### 简要描述:
某政府通用系统sql注入漏洞
### 详细说明:
google inurl:spdt_listSp.action
http://www.stzwzx.com/spdt/spdt_listSp.action?deptId=009574019&menu=4
deptId参数未过滤 存在sql注入漏洞
[<img src="https://images.seebug.org/upload/201406/0210191255a7b3dbaa2b3d05b71ad280be4b0a75.jpg" alt="G9~3B5V{`LEVDRNZ@9Q@YNG.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/0210191255a7b3dbaa2b3d05b71ad280be4b0a75.jpg)
[<img src="https://images.seebug.org/upload/201406/0210291389d0261e5165e5e63d24fec9dd0491b8.jpg" alt="QQ图片20140602102456.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/0210291389d0261e5165e5e63d24fec9dd0491b8.jpg)
### 漏洞证明:
京公网安备 11010502034610号
暂无评论