3.http://121.30.226.44/Include/ChaXunDetail.asp?FID=1 ``` [<img src="https://images.seebug.org/upload/201409/21174031f732f42685712768e2084208fa3501cb.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21174031f732f42685712768e2084208fa3501cb.jpg) ``` ``` 案例4 ``` 4.http://180.166.7.94/Include/ChaXunDetail.asp?FID=1 ``` [<img src="https://images.seebug.org/upload/201409/211740550eed83a12722bc5be9bc2ba2ff68cf46.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/211740550eed83a12722bc5be9bc2ba2ff68cf46.jpg) ``` ``` 案例5 ``` 5.http://www.shhjwl.com/vos/Include/ChaXunDetail.asp?FID=1 ``` [<img src="https://images.seebug.org/upload/201409/2117412392acef194edd57e717fb8af29d9b1217.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2117412392acef194edd57e717fb8af29d9b1217.jpg) ``` ```