### 简要描述:
rt
### 详细说明:
某政务服务系统存在通用SQL注入。
案例:
```
http://www.gczw.gov.cn/portal/xzsp4/newlist2.aspx?columntitle=%E8%A7%84%E7%AB%A0%E5%88%B6%E5%BA%A6
http://www.gjzwzx.cn/portal/xzsp3//newlist2.aspx?columntitle=%E8%A7%84%E7%AB%A0%E5%88%B6%E5%BA%A6
http://www.dtzwdt.gov.cn/portal/xzsp3/newlist2.aspx?columntitle=%E5%A4%A7%E5%8E%85%E5%88%B6%E5%BA%A6
http://121.30.211.2:81/portal/lingqiuxian_xzsp3/newlist2.aspx?columntitle=%E5%A4%A7%E5%8E%85%E5%88%B6%E5%BA%A6
http://211.142.37.152:85/portal/xzsp3//newlist2.aspx?columntitle=%E8%A7%84%E7%AB%A0%E5%88%B6%E5%BA%A6
http://121.30.251.3:85/portal/xzsp3//newlist2.aspx?columntitle=%E8%A7%84%E7%AB%A0%E5%88%B6%E5%BA%A6
```
### 漏洞证明:
注入证明:
http://www.gczw.gov.cn/portal/xzsp4/newlist2.aspx?columntitle=%E8%A7%84%E7%AB%A0%E5%88%B6%E5%BA%A6
[<img src="https://images.seebug.org/upload/201506/02204419a52cf1a80c8a193278f87a0261e89faa.jpg" alt="QQ图片20150602203628.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/02204419a52cf1a80c8a193278f87a0261e89faa.jpg)
[<img src="https://images.seebug.org/upload/201506/02204426d683fbbe9ae05bebf45875ba96fd9e1b.jpg" alt="QQ图片20150602203642.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/02204426d683fbbe9ae05bebf45875ba96fd9e1b.jpg)
京公网安备 11010502034610号
暂无评论