VULHUB ™

### 简要描述： rt ### 详细说明： 信游科技多站弱口令及SQL注入漏洞#大量信息泄露。 SQL注入：地址：http://xin.52xinyou.cn/ 弱口令用户：xinyoukeji;xinyoukeji [<img src="https://images.seebug.org/upload/201511/18085636090e3ca097906f940047265aa82cb5a4.png" alt="QQ图片20151118085205.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/18085636090e3ca097906f940047265aa82cb5a4.png) [<img src="https://images.seebug.org/upload/201511/18085643c31fb4887a1118de22dbf7049a7f463f.png" alt="QQ图片20151118085321.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/18085643c31fb4887a1118de22dbf7049a7f463f.png) 注入需登录：http://xin.52xinyou.cn/pay-order.html?gid=62485%27 [<img src="https://images.seebug.org/upload/201511/180856501e94c1af2cd0e6db4041a57275759fbf.png" alt="QQ图片20151118085338.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/180856501e94c1af2cd0e6db4041a57275759fbf.png) ### 漏洞证明： 多站弱口令，信息泄露：...

### 简要描述： rt ### 详细说明： 信游科技多站弱口令及SQL注入漏洞#大量信息泄露。 SQL注入：地址：http://xin.52xinyou.cn/ 弱口令用户：xinyoukeji;xinyoukeji [<img src="https://images.seebug.org/upload/201511/18085636090e3ca097906f940047265aa82cb5a4.png" alt="QQ图片20151118085205.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/18085636090e3ca097906f940047265aa82cb5a4.png) [<img src="https://images.seebug.org/upload/201511/18085643c31fb4887a1118de22dbf7049a7f463f.png" alt="QQ图片20151118085321.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/18085643c31fb4887a1118de22dbf7049a7f463f.png) 注入需登录：http://xin.52xinyou.cn/pay-order.html?gid=62485%27 [<img src="https://images.seebug.org/upload/201511/180856501e94c1af2cd0e6db4041a57275759fbf.png" alt="QQ图片20151118085338.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/180856501e94c1af2cd0e6db4041a57275759fbf.png) ### 漏洞证明： 多站弱口令，信息泄露： 1.地址：http://fx.52xinyou.cn/login.html test;123456 [<img src="https://images.seebug.org/upload/201511/1809002919760baad3b3ed92b349e93d00be6918.png" alt="QQ图片20151118085738.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/1809002919760baad3b3ed92b349e93d00be6918.png) [<img src="https://images.seebug.org/upload/201511/18090036e008c98012cc3a880657102ed4752db6.png" alt="QQ图片20151118085752.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/18090036e008c98012cc3a880657102ed4752db6.png) 2.http://hf.52xinyou.cn/login.html xinyoukeji;xinyoukeji admin;123456 test;test [<img src="https://images.seebug.org/upload/201511/180900481e0255cc18ae60c3e2225219f57dbe00.png" alt="QQ图片20151118085843.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/180900481e0255cc18ae60c3e2225219f57dbe00.png) [<img src="https://images.seebug.org/upload/201511/18090055a7ddedfd2c0de15e66903d82371c2631.png" alt="QQ图片20151118085855.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/18090055a7ddedfd2c0de15e66903d82371c2631.png) 3.三个站点自带用户密码。不需要输入可直接登录。默认口令：xinyoukeji;xinyoukeji http://ht.52xinyou.cn/xykj/login.aspx http://rht.52xinyou.cn/xykj/login.aspx http://qht.52xinyou.cn/xykj/login.aspx [<img src="https://images.seebug.org/upload/201511/18090107bc22b7a62465bd8ccec35aaad240e22f.png" alt="QQ图片20151118085936.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/18090107bc22b7a62465bd8ccec35aaad240e22f.png) [<img src="https://images.seebug.org/upload/201511/18090132923ca3111807b6f3659548e0e0151ba9.png" alt="QQ图片20151118085946.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/18090132923ca3111807b6f3659548e0e0151ba9.png)