### 简要描述:
### 详细说明:
部分子页面权限控制不严可以越权访问,部分公司信息泄露,外加sql注入一枚
### 漏洞证明:
1,公司组织架构与人员信息
地址:http://emeeting.mykingdee.com/tree/RadioCheck.htm
http://emeeting.mykingdee.com/tree/tree.htm
[<img src="https://images.seebug.org/upload/201508/04142510b4997173ffde318657ee553da1bab727.png" alt="QQ截图20150804142442.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/04142510b4997173ffde318657ee553da1bab727.png)
2,sql注入一枚与信息泄露
地址:http://emeeting.mykingdee.com/usercontrol/right/booking/qiandao.aspx?hybh=hy149215
[<img src="https://images.seebug.org/upload/201508/0414264070714182001566c5b75ce8d826f84883.png" alt="QQ截图20150804142603.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/0414264070714182001566c5b75ce8d826f84883.png)
[<img src="https://images.seebug.org/upload/201508/0414272069905a66e074ea05c5daf468a519df60.png" alt="QQ截图20150804142658.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/0414272069905a66e074ea05c5daf468a519df60.png)
3,越权访问
地址:http://cms.app.mykingdee.com/api/xt/search.action
http://subsite.app.mykingdee.com/
[<img src="https://images.seebug.org/upload/201508/0414284732402b4a3a8a9409668399e63846cbd8.png" alt="QQ截图20150804142830.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/0414284732402b4a3a8a9409668399e63846cbd8.png)
京公网安备 11010502034610号
暂无评论