某政府系统通用SQL盲注#4（影响政府众多网站）

### 简要描述： RT ### 详细说明： 官网:http://www.jit.com.cn/ 案例如下： http://139.209.60.6//zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://218.62.90.168/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://61.138.128.150:8080/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://125.32.42.176/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://139.209.60.6//zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://61.138.128.150:8080/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://www.jlfm.gov.cn:8081/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD 1.测试注入点:http://www.jlfm.gov.cn:8081/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD [<img src="https://images.seebug.org/upload/201501/24215059e10a6223162872f7521124c53b3cc3c2.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/24215059e10a6223162872f7521124c53b3cc3c2.png) 2.测试注入点:http://139.209.60.6//zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD [<img src="https://images.seebug.org/upload/201501/242203284303830f72e1627a55ad3d819abe827f.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/242203284303830f72e1627a55ad3d819abe827f.png) ### 漏洞证明： 1.测试注入点:http://www.jlfm.gov.cn:8081/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD [<img src="https://images.seebug.org/upload/201501/24215059e10a6223162872f7521124c53b3cc3c2.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/24215059e10a6223162872f7521124c53b3cc3c2.png) 2.测试注入点:http://139.209.60.6//zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD [<img src="https://images.seebug.org/upload/201501/242203284303830f72e1627a55ad3d819abe827f.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/242203284303830f72e1627a55ad3d819abe827f.png) 以上均可复现。有点慢。