VULHUB ™

### 简要描述： RT ### 详细说明： 山东农友软件公司官网:http://www.nongyou.com.cn/ 案例如下： http://221.2.171.59:8000/rushanview.aspx?id=288&newsid=1299&deptid=55 http://222.135.127.190:7000/rushanview.aspx?id=288&newsid=1299&deptid=55 http://221.2.149.47:8100/rushanview.aspx?id=288&newsid=1299&deptid=55 http://222.135.109.70:8100/rushanview.aspx?id=288&newsid=1299&deptid=55 http://221.2.171.59:8000/rushanview.aspx?id=288&newsid=1299&deptid=55 http://222.135.127.190:7000/rushanview.aspx?id=288&newsid=1299&deptid=55 http://61.133.119.187:8089/rushanview.aspx?id=288&newsid=1299&deptid=55 参数:deptid存在注入。 1.测试注入点:http://61.133.119.187:8089/rushanview.aspx?id=288&newsid=1299&deptid=55 [<img src="https://images.seebug.org/upload/201501/30153619854ed84fa2474f7825c069d874aa0544.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/30153619854ed84fa2474f7825c069d874aa0544.png) 2.测试注入点:http://222.135.127.190:7000/rushanview.aspx?id=288&newsid=1299&deptid=55 [<img...

### 简要描述： RT ### 详细说明： 山东农友软件公司官网:http://www.nongyou.com.cn/ 案例如下： http://221.2.171.59:8000/rushanview.aspx?id=288&newsid=1299&deptid=55 http://222.135.127.190:7000/rushanview.aspx?id=288&newsid=1299&deptid=55 http://221.2.149.47:8100/rushanview.aspx?id=288&newsid=1299&deptid=55 http://222.135.109.70:8100/rushanview.aspx?id=288&newsid=1299&deptid=55 http://221.2.171.59:8000/rushanview.aspx?id=288&newsid=1299&deptid=55 http://222.135.127.190:7000/rushanview.aspx?id=288&newsid=1299&deptid=55 http://61.133.119.187:8089/rushanview.aspx?id=288&newsid=1299&deptid=55 参数:deptid存在注入。 1.测试注入点:http://61.133.119.187:8089/rushanview.aspx?id=288&newsid=1299&deptid=55 [<img src="https://images.seebug.org/upload/201501/30153619854ed84fa2474f7825c069d874aa0544.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/30153619854ed84fa2474f7825c069d874aa0544.png) 2.测试注入点:http://222.135.127.190:7000/rushanview.aspx?id=288&newsid=1299&deptid=55 [<img src="https://images.seebug.org/upload/201501/30153731a249e926365de18814f55096d1e76e1b.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/30153731a249e926365de18814f55096d1e76e1b.png) 均可复现。 ### 漏洞证明： 1.测试注入点:http://61.133.119.187:8089/rushanview.aspx?id=288&newsid=1299&deptid=55 [<img src="https://images.seebug.org/upload/201501/30153619854ed84fa2474f7825c069d874aa0544.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/30153619854ed84fa2474f7825c069d874aa0544.png) 2.测试注入点:http://222.135.127.190:7000/rushanview.aspx?id=288&newsid=1299&deptid=55 [<img src="https://images.seebug.org/upload/201501/30153731a249e926365de18814f55096d1e76e1b.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/30153731a249e926365de18814f55096d1e76e1b.png)