某通用型系统SQL注入

2015-03-19T00:00:00
ID SSV:95626
Type seebug
Reporter Root
Modified 2015-03-19T00:00:00

Description

简要描述:

某通用型系统SQL注入

详细说明:

某通用型系统SQL注入。 源码:XYCMS休闲度假山庄源码 v2.7 下载地址:http://down.chinaz.com/soft/34081.htm

<img src="https://images.seebug.org/upload/201503/19155224f394627d0e4c0ae32b2f406d6f8d98a0.png" alt="QQ图片20150319154205.png" width="600" onerror="javascript:errimg(this);">

注入点:article_detail.asp 注入参数:id= 可搜索:

<img src="https://images.seebug.org/upload/201503/191552460767c22bb553cbf6fabfb2c7b1a94f8c.png" alt="QQ图片20150319154058.png" width="600" onerror="javascript:errimg(this);">

实例: http://www.julong888.com/article_detail.asp?id=51 http://hldysj.com/article_detail.asp?id=101 http://www.kxbyg.com/article_detail.asp?id=97 http://www.zhuangzu.net/article_detail.asp?id=68 http://www.fsssyc.com/article_detail.asp?id=60 http://www.fasansiwei.com/article_detail.asp?id=84 http://www.mnqzr.com/article_detail.asp?id=90 http://www.pgchuidiao.com/article_detail.asp?id=79 http://www.cibijie.cn/article_detail.asp?id=84 http://www.phzx.net/phzx11/phrw/article_detail.asp?id=416

漏洞证明:

注入证明:

<img src="https://images.seebug.org/upload/201503/19155341c1427c45c70bde5d5b75e297c8506427.png" alt="QQ图片20150319155023.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/191553348d6885a01fca9d7057462a8a6619953b.png" alt="QQ图片20150319154705.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/1915532745d2d9a9268ae72b6ee2a5eb45eca9c0.png" alt="QQ图片20150319154427.png" width="600" onerror="javascript:errimg(this);">