### 简要描述: 公开后大牛们可以试试将通用范围扩大。 ### 详细说明: URL:http://udp.ufida.com.cn/uDetail-p1.asp?flag=rjcp&seq_no=183【注入点】 [<img src="https://images.seebug.org/upload/201406/19075939abf8337661f31c569773ac7d72a2effb.jpg" alt="222.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/19075939abf8337661f31c569773ac7d72a2effb.jpg) 证明: [<img src="https://images.seebug.org/upload/201406/1908003008840685ca176ab95f1d2d91b8af59aa.jpg" alt="XZ4)2ROH3A8BKQ6UK2_7A)8.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/1908003008840685ca176ab95f1d2d91b8af59aa.jpg) 当前数据库“U9”的所有表: [<img src="https://images.seebug.org/upload/201406/19080715ed434ff67100a0326202ef5dd26b4af7.jpg" alt="333.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/19080715ed434ff67100a0326202ef5dd26b4af7.jpg) 用友多出注入点: http://udp.ufida.com.cn/utilityList.asp?mkname=KCGL&ud=20...
### 简要描述: 公开后大牛们可以试试将通用范围扩大。 ### 详细说明: URL:http://udp.ufida.com.cn/uDetail-p1.asp?flag=rjcp&seq_no=183【注入点】 [<img src="https://images.seebug.org/upload/201406/19075939abf8337661f31c569773ac7d72a2effb.jpg" alt="222.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/19075939abf8337661f31c569773ac7d72a2effb.jpg) 证明: [<img src="https://images.seebug.org/upload/201406/1908003008840685ca176ab95f1d2d91b8af59aa.jpg" alt="XZ4)2ROH3A8BKQ6UK2_7A)8.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/1908003008840685ca176ab95f1d2d91b8af59aa.jpg) 当前数据库“U9”的所有表: [<img src="https://images.seebug.org/upload/201406/19080715ed434ff67100a0326202ef5dd26b4af7.jpg" alt="333.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/19080715ed434ff67100a0326202ef5dd26b4af7.jpg) 用友多出注入点: http://udp.ufida.com.cn/utilityList.asp?mkname=KCGL&ud=20 http://udp.ufida.com.cn/plus_select.asp?flag=aa&udp_id=lxooo http://udp.ufida.com.cn/select_developerReg.asp?uid=uffans http://udp.ufida.com.cn/demoright.asp?page=2&uid=zyerp&company_name=%B1%B1%BE%A9%D7%F0%D3%D1%C8%ED%BC%FE%D3%D0%CF%DE%B9%AB%CB%BE 多处注入点,最好加过滤器吧。 利用google搜索:inurl:asp?flag= inurl:seq_no= 该通用型主要影响国外网站,下面简单说下证明: 1:http://www.adsky.co.kr/qna_view.asp?seq_no=5219%27&pagenum=1333&srchN=&srchT=&srchC=&sval= [<img src="https://images.seebug.org/upload/201406/190816374f47066f47578fca1994f3913da305d6.jpg" alt="_(DP$5ZSFK~T2}7XL(N}`Z3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/190816374f47066f47578fca1994f3913da305d6.jpg) 2:http://www.redflagclub.com.hk/main06_a_as.asp?seq_no=184%27&desc=%EF%BF%BD%EC%B9%A2%EF%BF%BD%EF%BF%BD%EF%BF%BDu%EF%BF%BD%EF%BF%BDA%EF%BF%BD%7B%27 [<img src="https://images.seebug.org/upload/201406/1908171813f2279b2247f8a698533c46b1c708e1.jpg" alt="23.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/1908171813f2279b2247f8a698533c46b1c708e1.jpg) 3:http://udp.ufida.com.cn/uDetail-p1.asp?flag=rjcp&seq_no=187 [<img src="https://images.seebug.org/upload/201406/190821235d1fde065be7fb92a63d076286c624fa.jpg" alt="123123.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/190821235d1fde065be7fb92a63d076286c624fa.jpg) 等 ### 漏洞证明: [<img src="https://images.seebug.org/upload/201406/1908223240c0bbcfe7e2acd6f1e38663af8227bf.jpg" alt="XZ4)2ROH3A8BKQ6UK2_7A)8.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/1908223240c0bbcfe7e2acd6f1e38663af8227bf.jpg)
