VULHUB ™

### 简要描述： RT ### 详细说明： 海天OA存在一处sql注入 海天OA官网：http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了，下面就用5个案例来做安全测试！ SQL注入点： ``` Documents/FolderInfor.asp?POAID=1 ``` ### 漏洞证明： ``` 1.http://180.***.**.94/Documents/FolderInfor.asp?POAID=1 ``` [<img src="https://images.seebug.org/upload/201409/21155521016f96da5daffd6bd1b013c61428ddfc.png" alt="01.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21155521016f96da5daffd6bd1b013c61428ddfc.png) ``` ``` ``` 2.http://oa.t***u.edu.cn/Documents/FolderInfor.asp?POAID=1 ``` [<img src="https://images.seebug.org/upload/201409/21160117444edebb1d5f5ba7e9f47ea136df8816.png" alt="02.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21160117444edebb1d5f5ba7e9f47ea136df8816.png) ``` ``` ``` 3.http://vos.t***e.edu.cn/Documents/FolderInfor.asp?POAID=1 ``` [<img src="https://images.seebug.org/upload/201409/2116013335eeaba7ac05d613a1d36a5a6b7c31d3.png" alt="03.png"...

### 简要描述： RT ### 详细说明： 海天OA存在一处sql注入 海天OA官网：http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了，下面就用5个案例来做安全测试！ SQL注入点： ``` Documents/FolderInfor.asp?POAID=1 ``` ### 漏洞证明： ``` 1.http://180.***.**.94/Documents/FolderInfor.asp?POAID=1 ``` [<img src="https://images.seebug.org/upload/201409/21155521016f96da5daffd6bd1b013c61428ddfc.png" alt="01.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21155521016f96da5daffd6bd1b013c61428ddfc.png) ``` ``` ``` 2.http://oa.t***u.edu.cn/Documents/FolderInfor.asp?POAID=1 ``` [<img src="https://images.seebug.org/upload/201409/21160117444edebb1d5f5ba7e9f47ea136df8816.png" alt="02.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21160117444edebb1d5f5ba7e9f47ea136df8816.png) ``` ``` ``` 3.http://vos.t***e.edu.cn/Documents/FolderInfor.asp?POAID=1 ``` [<img src="https://images.seebug.org/upload/201409/2116013335eeaba7ac05d613a1d36a5a6b7c31d3.png" alt="03.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2116013335eeaba7ac05d613a1d36a5a6b7c31d3.png) ``` ``` ``` 4.http://www.sh***l.com/vos/Documents/FolderInfor.asp?POAID=1 ``` [<img src="https://images.seebug.org/upload/201409/2116015018d52fe119aebdb096ac2fa7599a4a45.png" alt="04.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2116015018d52fe119aebdb096ac2fa7599a4a45.png) ``` ``` ``` 5.http://www.cns****u.com/Documents/FolderInfor.asp?POAID=1 ``` [<img src="https://images.seebug.org/upload/201409/211602128cb1befa7225f8fdc0d13983aa4e3e09.png" alt="05.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/211602128cb1befa7225f8fdc0d13983aa4e3e09.png) ``` ```