VULHUB ™

### 简要描述： 一采通电子采购系统多处SQL注入漏洞 ### 详细说明： google:inurl:companycglist.aspx?ComId=* [<img src="https://images.seebug.org/upload/201506/0117142855aec9a76710d0ce50a0718784845c28.jpg" alt="QQ截图20150601171512.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/0117142855aec9a76710d0ce50a0718784845c28.jpg) #1 漏洞存在于 /Orders/k3orderdetail.aspx，参数FINTERID 例如 http://eps.umgg.com.cn/Orders/k3orderdetail.aspx?FINTERID=1 [<img src="https://images.seebug.org/upload/201506/011716569310ebf24ad26eec4e6751e58567a748.jpg" alt="QQ截图20150601171735.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/011716569310ebf24ad26eec4e6751e58567a748.jpg) #2 漏洞存在于 /organization/GetUser_List2.aspx，参数UserName 例如 http://eps.umgg.com.cn/organization/GetUser_List2.aspx?UserName=test [<img src="https://images.seebug.org/upload/201506/01171830a06b1c5da672d7b04563703e4b74a622.jpg" alt="QQ截图20150601171921.jpg" width="600"...

### 简要描述： 一采通电子采购系统多处SQL注入漏洞 ### 详细说明： google:inurl:companycglist.aspx?ComId=* [<img src="https://images.seebug.org/upload/201506/0117142855aec9a76710d0ce50a0718784845c28.jpg" alt="QQ截图20150601171512.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/0117142855aec9a76710d0ce50a0718784845c28.jpg) #1 漏洞存在于 /Orders/k3orderdetail.aspx，参数FINTERID 例如 http://eps.umgg.com.cn/Orders/k3orderdetail.aspx?FINTERID=1 [<img src="https://images.seebug.org/upload/201506/011716569310ebf24ad26eec4e6751e58567a748.jpg" alt="QQ截图20150601171735.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/011716569310ebf24ad26eec4e6751e58567a748.jpg) #2 漏洞存在于 /organization/GetUser_List2.aspx，参数UserName 例如 http://eps.umgg.com.cn/organization/GetUser_List2.aspx?UserName=test [<img src="https://images.seebug.org/upload/201506/01171830a06b1c5da672d7b04563703e4b74a622.jpg" alt="QQ截图20150601171921.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/01171830a06b1c5da672d7b04563703e4b74a622.jpg) [<img src="https://images.seebug.org/upload/201506/011719153dbdcd1a9e92b4e34b61c8c15b2743f6.jpg" alt="QQ截图20150601171959.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/011719153dbdcd1a9e92b4e34b61c8c15b2743f6.jpg) #3 漏洞存在于 /person/InviteList.aspx，参数id 例如 http://eps.umgg.com.cn/person/InviteList.aspx?iType=ZB&comid=1&id=0000 [<img src="https://images.seebug.org/upload/201506/011720317cdae969dc7fd9291e9e2bc4af5a0303.jpg" alt="QQ截图20150601172111.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/011720317cdae969dc7fd9291e9e2bc4af5a0303.jpg) ### 漏洞证明： 其他案例还有 http://116.55.248.65:8001/ http://61.143.243.42:8119/ http://eps.xcmg.com:90/ http://eps.qingxin.com.cn/ http://buy.yongx.net:8080/ http://eps.csrcj.com/