某图书系统通用注入一枚

2015-05-25T00:00:00
ID SSV:95754
Type seebug
Reporter Root
Modified 2015-05-25T00:00:00

Description

简要描述:

影响网站数量较大,建议转国家应急

详细说明:

http://www.infosea.com.cn/yonghu.html 北京清大新洋科技有限公司

<img src="https://images.seebug.org/upload/201505/2417151058ab0de9746f420c95c73093cec50aad.png" alt="QQ图片20150524171333.png" width="600" onerror="javascript:errimg(this);">

注入文件:opac/printssh.jsp?xz= 案例: http://tsjs.sdwm.cn:8000/opac/ http://60.171.185.69:8089/opac/ http://www.kflib.cn:8090/opac/ http://125.223.252.12:8089/opac/ http://218.75.178.63:8089/opac/ http://124.207.106.138:8070/opac/ http://58.133.216.9:8070/opac/ http://210.45.183.219/opac/ http://211.86.195.15:8086/opac/ http://59.51.114.198:8088/opac/ http://218.76.66.214:8089/opac/ http://124.207.103.34:8070/opac/ http://210.46.140.21:8080/opac/ http://211.84.229.10:8089/opac/ http://111.207.101.74:8070/opac/ http://58.132.57.4:8070/opac/ http://220.161.198.14:8070/opac/ http://58.132.46.199:8070/opac/

漏洞证明:

http://tsjs.sdwm.cn:8000/opac/printssh.jsp?xz=zyk0009559

<img src="https://images.seebug.org/upload/201505/24171706c618d3d0def253e362d2230893aefbc2.jpg" alt="QQ图片20150524171540.jpg" width="600" onerror="javascript:errimg(this);">

http://211.84.229.10:8089/opac/printssh.jsp?xz=zyk0002100

<img src="https://images.seebug.org/upload/201505/24172152275a3f916ca505492a1000b80b131b98.jpg" alt="QQ图片20150524172037.jpg" width="600" onerror="javascript:errimg(this);">

http://111.207.101.74:8070/opac//printssh.jsp?xz=zyk0032246

<img src="https://images.seebug.org/upload/201505/2417271990e3197b883e76308d5283af01615e0c.jpg" alt="QQ图片20150524172601.jpg" width="600" onerror="javascript:errimg(this);">

http://58.132.46.199:8070/opac//printssh.jsp?xz=zyk0024380

<img src="https://images.seebug.org/upload/201505/24173652ded00f4cfa40b006806c9c3c1d6c0151.jpg" alt="QQ图片20150524173533.jpg" width="600" onerror="javascript:errimg(this);">

http://124.207.106.138:8070/opac/printssh.jsp?xz=zyk0002189

<img src="https://images.seebug.org/upload/201505/242019185f7c8f214f214dde1d96ed29dbe1579b.jpg" alt="QQ图片20150524201759.jpg" width="600" onerror="javascript:errimg(this);">