用友某系统任意命令执行可GETSHELL

2014-10-19T00:00:00
ID SSV:93243
Type seebug
Reporter Root
Modified 2014-10-19T00:00:00

Description

简要描述:

用友某系统任意命令执行可GETSHELL

详细说明:

用友某系统任意命令执行可GETSHELL

漏洞证明:

命令执行: http://125.35.5.187/login!loginIndexPage.action

<img src="https://images.seebug.org/upload/201410/19161849574aaf6115aca428112afc854f8f9944.png" alt="5.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201410/19161902cb3e5e59a4ef2cf01ad42c918767ccaf.png" alt="6.png" width="600" onerror="javascript:errimg(this);">