### 简要描述:
一处mssql的注入
### 详细说明:
厂商:
```
http://gw.apabi.com/ 北京方正阿帕比技术有限公司
```
用户量比较多:
[<img src="https://images.seebug.org/upload/201503/210053566744932b6475dd4b80dea8db61062062.jpg" alt="0.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/210053566744932b6475dd4b80dea8db61062062.jpg)
SQL注入点:
```
/AddMyFavourite.asp?lang=gb&DocID= 其中DocID存在sql注入
```
互联网自动采集案例5枚:
```
http://ebook.nwu.edu.cn/AddMyFavourite.asp?lang=gb&DocID=1
http://dlib.gsjtxy.edu.cn/dlib/AddMyFavourite.asp?lang=gb&DocID=1
http://book.sdjnlib.net:81/AddMyFavourite.asp?lang=gb&DocID=1
http://apabi.hfslib.com/AddMyFavourite.asp?lang=gb&DocID=1
http://211.81.174.133:81/dlib/AddMyFavourite.asp?lang=gb&DocID=1
```
### 漏洞证明:
为节省时间,我就测试两个案例了:
1、
[<img src="https://images.seebug.org/upload/201503/2100474046529940ff9697860c66d06a30506523.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2100474046529940ff9697860c66d06a30506523.jpg)
[<img src="https://images.seebug.org/upload/201503/21004812f99516c167eee45d723213f7d8ca05b5.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/21004812f99516c167eee45d723213f7d8ca05b5.jpg)
[<img src="https://images.seebug.org/upload/201503/210048400f1979e53b68cd7d41d9f53e67a68d52.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/210048400f1979e53b68cd7d41d9f53e67a68d52.jpg)
2、
[<img src="https://images.seebug.org/upload/201503/210052290ae6a9f90d9d59a9cca85494a6055175.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/210052290ae6a9f90d9d59a9cca85494a6055175.jpg)
[<img src="https://images.seebug.org/upload/201503/2100523772631560f8ee0d0285dacc2d98268a7f.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2100523772631560f8ee0d0285dacc2d98268a7f.jpg)
京公网安备 11010502034610号
暂无评论