### 简要描述:
.
### 详细说明:
1.撞库:https://sso.youshang.com/sso/userAuthnAction.do#无限制撞库
抓包,撞库,123456密码
[<img src="https://images.seebug.org/upload/201511/17150858e9c2996d920001060dd7da585e78b873.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/17150858e9c2996d920001060dd7da585e78b873.jpg)
以下可以登录:
### 漏洞证明:
登录一个作证明
[<img src="https://images.seebug.org/upload/201511/17150910bf60b5292d52fca932b978fab75c17a7.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/17150910bf60b5292d52fca932b978fab75c17a7.jpg)
[<img src="https://images.seebug.org/upload/201511/1715091761a6f79a3777fcee2376149c7024fc2d.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/1715091761a6f79a3777fcee2376149c7024fc2d.jpg)
2.http://service.youshang.com/fee/moneybagHome.do s-19远程命令执行
[<img src="https://images.seebug.org/upload/201511/17151107f6955890cc7c18fe752e497f3cef7cf9.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/17151107f6955890cc7c18fe752e497f3cef7cf9.jpg)
京公网安备 11010502034610号
暂无评论