某政府系统#注入漏洞一枚

2015-03-26T00:00:00
ID SSV:94965
Type seebug
Reporter Root
Modified 2015-03-26T00:00:00

Description

简要描述:

RT

详细说明:

山东农友软件公司官网:http://www.nongyou.com.cn/ 案例如下: http://61.133.119.187:8091/newsymItemManage/Item3.aspx?id=1 http://222.135.76.147:8200/newsymItemManage/Item3.aspx?id=1 http://222.135.127.190:7200/newsymItemManage/Item3.aspx?id=1 http://221.2.149.47:8200/newsymItemManage/Item3.aspx?id=1 http://218.59.205.41:8053/newsymItemManage/Item3.aspx?id=1 http://jwh.tanljgzx.gov.cn/newsymItemManage/Item3.aspx?id=1 http://221.2.171.59:8200/newsymItemManage/Item3.aspx?id=1 http://218.56.159.98:8001/newsymItemManage/Item3.aspx?id=1 http://123.134.189.60:8016/newsymItemManage/Item3.aspx?id=1

漏洞证明:

http://61.133.119.187:8091/newsymItemManage/Item3.aspx?id=1

<img src="https://images.seebug.org/upload/201503/251724176f3630a9c5f28c4d43d3d69a37d21b08.png" alt="QQ图片20150325171939.png" width="600" onerror="javascript:errimg(this);">

http://jwh.tanljgzx.gov.cn/newsymItemManage/Item3.aspx?id=1

<img src="https://images.seebug.org/upload/201503/25172634df0ddcaf3409184d1a5257e179ebb749.png" alt="QQ图片20150325172634.png" width="600" onerror="javascript:errimg(this);">