某学科竞赛系统存在SQL注入漏洞

### 简要描述： RT ### 详细说明： 南京先极科技有限公司的学科竞赛系统存在SQL注入漏洞 前人也有提交这个公司的，我就写5个案例 注入连接：MoreNews.aspx?NewsType=DongTai 案例： ``` <fieldset class="fieldset fieldset-mask"> <legend>mask 区域</legend> <pre><mask>1.http://**.**.** </mask></pre> </fieldset> /xkjs/MoreNews.aspx?NewsType=TongZhi <fieldset class="fieldset fieldset-mask"> <legend>mask 区域</legend> <pre><mask>1.http://**.**.** </mask></pre> </fieldset> /js/MoreNews.aspx?NewsType=TongZhi <fieldset class="fieldset fieldset-mask"> <legend>mask 区域</legend> <pre><mask>1.http://**.**.** </mask></pre> </fieldset> /xkjs/MoreNews.aspx?NewsType=TongZhi <fieldset class="fieldset fieldset-mask"> <legend>mask 区域</legend> <pre><mask>1.http://**.**.** </mask></pre> </fieldset> /xkjs/MoreNews.aspx?NewsType=WenJian <fieldset class="fieldset fieldset-mask"> <legend>mask 区域</legend> <pre><mask>1.http://**.**.** </mask></pre> </fieldset> /jingsai/MoreNews.aspx?NewsType=DongTai ``` ### 漏洞证明： 案例一： ``` <fieldset class="fieldset fieldset-mask"> <legend>mask 区域</legend> <pre><mask>1.http://**.**.** </mask></pre> </fieldset> /xkjs/MoreNews.aspx?NewsType=TongZhi ``` [<img src="https://images.seebug.org/upload/201411/11161904cb820c69489643b2790bd39126e4db89.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/11161904cb820c69489643b2790bd39126e4db89.jpg) ``` ``` [<img src="https://images.seebug.org/upload/201411/11161919f8b10c58fbc8cb8a714a4ba084364858.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/11161919f8b10c58fbc8cb8a714a4ba084364858.jpg) ``` ``` 案例二： ``` <fieldset class="fieldset fieldset-mask"> <legend>mask 区域</legend> <pre><mask>1.http://**.**.** </mask></pre> </fieldset> /js/MoreNews.aspx?NewsType=TongZhi ``` [<img src="https://images.seebug.org/upload/201411/111619469e949bb531c6114519d973e733ea92cc.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/111619469e949bb531c6114519d973e733ea92cc.jpg) ``` ``` 案例三: ``` <fieldset class="fieldset fieldset-mask"> <legend>mask 区域</legend> <pre><mask>1.http://**.**.** </mask></pre> </fieldset> /xkjs/MoreNews.aspx?NewsType=TongZhi ``` [<img src="https://images.seebug.org/upload/201411/11162007415a78c8eeee3b4c169fc4b6222e18ce.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/11162007415a78c8eeee3b4c169fc4b6222e18ce.jpg) ``` ``` 案例四： ``` <fieldset class="fieldset fieldset-mask"> <legend>mask 区域</legend> <pre><mask>1.http://**.**.** </mask></pre> </fieldset> /xkjs/MoreNews.aspx?NewsType=WenJian ``` [<img src="https://images.seebug.org/upload/201411/11162026a75f792836b4fda9915765fdf6763b84.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/11162026a75f792836b4fda9915765fdf6763b84.jpg) ``` ``` 案例五： ``` <fieldset class="fieldset fieldset-mask"> <legend>mask 区域</legend> <pre><mask>1.http://**.**.** </mask></pre> </fieldset> /jingsai/MoreNews.aspx?NewsType=DongTai ``` [<img src="https://images.seebug.org/upload/201411/111621010967ff4223998fe38a500129b02849b4.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/111621010967ff4223998fe38a500129b02849b4.jpg) ``` ``` 虽然数据库名不同，但是都是一样的