### 简要描述:
一处SQL注入漏洞
### 详细说明:
```
厂商:http://www.apabi.cn 北京方正阿帕比技术有限公司
```
SQL注入点:
```
/bbs/bbs_search.asp?lang=gb
POST:key=1 其中key参数存在SQL注入
```
```
Microsoft OLE DB Provider for SQL Server 错误 '80040e14'
第 1 行: '%' 附近有语法错误。
D:\PROGRAM FILES\FOUNDER\DLIBRARY\ROOT\BBS\..\..\Include\Class_BBS.Inc.asp,行 60
```
互联网自动采集案例5枚:
```
http://202.119.210.5/dlib/bbs/bbs_search.asp?lang=gb
http://210.37.2.181/dlib/bbs/bbs_search.asp?lang=gb
http://210.34.4.3/dlib/bbs/bbs_search.asp?lang=gb
http://202.117.24.8/dlib/bbs/bbs_search.asp?lang=gb
http://apabi.lib.njit.edu.cn/bbs/bbs_search.asp?lang=gb
```
### 漏洞证明:
我就测试2例:
```
1、
```
[<img src="https://images.seebug.org/upload/201503/2508582434983f97116e5d4dfddd068370db978f.png" alt="01.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2508582434983f97116e5d4dfddd068370db978f.png)
```
```
[<img src="https://images.seebug.org/upload/201503/25085831738533b4bffd61ff3aa5aa3d57cf63e8.png" alt="02.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/25085831738533b4bffd61ff3aa5aa3d57cf63e8.png)
```
2、
```
[<img src="https://images.seebug.org/upload/201503/25090153c7b70bc8ff4bdeca88c971dec0adf25c.png" alt="03.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/25090153c7b70bc8ff4bdeca88c971dec0adf25c.png)
```
```
[<img src="https://images.seebug.org/upload/201503/2509020037d6c3ff36e0e021469eca5e9d2ebb0e.png" alt="04.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2509020037d6c3ff36e0e021469eca5e9d2ebb0e.png)
```
```
京公网安备 11010502034610号
暂无评论