### 简要描述:
RT
### 详细说明:
海天OA存在一处sql注入
海天OA官网:http://www.haitiansoft.com:8080/
前人也有提交过我就不写那么多案例了,下面就用5个案例来做安全测试!
SQL注入点:
```
Documents/FolderInfor.asp?POAID=1
```
### 漏洞证明:
```
1.http://180.***.**.94/Documents/FolderInfor.asp?POAID=1
```
[<img src="https://images.seebug.org/upload/201409/21155521016f96da5daffd6bd1b013c61428ddfc.png" alt="01.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21155521016f96da5daffd6bd1b013c61428ddfc.png)
```
```
```
2.http://oa.t***u.edu.cn/Documents/FolderInfor.asp?POAID=1
```
[<img src="https://images.seebug.org/upload/201409/21160117444edebb1d5f5ba7e9f47ea136df8816.png" alt="02.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21160117444edebb1d5f5ba7e9f47ea136df8816.png)
```
```
```
3.http://vos.t***e.edu.cn/Documents/FolderInfor.asp?POAID=1
```
[<img src="https://images.seebug.org/upload/201409/2116013335eeaba7ac05d613a1d36a5a6b7c31d3.png" alt="03.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2116013335eeaba7ac05d613a1d36a5a6b7c31d3.png)
```
```
```
4.http://www.sh***l.com/vos/Documents/FolderInfor.asp?POAID=1
```
[<img src="https://images.seebug.org/upload/201409/2116015018d52fe119aebdb096ac2fa7599a4a45.png" alt="04.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2116015018d52fe119aebdb096ac2fa7599a4a45.png)
```
```
```
5.http://www.cns****u.com/Documents/FolderInfor.asp?POAID=1
```
[<img src="https://images.seebug.org/upload/201409/211602128cb1befa7225f8fdc0d13983aa4e3e09.png" alt="05.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/211602128cb1befa7225f8fdc0d13983aa4e3e09.png)
```
```
京公网安备 11010502034610号
暂无评论