### 简要描述:
用友某系统目录遍历涉及大量敏感信息+未授权访问后台
### 详细说明:
招投标系统
```
http://buy.ufida.com.cn/File/
```
```
http://buy.ufida.com.cn/images/
```
[<img src="https://images.seebug.org/upload/201508/200153170a85a88665dcee9203f85c3e6514ea4c.png" alt="QQ图片20150820015234.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/200153170a85a88665dcee9203f85c3e6514ea4c.png)
[<img src="https://images.seebug.org/upload/201508/20015359597b9337116447291edd72cd101bbd34.png" alt="QQ图片20150820015323.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/20015359597b9337116447291edd72cd101bbd34.png)
[<img src="https://images.seebug.org/upload/201508/20015611c680c11f6d0e13a7850df5fb07994e8e.png" alt="QQ图片20150820015530.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/20015611c680c11f6d0e13a7850df5fb07994e8e.png)
大量个人简历和标书,合同等等.
### 漏洞证明:
```
http://buy.ufida.com.cn/Web/
```
[<img src="https://images.seebug.org/upload/201508/20015438f7f9a966661a9ea3436bb9395ccae160.png" alt="QQ图片20150820015356.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/20015438f7f9a966661a9ea3436bb9395ccae160.png)
```
http://buy.ufida.com.cn/Web/BDMS/SystemStatistics.aspx
```
[<img src="https://images.seebug.org/upload/201508/20015500615f7c74b2c2aeb4de129cb1d186d2ed.jpg" alt="QQ图片20150820010634.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/20015500615f7c74b2c2aeb4de129cb1d186d2ed.jpg)
[<img src="https://images.seebug.org/upload/201508/200155116360a1ea5815cc5cefabb19dd39d2fa8.png" alt="QQ图片20150820010915.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/200155116360a1ea5815cc5cefabb19dd39d2fa8.png)
大量后台文件可直接访问查看
京公网安备 11010502034610号
暂无评论