某政府系统一处SQL注入

2015-03-26T00:00:00
ID SSV:94967
Type seebug
Reporter Root
Modified 2015-03-26T00:00:00

Description

简要描述:

RT

详细说明:

山东农友软件公司官网:http://www.nongyou.com.cn/ 案例如下: http://61.133.119.187:8091/newsymItemManage/Item5.aspx?id=1 http://222.135.76.147:8200/newsymItemManage/Item5.aspx?id=1 http://222.135.127.190:7200/newsymItemManage/Item5.aspx?id=1 http://221.2.149.47:8200/newsymItemManage/Item5.aspx?id=1 http://218.59.205.41:8053/newsymItemManage/Item5.aspx?id=1 http://jwh.tanljgzx.gov.cn/newsymItemManage/Item5.aspx?id=1 http://221.2.171.59:8200/newsymItemManage/Item5.aspx?id=1 http://218.56.159.98:8001/newsymItemManage/Item5.aspx?id=1 http://123.134.189.60:8016/newsymItemManage/Item5.aspx?id=1

漏洞证明:

http://61.133.119.187:8091/newsymItemManage/Item5.aspx?id=1

<img src="https://images.seebug.org/upload/201503/251710372c3d9af0ed92768aae0b76ad89438fbd.png" alt="QQ图片20150325144601.png" width="600" onerror="javascript:errimg(this);">

http://218.59.205.41:8053/newsymItemManage/Item5.aspx?id=1

<img src="https://images.seebug.org/upload/201503/2517114387bfeaac10dc3b15641e3514c64eee61.png" alt="QQ图片20150325171141.png" width="600" onerror="javascript:errimg(this);">