### 简要描述:
RT
### 详细说明:
南京先极科技有限公司的学科竞赛系统存在SQL注入漏洞
前面各位大牛都有提交,所以我就写5个案例
注入链接:
```
ShowXmCg.aspx?itemno=
```
案例:
```
http://sy.cxxy.seu.edu.cn/js/ShowXmCg.aspx?itemno=137
http://202.195.210.177/xkjs/ShowXmCg.aspx?itemno=137
http://218.90.212.43:9025/xkjs/ShowXmCg.aspx?itemno=137
http://sjjx.siso.edu.cn/jnjs/ShowXmCg.aspx?itemno=137
http://202.195.237.148/xkjs/ShowXmCg.aspx?itemno=137
```
### 漏洞证明:
案例一:
```
http://sy.cxxy.seu.edu.cn/js/ShowJingSaiXm.aspx?itemno=137
```
[<img src="https://images.seebug.org/upload/201411/202344203b3454110d0098518f131a9e90f18b4a.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/202344203b3454110d0098518f131a9e90f18b4a.jpg)
```
```
案例二:
```
http://202.195.210.177/xkjs/ShowJingSaiXm.aspx?itemno=137
```
[<img src="https://images.seebug.org/upload/201411/20234441471dbf9b1d181367d417df29bdcb3c7d.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/20234441471dbf9b1d181367d417df29bdcb3c7d.jpg)
```
```
案例三:
```
http://218.90.212.43:9025/xkjs/ShowJingSaiXm.aspx?itemno=137
```
[<img src="https://images.seebug.org/upload/201411/20234500f007a11ddf0a67fa367841932e4dd520.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/20234500f007a11ddf0a67fa367841932e4dd520.jpg)
```
```
案例四:
```
http://sjjx.hytc.edu.cn/jingsai/ShowJingSaiXm.aspx?itemno=137
```
[<img src="https://images.seebug.org/upload/201411/20234514beba7775fd2c0f3df8b10cfd412c5cbe.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/20234514beba7775fd2c0f3df8b10cfd412c5cbe.jpg)
```
```
案例五:
```
http://sjjx.siso.edu.cn/jnjs/ShowJingSaiXm.aspx?itemno=137
```
[<img src="https://images.seebug.org/upload/201411/20234531559c88b29a02ae50bbf260e8608764fb.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/20234531559c88b29a02ae50bbf260e8608764fb.jpg)
```
```
京公网安备 11010502034610号
暂无评论