### 简要描述:
用友某业务站敏感信息泄漏+sql注入
### 详细说明:
用友新道:
```
http://home.seentao.com/
```
```
http://seentao.yonyou.com/
```
phpcms搭建,存在爆authkey漏洞,拿到key,想干什么干什么。。
```
[WooYun: PHPCMS最新版本authkey泄露可注射拿shell](http://www.wooyun.org/bugs/wooyun-2015-0105242)
```
### 漏洞证明:
仅测试:
[<img src="https://images.seebug.org/upload/201505/2322320897da74303d7ff7a108d6252f7f923a28.png" alt="y1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/2322320897da74303d7ff7a108d6252f7f923a28.png)
[<img src="https://images.seebug.org/upload/201505/23223219a41588e8e6fca9deb8c593e8cd1bbdec.png" alt="y2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/23223219a41588e8e6fca9deb8c593e8cd1bbdec.png)
```
web server operating system: Windows
web application technology: PHP 5.3.29, Apache 2.4.10
back-end DBMS: MySQL 5.0
Database: homeseentao
[22 tables]
+-----------------------+
| yq_block |
| yq_collection_history |
| yq_collection_program |
| yq_content_check |
| yq_dbsource |
| yq_favorite |
| yq_job_data |
| yq_link |
| yq_log |
| yq_model_field |
| yq_module |
| yq_news |
| yq_poster_201407 |
| yq_poster_201505 |
| yq_poster_space |
| yq_release_point |
| yq_search_keyword |
| yq_special |
| yq_sphinx_counter |
| yq_tixi |
| yq_vote_data |
| yq_zoujin_data |
+-----------------------+
```
[<img src="https://images.seebug.org/upload/201505/23223317f07c64f9f22e3fc98f9b638c6905db13.png" alt="y3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/23223317f07c64f9f22e3fc98f9b638c6905db13.png)
京公网安备 11010502034610号
暂无评论