某非书资料管理系统通用型SQL注入漏洞

### 简要描述： ### 详细说明： Manufacturers： ``` http://www.metadata.com.cn/ 杭州麦达电子有限公司 ``` SQL Injection: ``` /poweb/Ip.do?method=addIp&schoolid=*** 其中schoolid存在注入 ``` Case: ``` http://59.74.114.252:84/poweb/Ip.do?method=addIp&schoolid=301041 http://219.222.177.236:8080/poweb/Ip.do?method=addIp&schoolid=281041 http://222.29.253.58:8080/poweb/Ip.do?method=addIp&schoolid=011002 http://202.206.242.26:88/poweb/Ip.do?method=addIp&schoolid=171024 http://211.67.126.11:8088/poweb/Ip.do?method=addIp&schoolid=051042 ``` ### 漏洞证明： ``` 1、 ``` [<img src="https://images.seebug.org/upload/201504/11151643e1b98982fda48c0cbc6ffab354f7b27f.png" alt="01.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/11151643e1b98982fda48c0cbc6ffab354f7b27f.png) ``` ``` [<img src="https://images.seebug.org/upload/201504/11151650fa9d25173d2a7d4cf11bb001de6da770.png" alt="02.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/11151650fa9d25173d2a7d4cf11bb001de6da770.png) ``` ``` [<img src="https://images.seebug.org/upload/201504/11151654190ffb369a92c9a221c2842821cfe9c1.png" alt="03.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/11151654190ffb369a92c9a221c2842821cfe9c1.png) ``` 2、 ``` [<img src="https://images.seebug.org/upload/201504/111516589beff029a3f73af0d90910fa5497aaf1.png" alt="04.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/111516589beff029a3f73af0d90910fa5497aaf1.png) ``` ``` [<img src="https://images.seebug.org/upload/201504/11151702ab0a369631f1d5fc8005360e841bec68.png" alt="05.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/11151702ab0a369631f1d5fc8005360e841bec68.png) ``` ```