某图书系统通用注入一枚

2015-05-26T00:00:00
ID SSV:95752
Type seebug
Reporter Root
Modified 2015-05-26T00:00:00

Description

简要描述:

影响网站数量较大,建议转国家应急

详细说明:

http://www.infosea.com.cn/yonghu.html 北京清大新洋科技有限公司 注入文件:/opac/dzxxxs.jsp?dztm=00007&index=3 案例: http://61.187.55.41:8090/opac/dzxxxs.jsp?dztm=00007&index=3 http://58.30.20.36:8089/opac/dzxxxs.jsp?dztm=00007&index=3 http://125.223.252.12:8089/opac/dzxxxs.jsp?dztm=00007&index=3 http://59.51.114.198:8088/opac/dzxxxs.jsp?dztm=00007&index=3 http://60.171.185.69:8089/opac/dzxxxs.jsp?dztm=00007&index=3 http://58.132.57.4:8070/opac/dzxxxs.jsp?dztm=00007&index=3 http://124.207.106.138:8070/opac/dzxxxs.jsp?dztm=00007&index=3 http://111.207.101.74:8070/opac/dzxxxs.jsp?dztm=00007&index=3

漏洞证明:

http://61.187.55.41:8090/opac/dzxxxs.jsp?dztm=00007&index=3

<img src="https://images.seebug.org/upload/201505/26104310d4949e4b1c9b0707497de3d3c56fc77a.jpg" alt="QQ图片20150526104153.jpg" width="600" onerror="javascript:errimg(this);">

http://60.171.185.69:8089/opac/dzxxxs.jsp?dztm=00007&index=3

<img src="https://images.seebug.org/upload/201505/2610435798a42129310b4e838d5539b43972768f.jpg" alt="QQ图片20150526104243.jpg" width="600" onerror="javascript:errimg(this);">

http://58.132.57.4:8070/opac/dzxxxs.jsp?dztm=00007&index=3

<img src="https://images.seebug.org/upload/201505/261044493d3dccf785b97e099e17af1bf0b86d0f.jpg" alt="QQ图片20150526104335.jpg" width="600" onerror="javascript:errimg(this);">

http://111.207.101.74:8070/opac/dzxxxs.jsp?dztm=00007&index=3

<img src="https://images.seebug.org/upload/201505/26104553f176f8646548b3c652428ce52d7e6621.jpg" alt="QQ图片20150526104432.jpg" width="600" onerror="javascript:errimg(this);">