WooYun.org

1、建站程序类型：PHP+MYSQL
2、漏洞类型：SQL注入
3、缺陷文件：abouts.php
4、注入参数：id
5.涉及版本：未知
7、危害程度：高危
8、涉及厂商：天河网站建设公司
9、厂商网站：http://www.sgin.cn/
10、安装量：超大
11、是否拥有源代码分析：暂无
12、关键字：inurl:abouts.php?id=
13、是否默认配置：是
默认后台地址:http://www.xxxx.com/sgin/index.php
我们看下漏洞案例。
http://www.attagems.com/abouts.php?id=9
http://www.hefna.net/abouts.php?id=9&aw=2
http://www.jgjzx.net/abouts.php?id=11&aw=1
http://www.knjkc.com/abouts.php?id=9&PHPSESSID=8ef8sqvl5a0otve5ij3jmg5077
http://www.gzawt.com/abouts.php?id=1
http://www.gzyzys.com/abouts.php?id=9&aw=1
http://www.gdgj13.com/abouts.php?id=10
http://changningwuliu.com/abouts.php?id=9
http://www.gztopde.com/abouts.php?id=12
http://www.mofonail.com/abouts.php?id=10&aw=1
http://www.gzjixian.com/abouts.php?id=10&aw=1
http://www.gzchemeida.com/abouts.php?id=10
http://www.youshun168.com/abouts.php?id=8
http://www.ouqier.com.cn/abouts.php?id=14
http://www.aoyangshebei.com/abouts.php?id=10
http://www.chuangzhi1688.com.cn/abouts.php?id=10&aw=3
http://sanyi-light.com/abouts.php?id=9
http://holy-gkids.com/abouts.php?id=14
http://www.gintec.cn/abouts.php?id=9&aw=1
http://好理吉.com/abouts.php?id=12&aw=1
http://zivvi.com.cn/wap/abouts.php?id=9
http://www.befxc.com/abouts.php?id=10
http://www.zh-xin.com/abouts.php?id=8
http://www.yipinxuangz.com/abouts.php?id=2
http://gdbeiqi.com/abouts.php?id=10
http://www.fayuhair.com/abouts.php?id=10
http://a1616358.sn20.gzonet.com/abouts.php?id=13
http://www.gzchuanli.com/abouts.php?id=9
http://gzflard.com/abouts.php?id=12
http://www.gzflard.com/abouts.php?id=10
http://jinglingrui.com/abouts.php?id=13
http://www.ekbio.cn/abouts.php?id=13
http://www.ronxinmachine.com.cn/abouts.php?id=1
http://www.gzruian.cn/abouts.php?id=5
http://yxtech.com.cn/abouts.php?id=11
http://www.chaldylan.com/abouts.php?id=13&aw=2