用友某微信平台命令执行漏洞权限较大

2014-06-30T00:00:00
ID SSV:93257
Type seebug
Reporter Root
Modified 2014-06-30T00:00:00

Description

简要描述:

回归乌云的节奏~ 嘿嘿~ 疯狗我回来了~

详细说明:

http://comp.yonyou.com//shell.jsp 密码test

[<img src="https://images.seebug.org/upload/201406/3017265352e4d8f259c112d39f2feb17794d3d2a.jpg" alt="[]MFT5EDRI]5F`PNR2NBE@X.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/3017265352e4d8f259c112d39f2feb17794d3d2a.jpg)

漏洞地址 http://comp.yonyou.com/hr/sm/Sm_index.action;jsessionid=BD01456221D66A12061773C6EE4315D0

漏洞证明:

<img src="https://images.seebug.org/upload/201406/30172646bdb26828347ffc02a0f0184732a77808.jpg" alt=")IBWUI@I%JP4U0TXGRADJ)W.jpg" width="600" onerror="javascript:errimg(this);">

权限比较大。。。所以、。、、我就不继续测试了、。我什么都没做~