Shiro Deserialization Vulnerability in ECGAP 2.0, Wave's Government Service Cloud Platform

i.e. Wave Group, which owns four listed companies, namely Wave Information, Wave Software, Wave International and Huaguang Optoelectronics, with business covering four industry clusters, namely cloud data center, cloud service big data, smart city and smart enterprise, provides IT products and...

The wave of government approval platform ECGAP /Bulletin/DocmentDownload. aspx file ID parameter SQL injection vulnerability

No description provided by source...

The wave of government approval platform ECGAP /FeedBack/ProcessValue. aspx file num parameter SQL injection vulnerability

No description provided by source...

The wave of government approval platform ECGAP /FeedBack/ProcessValue. aspx file num parameter SQL injection vulnerability

No description provided by source...

浪潮政务审批平台ECGAP /Business/OfflineDownload.aspx 文件 formId 参数SQL注入漏洞

No description provided by source...

The wave of government approval platform ECGAP /ViewSource/SrcWorkProgram. aspx file infoflowId parameter SQL injection vulnerability

No description provided by source...

The wave of government approval platform ECGAP /Broadcast/broadcastview. aspx file InfoId parameter SQL injection vulnerability

No description provided by source...

The wave of government approval platform ECGAP /channel/QueryHig. aspx file AppBusinessName parameter SQL injection vulnerability

No description provided by source...

浪潮政务审批平台ECGAP /Broadcast/displayNewsPic.aspx 文件 id 参数SQL注入漏洞

0x01漏洞简介 浪潮ECGAP政务审批系统在页面/Broadcast/displayNewsPic.aspx的参数id存在注入漏洞，远程攻击者可以利用回显报错等方式执行SQL指令。 0x02漏洞利用 http://.../Broadcast/displayNewsPic.aspx?id=00187//and//1=user 0x03修复方案 过滤，或者使用参数化的SQL语句。...