某政府系统#注入漏洞一枚

2015-03-24T00:00:00
ID SSV:94969
Type seebug
Reporter Root
Modified 2015-03-24T00:00:00

Description

简要描述:

RT

详细说明:

山东农友软件公司官网:http://www.nongyou.com.cn/ 和这个漏洞 WooYun: 某政府系统#注入漏洞一枚 是同一文件的但是不是同一目录下的注入,而且,页面内容也不一样,不知道算不算重复啊 案例如下: http://61.133.119.187:8091/symItemView/ItemThird.aspx?id=1 http://222.135.76.147:8200/symItemView/ItemThird.aspx?id=1 http://222.135.127.190:7200/symItemView/ItemThird.aspx?id=1 http://221.2.149.47:8200/symItemView/ItemThird.aspx?id=1 http://218.59.205.41:8053/symItemView/ItemThird.aspx?id=1 http://jwh.tanljgzx.gov.cn/symItemView/ItemThird.aspx?id=1 http://221.2.171.59:8200/symItemView/ItemThird.aspx?id=1 http://218.56.159.98:8001/symItemView/ItemThird.aspx?id=1 http://123.134.189.60:8016/symItemView/ItemThird.aspx?id=1

漏洞证明:

http://61.133.119.187:8091/symItemView/ItemThird.aspx?id=1

<img src="https://images.seebug.org/upload/201503/23101159911c1126a5fc8d00e568494555cd9eb0.png" alt="QQ图片20150323101151.png" width="600" onerror="javascript:errimg(this);">

http://221.2.149.47:8200/symItemView/ItemThird.aspx?id=1

<img src="https://images.seebug.org/upload/201503/23102842109ff9c1abf1350bad4ec7e4662f4112.png" alt="QQ图片20150323102837.png" width="600" onerror="javascript:errimg(this);">