某通用型行政大厅服务系统SQL注射

2015-04-08T00:00:00
ID SSV:95834
Type seebug
Reporter Root
Modified 2015-04-08T00:00:00

Description

简要描述:

某通用型行政大厅服务系统SQL注射

详细说明:

某通用型行政大厅服务系统SQL注射。 关键字搜索: 技术支持:邯郸市连邦软件发展有限公司 inurl:newsinfo.aspx?columntitle=

<img src="https://images.seebug.org/upload/201504/061900340bb1c922787e8be5215d2eb6aad5d52e.png" alt="QQ图片20150406181711.png" width="600" onerror="javascript:errimg(this);">

案例: http://121.30.251.3:85/portal/xzsp3/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E7%AE%80%E4%BB%8B http://60.220.253.153:81/portal/xzsp_zhangzi/newsinfo.aspx?columntitle=%E5%AE%A1%E6%94%B9%E5%8A%A8%E6%80%81 http://www.gjzwzx.cn/portal/xzsp3/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E5%8A%A8%E6%80%81 http://www.hdxzwzx.com/portal/xzsp_handanxian1/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E5%8A%A8%E6%80%81 http://211.142.37.152:85/portal/xzsp3/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E5%8A%A8%E6%80%81 http://www.bdxzfw.cn/portal/xzsp/newsinfo.aspx?columntitle=%E6%96%B0%E9%97%BB%E5%8A%A8%E6%80%81

漏洞证明:

注入证明: http://121.30.251.3:85/portal/xzsp3/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E7%AE%80%E4%BB%8B

<img src="https://images.seebug.org/upload/201504/06190203be8f17e0f1938ef11d8a20d3ae5eb362.png" alt="QQ图片20150406182424.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201504/06190157b396ac10f6f2a11cb0aab49a9b5ba6b1.png" alt="QQ图片20150406182449.png" width="600" onerror="javascript:errimg(this);">