### 简要描述: 用友软件集团几个站点存在SQL注射漏洞 ### 详细说明: 存在的漏洞: 用友医疗root权限POST SQL注射(可进一步渗透,未尝试): POST SQL注射 http://www.ufidahealth.com/service/online.php?action=saveadd ro主站的子站 http://health.ufida.com.cn/service/online.php?action=saveadd PostData:title=88952634&username=88952634&tel=88952634&company=88952634&email=safe3q%40gmail.com&job=88952634&content=88952634&sort=38 用友畅捷通的子站服务通SQL注射 http://tss.chanjet.com/tssVersion.aspx?cVer=%E6%9C%8D%E5%8A%A1%E9%80%9A%E6%99%AE%E5%8F%8A%E7%89%88 注入点应该不止是这几个。。。 ### 漏洞证明: 用友医疗root权限POST SQL注射 [<img src="https://images.seebug.org/upload/201205/17034602fce583d8c24f3ce54e475b4c509e1e1e.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201205/17034602fce583d8c24f3ce54e475b4c509e1e1e.jpg) [<img src="https://images.seebug.org/upload/201205/1703464567a317cc0eff0821e2ae986ada4cca9d.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201205/1703464567a317cc0eff0821e2ae986ada4cca9d.jpg)...
### 简要描述: 用友软件集团几个站点存在SQL注射漏洞 ### 详细说明: 存在的漏洞: 用友医疗root权限POST SQL注射(可进一步渗透,未尝试): POST SQL注射 http://www.ufidahealth.com/service/online.php?action=saveadd ro主站的子站 http://health.ufida.com.cn/service/online.php?action=saveadd PostData:title=88952634&username=88952634&tel=88952634&company=88952634&email=safe3q%40gmail.com&job=88952634&content=88952634&sort=38 用友畅捷通的子站服务通SQL注射 http://tss.chanjet.com/tssVersion.aspx?cVer=%E6%9C%8D%E5%8A%A1%E9%80%9A%E6%99%AE%E5%8F%8A%E7%89%88 注入点应该不止是这几个。。。 ### 漏洞证明: 用友医疗root权限POST SQL注射 [<img src="https://images.seebug.org/upload/201205/17034602fce583d8c24f3ce54e475b4c509e1e1e.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201205/17034602fce583d8c24f3ce54e475b4c509e1e1e.jpg) [<img src="https://images.seebug.org/upload/201205/1703464567a317cc0eff0821e2ae986ada4cca9d.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201205/1703464567a317cc0eff0821e2ae986ada4cca9d.jpg) [<img src="https://images.seebug.org/upload/201205/17034712d2d1f828c16e0a33e4caafb91049466a.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201205/17034712d2d1f828c16e0a33e4caafb91049466a.jpg) 用友畅捷通的子站服务通SQL注射 [<img src="https://images.seebug.org/upload/201205/170348379be11348f35f38ebc6382bb1b9b6eb9c.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201205/170348379be11348f35f38ebc6382bb1b9b6eb9c.jpg) [<img src="https://images.seebug.org/upload/201205/1703490266b43730df81f7c189a4697840e07268.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201205/1703490266b43730df81f7c189a4697840e07268.jpg)