厂商:延边创智科技有限公司
谷歌关键字:inurl:Y01/ws_xw/info.asp
存在大量网站:
http://www.ybga.gov.cn/ybzgaj/Y01/ws_xw/info.asp?mkbh=M001004
http://www.ybztz.gov.cn/Y01/ws_xw/info.asp?mkbh=M007005
http://www.ybxfj.gov.cn/Y01/ws_xw/info.asp?mkbh=M004001
http://www.ybzhbj.gov.cn/Y01/ws_xw/info.asp?mkbh=M004001
http://www.dhjsj.gov.cn/jsj/Y01/ws_xw/info.asp?mkbh=M004001
http://www.atxga.com/Y01/ws_xw/info.asp?mkbh=M002001
http://www.xy1957.com/y01/ws_xw/info.asp?mkbh=M003001
http://www.dirui.com.cn/Y01/ws_xw/info.asp?mkbh=M001002
http://www.yjbhdl.com/Y01/ws_xw/info.asp?mkbh=M006001
http://www.ybzw.net/Y01/ws_xw/info.asp?mkbh=M004001
http://www.123555.net/Y01/ws_xw/info.asp?mkbh=M004001
http://www.dhsyzx.cn/Y01/ws_xw/f01_info.asp?mkbh=M009001
http://www.dbysjy.com/Y01/ws_xw/info.asp?mkbh=M001002
http://yballvideo.com/Y01/ws_xw/info.asp?mkbh=M002010
http://www.yongzhenfood.com/cn/Y01/ws_xw/info.asp?mkbh=M003001
http://sysmed.cn/china/Y01/ws_xw/info.asp?mkbh=M004001
http://www.jladly.com/Y01/ws_xw/info.asp?mkbh=M006002
http://www.dan-hua.com/cn/Y01/ws_xw/info.asp?mkbh=M004001
http://www.yjweiye.net/Y01/ws_xw/info.asp?mkbh=M001002
http://www.ybyingchi.com/Y01/ws_xw/f03_info.asp?mkbh=M005001
http://www.ybdf.com/www/Y01/ws_xw/info.asp?mkbh=M005003
http://www.ybdadi.com/ybdadi/Y01/ws_xw/info.asp?mkbh=M003001
http://www.caoxianyy.com/cxyy/Y01/ws_xw/info.asp?mkbh=M002001
http://www.yjggqc.com/gjgs/Y01/ws_xw/info.asp?mkbh=M002001
http://www.ybcyyy.net/cyyy/Y01/ws_xw/info.asp?mkbh=M006001
http://www.hebbeilin.com/Y01/ws_xw/info.asp?mkbh=M011007
首先厂商主站存在sql注入
http://ybczkj2.bjsx30.host.35.com/ybczkj/Y01/ws_xw/info.asp?mkbh=M007001
下面证明通用性:
1.吉林省某公安局
http://www.ybga.gov.cn/ybzgaj/Y01/ws_xw/info.asp?mkbh=M001004
2.国家某统战部sql注入
http://www.ybztz.gov.cn/Y01/ws_xw/info.asp?mkbh=M007005
3.吉林省某信访局sql注入
http://www.ybxfj.gov.cn/Y01/ws_xw/info.asp?mkbh=M004001
4.吉林省某环保局
http://www.ybzhbj.gov.cn/Y01/ws_xw/info.asp?mkbh=M004001
5.延边州某公安局sql注入
http://www.atxga.com/Y01/ws_xw/info.asp?mkbh=M002001
6.吉林省某重点中学注入
http://www.dhsyzx.cn/Y01/ws_xw/f01_info.asp?mkbh=M009001
7.河北省某林场管理局网站sql注入
http://www.hebbeilin.com/Y01/ws_xw/info.asp?mkbh=M011007
还有很多网站,不逐一证明了