VULHUB ™

### 简要描述： XYCMS装修设计公司源码系统1.5 多处注入漏洞及反射型xss ### 详细说明： common.asp,fwxm_detail.asp未进行任何过滤就直接带入数据库查询 ``` <% id=request.QueryString("id") set rs=server.createobject("adodb.recordset") exec="select * from [fwxm] where id="& id rs.open exec,conn,1,1 if rs.eof then response.Write "<div style=""padding:10px"">没有相关信息！</a>" response.End() end if %> ``` [<img src="https://images.seebug.org/upload/201309/250156470b3bd9d16c68e21fdb14cc2c6d617447.png" alt="QQ截图20130925015407.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201309/250156470b3bd9d16c68e21fdb14cc2c6d617447.png) ``` ``` news.asp也是未进行任何过滤就带入数据库查询 ``` <% id=request.QueryString("id") set rs=server.createobject("adodb.recordset") if id="" then exec="select * from news order by id desc" else exec="select * from news where ssfl="&id&" order by id desc" end if rs.open exec,conn,1,1 %> ``` [<img src="https://images.seebug.org/upload/201309/250200270eb0cb1e531810a5728cf8dda98abde9.png"...

### 简要描述： XYCMS装修设计公司源码系统1.5 多处注入漏洞及反射型xss ### 详细说明： common.asp,fwxm_detail.asp未进行任何过滤就直接带入数据库查询 ``` <% id=request.QueryString("id") set rs=server.createobject("adodb.recordset") exec="select * from [fwxm] where id="& id rs.open exec,conn,1,1 if rs.eof then response.Write "<div style=""padding:10px"">没有相关信息！</a>" response.End() end if %> ``` [<img src="https://images.seebug.org/upload/201309/250156470b3bd9d16c68e21fdb14cc2c6d617447.png" alt="QQ截图20130925015407.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201309/250156470b3bd9d16c68e21fdb14cc2c6d617447.png) ``` ``` news.asp也是未进行任何过滤就带入数据库查询 ``` <% id=request.QueryString("id") set rs=server.createobject("adodb.recordset") if id="" then exec="select * from news order by id desc" else exec="select * from news where ssfl="&id&" order by id desc" end if rs.open exec,conn,1,1 %> ``` [<img src="https://images.seebug.org/upload/201309/250200270eb0cb1e531810a5728cf8dda98abde9.png" alt="QQ截图20130925015839.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201309/250200270eb0cb1e531810a5728cf8dda98abde9.png) ### 漏洞证明： [<img src="https://images.seebug.org/upload/201309/2502034778576a590a0d6c86f2255db2042f1d34.png" alt="QQ截图20130925015157.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201309/2502034778576a590a0d6c86f2255db2042f1d34.png) [<img src="https://images.seebug.org/upload/201309/250204389a1b40f19aa98c1217328dd25706b1b5.png" alt="QQ截图20130925020410.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201309/250204389a1b40f19aa98c1217328dd25706b1b5.png)