### 简要描述:
sql注入漏洞
### 详细说明:
手机图书馆门户是集掌上门户,掌上APP为一体的移动服务解决方案,在移动智能时代拉近读者与图书馆之间的距离。 By--汇文软件
很多高校都在用汇文的掌上图书馆,路人甲在用的时候也觉得确实很不错,但是手贱测试了下发现存在sql注射漏洞一枚,直接导致数据库泄露。
其实案例很多,谷歌关键字:intitle:手机OPAC
[<img src="https://images.seebug.org/upload/201412/03195531ff8daab35e09fa087235b83d089d832a.png" alt="QQ截图20141203195313.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/03195531ff8daab35e09fa087235b83d089d832a.png)
[<img src="https://images.seebug.org/upload/201412/03195543111e4a04e65e2db13c2d65229c2ace51.png" alt="QQ截图20141203195335.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/03195543111e4a04e65e2db13c2d65229c2ace51.png)
[<img src="https://images.seebug.org/upload/201412/031956006c001153c9761a1dec42443b98d7402f.png" alt="QQ截图20141203195344.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/031956006c001153c9761a1dec42443b98d7402f.png)
[<img src="https://images.seebug.org/upload/201412/03195617eea0cf4cfa7216e1407e9843a89e5f31.png" alt="QQ截图20141203195403.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/03195617eea0cf4cfa7216e1407e9843a89e5f31.png)
在乌云上搜索汇文也会有相关的案例,但是都没提及这个漏洞
### 漏洞证明:
我们就随便选一个吧,选谷歌结果第一个
地址:http://202.200.151.19:8081/m/info/newbook.action?clsNo=A
[<img src="https://images.seebug.org/upload/201412/03200000199a305eb5c59f76693a7dcf24f94cda.png" alt="QQ截图20141203195813.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/03200000199a305eb5c59f76693a7dcf24f94cda.png)
[<img src="https://images.seebug.org/upload/201412/032000062e4d0aa14bdbb2c8a2cf1def12e753f6.png" alt="QQ截图20141203195852.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/032000062e4d0aa14bdbb2c8a2cf1def12e753f6.png)
[<img src="https://images.seebug.org/upload/201412/0320001260270a7b1f1316ddc8fc89f1d9b32340.png" alt="QQ截图20141203195906.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/0320001260270a7b1f1316ddc8fc89f1d9b32340.png)
[<img src="https://images.seebug.org/upload/201412/03200102f024b130a8158d1fadd53b25cfee5250.png" alt="QQ截图20141203200015.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/03200102f024b130a8158d1fadd53b25cfee5250.png)
[<img src="https://images.seebug.org/upload/201412/032001099bc9ea7337816817034e90c4535cce97.png" alt="QQ截图20141203200028.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/032001099bc9ea7337816817034e90c4535cce97.png)
暂无评论