搜索:用友GRP-U8财务管理软件
发现3处SQL注入漏洞
(1)R9iPortal/cm/cm_info_list.jsp?itype_id=3
(2)R9iPortal/cm/cm_info_content.jsp?info_id=82
(3)R9iPortal/cm/cm_notice_content.jsp?info_id=4
数据库管理系统:sql server(sa权限)
---------------------------
(1)R9iPortal/cm/cm_info_list.jsp?itype_id=3
漏洞证明:
(2)R9iPortal/cm/cm_info_content.jsp?info_id=82
漏洞证明:
(3)R9iPortal/cm/cm_notice_content.jsp?info_id=4
漏洞证明: