### 简要描述:
RT
### 详细说明:
测试的漏洞站点:http://tdemo002mp.v5portal.com/
URL:http://tdemo002mp.v5portal.com/articlelist.aspx?wd=1&btnsearch3=1&id=0
[<img src="https://images.seebug.org/upload/201405/07183412d3935266efc10f96e0a672df0d43a7b5.jpg" alt="QQ图片20140507183205.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/07183412d3935266efc10f96e0a672df0d43a7b5.jpg)
wd=1参数过滤不严,直接带入数据库中查询。
[<img src="https://images.seebug.org/upload/201405/07183508bf1e8e9918ab1e5fdc9ca4c21df29df0.jpg" alt="QQ图片20140507183540.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/07183508bf1e8e9918ab1e5fdc9ca4c21df29df0.jpg)
### 漏洞证明:
sqlmap傻傻的检测不正常.
[<img src="https://images.seebug.org/upload/201405/0718360728d306fa40f43315a27a63063c8e00c4.jpg" alt="QQ图片20140507183631.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/0718360728d306fa40f43315a27a63063c8e00c4.jpg)
[<img src="https://images.seebug.org/upload/201405/07183637cd6aac04f5932b5845ff79f531bb53eb.jpg" alt="QQ图片20140507183708.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/07183637cd6aac04f5932b5845ff79f531bb53eb.jpg)
[<img src="https://images.seebug.org/upload/201405/071837023eb2b3b0bfa12def8f90b26cdbd5e906.jpg" alt="QQ图片20140507183732.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/071837023eb2b3b0bfa12def8f90b26cdbd5e906.jpg)
京公网安备 11010502034610号
暂无评论