某图书系统通用注入一枚

2015-05-26T00:00:00
ID SSV:95753
Type seebug
Reporter Root
Modified 2015-05-26T00:00:00

Description

简要描述:

影响网站数量较大,建议转国家应急

详细说明:

http://www.infosea.com.cn/yonghu.html 北京清大新洋科技有限公司 注入文件:qkdh_zm.jsp?flh= 案例: http://61.187.55.41:8090/opac/qkdh_zm.jsp?flh=L http://58.30.20.36:8089/opac/qkdh_zm.jsp?flh=B http://211.86.195.15:8086/opac/qkdh_zm.jsp?flh=B http://125.223.252.12:8089/opac/qkdh_zm.jsp?flh=P http://59.51.114.198:8088/opac/qkdh_zm.jsp?flh=P http://210.46.140.21:8080/opac/qkdh_zm.jsp?flh=P http://60.171.185.69:8089/opac/qkdh_zm.jsp?flh=S http://218.75.208.250:8089/opac/qkdh_zm.jsp?flh=M

漏洞证明:

http://61.187.55.41:8090/opac/qkdh_zm.jsp?flh=L

<img src="https://images.seebug.org/upload/201505/260020271f981f6e1ff214ddad56f5af9d348230.jpg" alt="QQ图片20150526001907.jpg" width="600" onerror="javascript:errimg(this);">

http://60.171.185.69:8089/opac/qkdh_zm.jsp?flh=S

<img src="https://images.seebug.org/upload/201505/26002326c0a04c05df3c3f087c09d88166ddd67b.jpg" alt="QQ图片20150526002212.jpg" width="600" onerror="javascript:errimg(this);">

http://125.223.252.12:8089/opac/qkdh_zm.jsp?flh=P

<img src="https://images.seebug.org/upload/201505/26002840a9279e84ff5bfdb86e41e7455783fc59.jpg" alt="QQ图片20150526002722.jpg" width="600" onerror="javascript:errimg(this);">