VULHUB ™

### 简要描述： st2 ### 详细说明： http://partner.kingdee.com/user/login.action root权限 [<img src="https://images.seebug.org/upload/201310/31160852aeadc6f7d747d1b5ffcac3322007b29b.gif" alt="20131031153251.gif" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201310/31160852aeadc6f7d747d1b5ffcac3322007b29b.gif) 获得了内网数据库的账号密码，库站分离 [<img src="https://images.seebug.org/upload/201310/311609401405a4e27c13a69a91c30271934d5562.gif" alt="20131031154246.gif" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201310/311609401405a4e27c13a69a91c30271934d5562.gif) 服务器内网ip [<img src="https://images.seebug.org/upload/201310/31160959c7f99f953ee11788f4cc1bfcf2735b97.gif" alt="20131031160105.gif" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201310/31160959c7f99f953ee11788f4cc1bfcf2735b97.gif) 数据库的内网ip [<img src="https://images.seebug.org/upload/201310/311610187255ea2cfb086f841a3603b6229dcf45.gif"...

### 简要描述： st2 ### 详细说明： http://partner.kingdee.com/user/login.action root权限 [<img src="https://images.seebug.org/upload/201310/31160852aeadc6f7d747d1b5ffcac3322007b29b.gif" alt="20131031153251.gif" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201310/31160852aeadc6f7d747d1b5ffcac3322007b29b.gif) 获得了内网数据库的账号密码，库站分离 [<img src="https://images.seebug.org/upload/201310/311609401405a4e27c13a69a91c30271934d5562.gif" alt="20131031154246.gif" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201310/311609401405a4e27c13a69a91c30271934d5562.gif) 服务器内网ip [<img src="https://images.seebug.org/upload/201310/31160959c7f99f953ee11788f4cc1bfcf2735b97.gif" alt="20131031160105.gif" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201310/31160959c7f99f953ee11788f4cc1bfcf2735b97.gif) 数据库的内网ip [<img src="https://images.seebug.org/upload/201310/311610187255ea2cfb086f841a3603b6229dcf45.gif" alt="20131031160139.gif" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201310/311610187255ea2cfb086f841a3603b6229dcf45.gif) 要是连接数据库还要内网继续，我就不做了 ### 漏洞证明： [<img src="https://images.seebug.org/upload/201310/31160852aeadc6f7d747d1b5ffcac3322007b29b.gif" alt="20131031153251.gif" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201310/31160852aeadc6f7d747d1b5ffcac3322007b29b.gif)