### 简要描述:
某通用型系统SQL注入
### 详细说明:
某通用型系统SQL注入。
源码:XYCMS休闲度假山庄源码 v2.7
下载地址:http://down.chinaz.com/soft/34081.htm
[<img src="https://images.seebug.org/upload/201503/19155224f394627d0e4c0ae32b2f406d6f8d98a0.png" alt="QQ图片20150319154205.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/19155224f394627d0e4c0ae32b2f406d6f8d98a0.png)
注入点:article_detail.asp 注入参数:id=
可搜索:
[<img src="https://images.seebug.org/upload/201503/191552460767c22bb553cbf6fabfb2c7b1a94f8c.png" alt="QQ图片20150319154058.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/191552460767c22bb553cbf6fabfb2c7b1a94f8c.png)
实例:
http://www.julong888.com/article_detail.asp?id=51
http://hldysj.com/article_detail.asp?id=101
http://www.kxbyg.com/article_detail.asp?id=97
http://www.zhuangzu.net/article_detail.asp?id=68
http://www.fsssyc.com/article_detail.asp?id=60
http://www.fasansiwei.com/article_detail.asp?id=84
http://www.mnqzr.com/article_detail.asp?id=90
http://www.pgchuidiao.com/article_detail.asp?id=79
http://www.cibijie.cn/article_detail.asp?id=84
http://www.phzx.net/phzx11/phrw/article_detail.asp?id=416
### 漏洞证明:
注入证明:
[<img src="https://images.seebug.org/upload/201503/19155341c1427c45c70bde5d5b75e297c8506427.png" alt="QQ图片20150319155023.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/19155341c1427c45c70bde5d5b75e297c8506427.png)
[<img src="https://images.seebug.org/upload/201503/191553348d6885a01fca9d7057462a8a6619953b.png" alt="QQ图片20150319154705.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/191553348d6885a01fca9d7057462a8a6619953b.png)
[<img src="https://images.seebug.org/upload/201503/1915532745d2d9a9268ae72b6ee2a5eb45eca9c0.png" alt="QQ图片20150319154427.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/1915532745d2d9a9268ae72b6ee2a5eb45eca9c0.png)
京公网安备 11010502034610号
暂无评论