VULHUB ™

### 简要描述： 某通用型系统SQL注入+数据库下载 ### 详细说明： 某通用型系统SQL注入+数据库下载。 源码地址：XYCMS生物科技公司源码 v3.3 http://down.chinaz.com/soft/33908.htm SQL注入：job_yp.asp?id= 可谷歌搜索：inurl:job_yp.asp?id= [<img src="https://images.seebug.org/upload/201503/1513553297268ce3e493925821ceeff5dbeae159.png" alt="QQ图片20150315132705.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/1513553297268ce3e493925821ceeff5dbeae159.png) 实例： http://www.ys-org.com/job_yp.asp?id=1 http://ouzhouyulecheng.com/job_yp.asp?id=1 http://jinsanjiaoyulecheng.net/job_yp.asp?id=1 http://www.keyishengwu.com/job_yp.asp?id=8 http://sgqcdz.com/job_yp.asp?id=1 http://www.guozhiwang.com/job_yp.asp?id=1 http://www.keyishengwu.com/EN/job_yp.asp?id=8 http://wzkqq05.user.d-jet.com/job_yp.asp?id=2 http://runfenghzs.com/job_yp.asp?id=2 http://www.3dwater-tech.com/job_yp.asp?id=61 http://www.lfhengrui.com/job_yp.asp?id=9 http://www.xinmingsen.com/job_yp.asp?id=10 注入证明： [<img...

### 简要描述： 某通用型系统SQL注入+数据库下载 ### 详细说明： 某通用型系统SQL注入+数据库下载。 源码地址：XYCMS生物科技公司源码 v3.3 http://down.chinaz.com/soft/33908.htm SQL注入：job_yp.asp?id= 可谷歌搜索：inurl:job_yp.asp?id= [<img src="https://images.seebug.org/upload/201503/1513553297268ce3e493925821ceeff5dbeae159.png" alt="QQ图片20150315132705.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/1513553297268ce3e493925821ceeff5dbeae159.png) 实例： http://www.ys-org.com/job_yp.asp?id=1 http://ouzhouyulecheng.com/job_yp.asp?id=1 http://jinsanjiaoyulecheng.net/job_yp.asp?id=1 http://www.keyishengwu.com/job_yp.asp?id=8 http://sgqcdz.com/job_yp.asp?id=1 http://www.guozhiwang.com/job_yp.asp?id=1 http://www.keyishengwu.com/EN/job_yp.asp?id=8 http://wzkqq05.user.d-jet.com/job_yp.asp?id=2 http://runfenghzs.com/job_yp.asp?id=2 http://www.3dwater-tech.com/job_yp.asp?id=61 http://www.lfhengrui.com/job_yp.asp?id=9 http://www.xinmingsen.com/job_yp.asp?id=10 注入证明： [<img src="https://images.seebug.org/upload/201503/15135638dd34e62a1ad686f0ea863d219d3409fe.png" alt="QQ图片20150315133108.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/15135638dd34e62a1ad686f0ea863d219d3409fe.png) [<img src="https://images.seebug.org/upload/201503/15135629616eb653601379f5683b7dfd726e948d.png" alt="QQ图片20150315133441.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/15135629616eb653601379f5683b7dfd726e948d.png) [<img src="https://images.seebug.org/upload/201503/151356221524c342b903eb6b1e8627a80f1cea18.png" alt="QQ图片20150315134751.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/151356221524c342b903eb6b1e8627a80f1cea18.png) [<img src="https://images.seebug.org/upload/201503/15135612cc03b362c88cfd6b9d5ac444201befac.jpg" alt="QQ图片20150315134825.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/15135612cc03b362c88cfd6b9d5ac444201befac.jpg) ### 漏洞证明： 数据库下载：/xydata/xycms.mdb 实例+证明： http://www.guozhiwang.com//xydata/xycms.mdb http://www.lfhengrui.com//xydata/xycms.mdb http://www.xinmingsen.com//xydata/xycms.mdb http://runfenghzs.com//xydata/xycms.mdb http://www.keyishengwu.com//xydata/xycms.mdb [<img src="https://images.seebug.org/upload/201503/151357445cd1f0920875a1c0f13c4c2269a9b310.jpg" alt="QQ图片20150315132725.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/151357445cd1f0920875a1c0f13c4c2269a9b310.jpg) [<img src="https://images.seebug.org/upload/201503/151357353e219efb4f0d9e2ffe398bb308e749c4.jpg" alt="QQ图片20150315134825.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/151357353e219efb4f0d9e2ffe398bb308e749c4.jpg)