VULHUB ™

### 简要描述： 用友某系统目录遍历涉及大量敏感信息+未授权访问后台 ### 详细说明： 招投标系统 ``` http://buy.ufida.com.cn/File/ ``` ``` http://buy.ufida.com.cn/images/ ``` [<img src="https://images.seebug.org/upload/201508/200153170a85a88665dcee9203f85c3e6514ea4c.png" alt="QQ图片20150820015234.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/200153170a85a88665dcee9203f85c3e6514ea4c.png) [<img src="https://images.seebug.org/upload/201508/20015359597b9337116447291edd72cd101bbd34.png" alt="QQ图片20150820015323.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/20015359597b9337116447291edd72cd101bbd34.png) [<img src="https://images.seebug.org/upload/201508/20015611c680c11f6d0e13a7850df5fb07994e8e.png" alt="QQ图片20150820015530.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/20015611c680c11f6d0e13a7850df5fb07994e8e.png) 大量个人简历和标书,合同等等. ### 漏洞证明： ``` http://buy.ufida.com.cn/Web/ ``` [<img...

### 简要描述： 用友某系统目录遍历涉及大量敏感信息+未授权访问后台 ### 详细说明： 招投标系统 ``` http://buy.ufida.com.cn/File/ ``` ``` http://buy.ufida.com.cn/images/ ``` [<img src="https://images.seebug.org/upload/201508/200153170a85a88665dcee9203f85c3e6514ea4c.png" alt="QQ图片20150820015234.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/200153170a85a88665dcee9203f85c3e6514ea4c.png) [<img src="https://images.seebug.org/upload/201508/20015359597b9337116447291edd72cd101bbd34.png" alt="QQ图片20150820015323.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/20015359597b9337116447291edd72cd101bbd34.png) [<img src="https://images.seebug.org/upload/201508/20015611c680c11f6d0e13a7850df5fb07994e8e.png" alt="QQ图片20150820015530.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/20015611c680c11f6d0e13a7850df5fb07994e8e.png) 大量个人简历和标书,合同等等. ### 漏洞证明： ``` http://buy.ufida.com.cn/Web/ ``` [<img src="https://images.seebug.org/upload/201508/20015438f7f9a966661a9ea3436bb9395ccae160.png" alt="QQ图片20150820015356.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/20015438f7f9a966661a9ea3436bb9395ccae160.png) ``` http://buy.ufida.com.cn/Web/BDMS/SystemStatistics.aspx ``` [<img src="https://images.seebug.org/upload/201508/20015500615f7c74b2c2aeb4de129cb1d186d2ed.jpg" alt="QQ图片20150820010634.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/20015500615f7c74b2c2aeb4de129cb1d186d2ed.jpg) [<img src="https://images.seebug.org/upload/201508/200155116360a1ea5815cc5cefabb19dd39d2fa8.png" alt="QQ图片20150820010915.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/200155116360a1ea5815cc5cefabb19dd39d2fa8.png) 大量后台文件可直接访问查看