XYCMS婚纱摄影中心建站系统存储型XSS+SQL注入

Basic Fields

SSV ID:: SSV-95628

Find Time:: 2015-03-17

Submit Time:: 2015-03-17

Level:

Category:: 其他类型

Component:: XYCMS

Author:: 独孤求败

Submitter:: Knownsec

CVE-ID：: Add

CNNVD-ID：: Add

CNVD-ID：: Add

ZoomEye Dork：: Add

Source

http://wooyun.org/bugs/wooyun-2015-0101476

Detail

Contributor Knownsec Got 0KB

### 简要描述： XYCMS婚纱摄影中心建站系统存储型XSS+SQL注入。 ### 详细说明： XYCMS婚纱摄影中心建站系统存储型XSS+SQL注入。源码地址：XYCMS婚纱摄影中心 v1.7 http://down.chinaz.com/soft/35204.htm 1.存储型XSS：online.asp [<img src="https://images.seebug.org/upload/201503/151220594fd23ee8abfdf95300e250663b6b28cc.png" alt="QQ图片20150315113920.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/151220594fd23ee8abfdf95300e250663b6b28cc.png) 实例+证明： http://www.gzblhs.com/online.asp http://www.028sheying.com/online.asp http://www.shmtq.com/online.asp http://www.tjjzl.cn/online.asp http://www.yzsjzl.com/online.asp [<img src="https://images.seebug.org/upload/201503/15122157b3be5f07548a722f0433ff22662f621b.jpg" alt="QQ图片20150315114329.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/15122157b3be5f07548a722f0433ff22662f621b.jpg) [<img src="https://images.seebug.org/upload/201503/151221487ce47d24ee16a6fc56e41502814dc9ad.jpg" alt="QQ图片20150315114413.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/151221487ce47d24ee16a6fc56e41502814dc9ad.jpg) [<img src="https://images.seebug.org/upload/201503/1512213472c6eefe9d6ae322bcf752617e5a32ec.jpg" alt="QQ图片20150315114432.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/1512213472c6eefe9d6ae322bcf752617e5a32ec.jpg) ### 漏洞证明： 2.SQL注入：show_detail.asp?id= [<img src="https://images.seebug.org/upload/201503/15122229bf8fd96d7bc6c274bc2ea6b10c2b35aa.png" alt="QQ图片20150315113020.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/15122229bf8fd96d7bc6c274bc2ea6b10c2b35aa.png) 实例+证明： http://ydjinsheng.3vzhuji.com/show_detail.asp?id=64 http://www.gzblhs.com/show_detail.asp?id=96 http://www.028sheying.com/show_detail.asp?id=64 http://jz.nimayi.com/hunqing/show_detail.asp?id=62 http://www.gcvivi.cn/show_detail.asp?id=81 [<img src="https://images.seebug.org/upload/201503/15122300dd742ac4a58e2580aeeece2ff8c49e26.png" alt="QQ图片20150315114259.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/15122300dd742ac4a58e2580aeeece2ff8c49e26.png)

have 0 exchange

PoC

Unavailable PoC

Reference Linking

http://wooyun.org/bugs/wooyun-2015-0101476

Solutions

Temp Solutions

Unavailable Temp Solutions

Official Solution

Unavailable Official solution

Defense Solutions

Unavailable Defense Solutions

※Any content provided by this site, only to learn the code and services, not for illegal purposes

Basic Fields

Source

Detail

PoC

Reference Linking

Solutions

Timeline

Related Vuls

Need to bind phone before comment. Bind Now

Unavailable Comments

XYCMS婚纱摄影中心建站系统存储型XSS+SQL注入

Basic Fields

Source

Detail

PoC

Reference Linking

Solutions

Timeline

Related Vuls

Need to bind phone before comment. Bind Now

Unavailable Comments

Hello,

Hello,