某政府信息公开系统存在SQL注入

### 简要描述： RT ### 详细说明： 吉大正元信息技术股份有限公司:http://www.jit.com.cn/ 众多政府网站都在使用该系统 我就用5个案例来测试。 注入链接是： ``` /zwdtSjgl/Directory/showLeader.jsp?LeadId= ``` ### 漏洞证明： 案例一： ``` http://218.27.190.107:8080/zwdtSjgl/Directory/showLeader.jsp?LeadId=2986 ``` [<img src="https://images.seebug.org/upload/201412/22230431f1d926b79a458de7e44de8e8b91c3dc5.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/22230431f1d926b79a458de7e44de8e8b91c3dc5.jpg) ``` ``` 案例二： ``` http://122.143.239.70:8090/zwdtSjgl/Directory/showLeader.jsp?LeadId=3261 ``` [<img src="https://images.seebug.org/upload/201412/222305230487576a6e7c2165e9390f97554a8de3.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/222305230487576a6e7c2165e9390f97554a8de3.jpg) ``` ``` 案例三： ``` http://218.27.207.22/zwdtSjgl/Directory/showLeader.jsp?LeadId=3261 ``` [<img src="https://images.seebug.org/upload/201412/222315494fedb10e9de20dea916890daafd4320f.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/222315494fedb10e9de20dea916890daafd4320f.jpg) ``` ``` 案例四： ``` http://222.160.175.90/zwdtSjgl/Directory/showLeader.jsp?LeadId=3371 ``` [<img src="https://images.seebug.org/upload/201412/2223261836ef6b2691e4eb6bf776a3b9879ab5c7.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/2223261836ef6b2691e4eb6bf776a3b9879ab5c7.jpg) ``` ``` 案例五： ``` http://218.62.90.168/zwdtSjgl/Directory/showLeader.jsp?LeadId=3017 ``` [<img src="https://images.seebug.org/upload/201412/22232638fed6963887ddb18737ac3a5f3116aa81.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/22232638fed6963887ddb18737ac3a5f3116aa81.jpg) ``` ```