注入点1:http://cwc.tongji.edu.cn/WFManager/wingsoft/common/newsList.jsp?qry=qwe
类型:
其余注入点:
http://cwc.tongji.edu.cn/WFManager/common/newsList.jsp?nType=1
http://cwc.tongji.edu.cn/WFManager/common/newsList2.jsp?nType=1
http://cwc.tongji.edu.cn/WFManager/common/newsList4.jsp?nType=1
http://cwc.tongji.edu.cn/WFManager/common/newsList5.jsp?nType=1
http://cwc.tongji.edu.cn/WFManager/wingsoft/common/newsList.jsp?nType=1
http://cwc.tongji.edu.cn/WFManager/wingsoft/common/newsList2.jsp?nType=1
http://cwc.tongji.edu.cn/wingsoft/common/newsList.jsp?nType=1
http://cwc.tongji.edu.cn/wingsoft/common/newsList2.jsp?nType=1
http://cwc.tongji.edu.cn/WFManager/wingsoft/common/newsList.jsp?qry=%27%
http://cwc.tongji.edu.cn/WFManager/common/a.jsp?qry=%27
dba权限:
涉及78个数据库:
仅当前数据库有104张表,大量敏感信息泄漏:
财务信息太敏感,还是不继续看了,就这样吧,别的70来个数据库还没看呢。