某政府在用系统通用型SQL注入#10

2015-06-03T00:00:00
ID SSV:95841
Type seebug
Reporter Root
Modified 2015-06-03T00:00:00

Description

简要描述:

rt

详细说明:

某政府在用系统通用型SQL注入#10。 案例如下: http://221.2.149.28:8090/lslp/WHOut/DistrictIndex_Sc.aspx?DFID=JQ http://www.rcsp.cn:8083/lslp/WHOut/DistrictIndex_Sc.aspx?DFID=JQ http://222.135.78.34:8083/lslp/WHOut/DistrictIndex_Sc.aspx?DFID=JQ http://www.rszwfwzx.gov.cn/lslp/whout/DistrictIndex_Sc.aspx?DFID=JQ http://www.whaac.gov.cn:8090/lslp/whout/DistrictIndex_Sc.aspx?DFID=JQ

漏洞证明:

注入证明: http://221.2.149.28:8090/lslp/WHOut/DistrictIndex_Sc.aspx?DFID=JQ

<img src="https://images.seebug.org/upload/201506/0219101939f744ae1b7bd81bd946d205dd53657d.jpg" alt="QQ图片20150602190632.jpg" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201506/0219102755be768bb5c5bcdefc6f9b67ebcb9612.jpg" alt="QQ图片20150602190648.jpg" width="600" onerror="javascript:errimg(this);">