Discovered as Fanen Software,and this type of vulnerability can be used to kill all vulnerabilities, and other products can be searched on FOFA:title="泛恩(FineSoft)医药管理软件",There are thousands of influencing IPs
The company of the vulnerability product is:Hangzhou Meisoft Information Technology Co., Ltd(杭州美软信息技术有限公司)
Vulnerability details:
Access the vulnerability URL:http://zjdyyy.8866.org:8089/yy/login.jsp
Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:myclient
Insert malicious code at the value of a controllable parameter:'>
The page executes malicious code, which proves that cross-site scripting attacks can be implemented
Remediation scenarios:Strict filtering of user-controllable parameters
Discovered as Fanen Software,and this type of vulnerability can be used to kill all vulnerabilities, and other products can be searched on FOFA:title="泛恩(FineSoft)医药管理软件",There are thousands of influencing IPs
The company of the vulnerability product is:Hangzhou Meisoft Information Technology Co., Ltd(杭州美软信息技术有限公司)
Vulnerability details: Access the vulnerability URL:http://zjdyyy.8866.org:8089/yy/login.jsp Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:myclient Insert malicious code at the value of a controllable parameter:'> The page executes malicious code, which proves that cross-site scripting attacks can be implemented
Remediation scenarios:Strict filtering of user-controllable parameters
Discover people:dabaizhizhu