sxx412
Results
2
comments of
sxx412
会不会是因为没有过滤url参数中可能包含的敏感字符?因为扫描结果里面,文件参数 Shell 命令注入的问题一共有7,8个地方,我这里只是截了其中一个。另外还有如下几个链接: 1. http://192.168.1.199:7000/jeecgboot/sys/randomImage/1629428467008(这个和截图一样,也是报_t参数有风险) 2. http://192.168.1.199:7000/jeecgboot/sys/permission/getUserPermissionByToken(同上) 3. http://192.168.1.199:7000/jeecgboot/sys/user/getUserInfo(同上) 4. http://192.168.1.199:7000/jeecgboot/sys/permission/getPermCode(同上) 5. http://192.168.1.199:7000/jeecgboot/sys/annountCement/listByUser(报pageSize和_t参数有风险) 另,appscan的版本是10.0