某通用型系统SQL注入+数据库下载

2015-03-17T00:00:00
ID SSV:95627
Type seebug
Reporter Root
Modified 2015-03-17T00:00:00

Description

简要描述:

某通用型系统SQL注入+数据库下载

详细说明:

某通用型系统SQL注入+数据库下载。 源码地址:XYCMS生物科技公司源码 v3.3 http://down.chinaz.com/soft/33908.htm SQL注入:job_yp.asp?id= 可谷歌搜索:inurl:job_yp.asp?id=

<img src="https://images.seebug.org/upload/201503/1513553297268ce3e493925821ceeff5dbeae159.png" alt="QQ图片20150315132705.png" width="600" onerror="javascript:errimg(this);">

实例: http://www.ys-org.com/job_yp.asp?id=1 http://ouzhouyulecheng.com/job_yp.asp?id=1 http://jinsanjiaoyulecheng.net/job_yp.asp?id=1 http://www.keyishengwu.com/job_yp.asp?id=8 http://sgqcdz.com/job_yp.asp?id=1 http://www.guozhiwang.com/job_yp.asp?id=1 http://www.keyishengwu.com/EN/job_yp.asp?id=8 http://wzkqq05.user.d-jet.com/job_yp.asp?id=2 http://runfenghzs.com/job_yp.asp?id=2 http://www.3dwater-tech.com/job_yp.asp?id=61 http://www.lfhengrui.com/job_yp.asp?id=9 http://www.xinmingsen.com/job_yp.asp?id=10 注入证明:

<img src="https://images.seebug.org/upload/201503/15135638dd34e62a1ad686f0ea863d219d3409fe.png" alt="QQ图片20150315133108.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/15135629616eb653601379f5683b7dfd726e948d.png" alt="QQ图片20150315133441.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/151356221524c342b903eb6b1e8627a80f1cea18.png" alt="QQ图片20150315134751.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/15135612cc03b362c88cfd6b9d5ac444201befac.jpg" alt="QQ图片20150315134825.jpg" width="600" onerror="javascript:errimg(this);">

漏洞证明:

数据库下载:/xydata/xycms.mdb 实例+证明: http://www.guozhiwang.com//xydata/xycms.mdb http://www.lfhengrui.com//xydata/xycms.mdb http://www.xinmingsen.com//xydata/xycms.mdb http://runfenghzs.com//xydata/xycms.mdb http://www.keyishengwu.com//xydata/xycms.mdb

<img src="https://images.seebug.org/upload/201503/151357445cd1f0920875a1c0f13c4c2269a9b310.jpg" alt="QQ图片20150315132725.jpg" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/151357353e219efb4f0d9e2ffe398bb308e749c4.jpg" alt="QQ图片20150315134825.jpg" width="600" onerror="javascript:errimg(this);">