### 简要描述: 用友某业务站敏感信息泄漏+sql注入 ### 详细说明: 用友新道: ``` http://home.seentao.com/ ``` ``` http://seentao.yonyou.com/ ``` phpcms搭建,存在爆authkey漏洞,拿到key,想干什么干什么。。 ``` [WooYun: PHPCMS最新版本authkey泄露可注射拿shell](http://www.wooyun.org/bugs/wooyun-2015-0105242) ``` ### 漏洞证明: 仅测试: [<img src="https://images.seebug.org/upload/201505/2322320897da74303d7ff7a108d6252f7f923a28.png" alt="y1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/2322320897da74303d7ff7a108d6252f7f923a28.png) [<img src="https://images.seebug.org/upload/201505/23223219a41588e8e6fca9deb8c593e8cd1bbdec.png" alt="y2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/23223219a41588e8e6fca9deb8c593e8cd1bbdec.png) ``` web server operating system: Windows web application technology: PHP 5.3.29, Apache 2.4.10 back-end DBMS: MySQL 5.0 Database: homeseentao [22 tables] +-----------------------+ | yq_block | | yq_collection_history | | yq_collection_program |...
### 简要描述: 用友某业务站敏感信息泄漏+sql注入 ### 详细说明: 用友新道: ``` http://home.seentao.com/ ``` ``` http://seentao.yonyou.com/ ``` phpcms搭建,存在爆authkey漏洞,拿到key,想干什么干什么。。 ``` [WooYun: PHPCMS最新版本authkey泄露可注射拿shell](http://www.wooyun.org/bugs/wooyun-2015-0105242) ``` ### 漏洞证明: 仅测试: [<img src="https://images.seebug.org/upload/201505/2322320897da74303d7ff7a108d6252f7f923a28.png" alt="y1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/2322320897da74303d7ff7a108d6252f7f923a28.png) [<img src="https://images.seebug.org/upload/201505/23223219a41588e8e6fca9deb8c593e8cd1bbdec.png" alt="y2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/23223219a41588e8e6fca9deb8c593e8cd1bbdec.png) ``` web server operating system: Windows web application technology: PHP 5.3.29, Apache 2.4.10 back-end DBMS: MySQL 5.0 Database: homeseentao [22 tables] +-----------------------+ | yq_block | | yq_collection_history | | yq_collection_program | | yq_content_check | | yq_dbsource | | yq_favorite | | yq_job_data | | yq_link | | yq_log | | yq_model_field | | yq_module | | yq_news | | yq_poster_201407 | | yq_poster_201505 | | yq_poster_space | | yq_release_point | | yq_search_keyword | | yq_special | | yq_sphinx_counter | | yq_tixi | | yq_vote_data | | yq_zoujin_data | +-----------------------+ ``` [<img src="https://images.seebug.org/upload/201505/23223317f07c64f9f22e3fc98f9b638c6905db13.png" alt="y3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/23223317f07c64f9f22e3fc98f9b638c6905db13.png)
