用友致远A6协同系统createMysql.jsp信息泄露

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

<p>该漏洞泄露了数据库用户的账号,密码hash.<br><br></p><p>code 区域</p><pre><code style="margin: 0px; font-family: 'Lucida Console', 'Courier New', Courier, mono, monospace; color: rgb(51, 51, 51); background-color: rgb(248, 248, 248);">/yyoa/createMysql.jsp<br style="margin: 0px; padding: 0px;"> /yyoa/ext/createMysql.jsp</code></pre><p><br><br>该文件的代码为:<br><br></p><pre><code style="margin: 0px; font-family: 'Lucida Console', 'Courier New', Courier, mono, monospace; color: rgb(51, 51, 51); background-color: rgb(248, 248, 248);">&lt;%@ page language="java" %&gt;<br style="margin: 0px; padding: 0px;"> &lt;%@ page session="true" %&gt;<br style="margin: 0px; padding: 0px;"> &lt;%@ page isThreadSafe="true" %&gt;<br style="margin: 0px; padding: 0px;"> &lt;%@ page import="java.sql.*,net.btdz.oa.common.*" %&gt;<br style="margin: 0px; padding: 0px;"> &lt;% <br style="margin: 0px; padding: 0px;"> CommonSql.exeUpdate("DELETE FROM mysql.user WHERE User = 'cubetech' ");<br style="margin: 0px; padding: 0px;">...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息