### 简要描述:
某教育门户CMS存在命令执行漏洞
### 详细说明:
漏洞厂商:上海释锐教育软件有限公司
漏洞程序:释锐自助建站系统(门户网站系统 http://www.threeoa.com/product/501.html
部分案例:
www.jmsyz.net/eeoaftp/downloadFile.action
www.zichang.sh.cn/eeoaftp/downloadFile.action
www.sipras.net/eeoaftp/downloadFile.action
www.mzlyz.cn/eeoaftp/downloadFile.action
ssd3.31390.com/eeoaftp/downloadFile.action
www.xiezhengyong.net/eeoaftp/downloadFile.action
利用:
[<img src="https://images.seebug.org/upload/201409/27172946800dd68a0dc33a00222a8bb1d35152f9.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/27172946800dd68a0dc33a00222a8bb1d35152f9.jpg)
[<img src="https://images.seebug.org/upload/201409/2717295965968ff6a989aa17a8d033502ba88c5d.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2717295965968ff6a989aa17a8d033502ba88c5d.jpg)
[<img src="https://images.seebug.org/upload/201409/27173008f73e4ffd8c6af5ef0951e29e4a00b126.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/27173008f73e4ffd8c6af5ef0951e29e4a00b126.jpg)
### 漏洞证明:
京公网安备 11010502034610号
暂无评论