某政府在用系统通用型SQL注入#2

2015-05-19T00:00:00
ID SSV:95847
Type seebug
Reporter Root
Modified 2015-05-19T00:00:00

Description

简要描述:

rt

详细说明:

某政府在用系统通用型SQL注入#2。 山东浪潮齐鲁软件产业股份有限公司 http://www.inspur.com/ 案例: http://117.40.187.175:8008/outportal/bulletin/Businessview.jsp?businessid=8080812a897481012a9761f71e0618 http://218.65.59.94/outportal/bulletin/Businessview.jsp?businessid=018ae42b585524012b5983103e01a5 http://117.40.180.140:8008/outportal/bulletin/Businessview.jsp?businessid=f08ab83fbc3b3e0145ae47dd6f146e http://117.40.186.185:8008/outportal/bulletin/Businessview.jsp?businessid=8080812a9e1b06012aa196274a0086 http://218.65.5.117:8008/outportal/bulletin/Businessview.jsp?businessid=8080812a6e176e012a6edfff7e02ce

漏洞证明:

注入证明:

<img src="https://images.seebug.org/upload/201505/1915250533cba9b651bae0a0604f69fba43c2af2.png" alt="QQ图片20150519151916.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201505/19152513aaac9e86040a9b7ba2164b723789a00c.png" alt="QQ图片20150519151932.png" width="600" onerror="javascript:errimg(this);">