You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Discovered as Fanen Software,and this type of vulnerability can be used to kill all vulnerabilities, and other products can be searched on FOFA:title="泛恩(FineSoft)医药管理软件",There are thousands of influencing IPs
The company of the vulnerability product is:Hangzhou Meisoft Information Technology Co., Ltd(杭州美软信息技术有限公司)
Vulnerability details:
Access the vulnerability URL:http://zjdyyy.8866.org:8089/yy/login.jsp
Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:myclient
Insert malicious code at the value of a controllable parameter:'><script>alert("crosssitescript")</script>
The page executes malicious code, which proves that cross-site scripting attacks can be implemented
Remediation scenarios:Strict filtering of user-controllable parameters
Discover people:dabaizhizhu
The text was updated successfully, but these errors were encountered:
Discovered as Fanen Software,and this type of vulnerability can be used to kill all vulnerabilities, and other products can be searched on FOFA:title="泛恩(FineSoft)医药管理软件",There are thousands of influencing IPs
The company of the vulnerability product is:Hangzhou Meisoft Information Technology Co., Ltd(杭州美软信息技术有限公司)
Vulnerability details:
Access the vulnerability URL:http://zjdyyy.8866.org:8089/yy/login.jsp
Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:myclient
Insert malicious code at the value of a controllable parameter:'><script>alert("crosssitescript")</script>
The page executes malicious code, which proves that cross-site scripting attacks can be implemented
Remediation scenarios:Strict filtering of user-controllable parameters
Discover people:dabaizhizhu
The text was updated successfully, but these errors were encountered: