XYCMS装修设计公司源码系统1.5多处注入漏洞

2013-09-25T00:00:00
ID SSV:95633
Type seebug
Reporter Root
Modified 2013-09-25T00:00:00

Description

简要描述:

XYCMS装修设计公司源码系统1.5 多处注入漏洞及反射型xss

详细说明:

common.asp,fwxm_detail.asp未进行任何过滤就直接带入数据库查询

&lt;% id=request.QueryString("id") set rs=server.createobject("adodb.recordset") exec="select * from [fwxm] where id="& id rs.open exec,conn,1,1 if rs.eof then response.Write "&lt;div style=""padding:10px""&gt;没有相关信息!&lt;/a&gt;" response.End() end if %&gt; <img src="https://images.seebug.org/upload/201309/250156470b3bd9d16c68e21fdb14cc2c6d617447.png" alt="QQ截图20130925015407.png" width="600" onerror="javascript:errimg(this);"> ```

```

news.asp也是未进行任何过滤就带入数据库查询

&lt;% id=request.QueryString("id") set rs=server.createobject("adodb.recordset") if id="" then exec="select * from news order by id desc" else exec="select * from news where ssfl="&id&" order by id desc" end if rs.open exec,conn,1,1 %&gt;

<img src="https://images.seebug.org/upload/201309/250200270eb0cb1e531810a5728cf8dda98abde9.png" alt="QQ截图20130925015839.png" width="600" onerror="javascript:errimg(this);">

漏洞证明:

<img src="https://images.seebug.org/upload/201309/2502034778576a590a0d6c86f2255db2042f1d34.png" alt="QQ截图20130925015157.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201309/250204389a1b40f19aa98c1217328dd25706b1b5.png" alt="QQ截图20130925020410.png" width="600" onerror="javascript:errimg(this);">