### 简要描述:
一采通电子采购系统多处SQL注入漏洞#2
### 详细说明:
google:inurl:companycglist.aspx?ComId=*
[<img src="https://images.seebug.org/upload/201506/0117142855aec9a76710d0ce50a0718784845c28.jpg" alt="QQ截图20150601171512.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/0117142855aec9a76710d0ce50a0718784845c28.jpg)
#1 漏洞存在于 /Products/Category_MSelect.aspx,参数Name
例如 http://eps.umgg.com.cn/Products/Category_MSelect.aspx?Name=树脂磨盘
[<img src="https://images.seebug.org/upload/201506/01173222e2c541de4f2bfa161a3d9dafde1719b5.jpg" alt="t01d7023e61fbe4ac9b.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/01173222e2c541de4f2bfa161a3d9dafde1719b5.jpg)
#2 漏洞存在于 /RAT/Product/HistoryPrice.aspx,参数kw
例如 http://eps.umgg.com.cn/RAT/Product/HistoryPrice.aspx?kw=1
[<img src="https://images.seebug.org/upload/201506/01173050d5e878529f1234a4b661b9ead137e6ee.jpg" alt="t01d7023e61fbe4ac9b.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/01173050d5e878529f1234a4b661b9ead137e6ee.jpg)
#3 漏洞存在于 /SuperMarket/InterestInfoDetail.aspx,参数ItemId
例如 http://eps.umgg.com.cn/SuperMarket/InterestInfoDetail.aspx?ItemId=1
[<img src="https://images.seebug.org/upload/201506/01173314c490d0264d66d6cc3569942940a27782.jpg" alt="QQ截图20150601170817.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/01173314c490d0264d66d6cc3569942940a27782.jpg)
### 漏洞证明:
其他案例还有
http://116.55.248.65:8001/
http://61.143.243.42:8119/
http://eps.xcmg.com:90/
http://eps.qingxin.com.cn/
http://buy.yongx.net:8080/
http://eps.csrcj.com/
京公网安备 11010502034610号
暂无评论