某行政服务系统一处sql注入漏洞

### 简要描述： rt ### 详细说明： 某行政服务系统一处sql注入漏洞。 谷歌搜索：技术支持：邯郸市连邦软件发展有限公司 inurl:list.aspx?columntag= [<img src="https://images.seebug.org/upload/201504/0819401456c702e5ce3935f842e55723b9a71e5d.png" alt="QQ图片20150408190835.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0819401456c702e5ce3935f842e55723b9a71e5d.png) 案例如下： ``` http://www.jzxdzjc.gov.cn/portal/dzjc/jsjy/list.aspx?columnTag=%27zcfg%27 http://119.178.103.6:81/portal/dzjc/jsjy/list.aspx?columnTag='tzgg' http://221.193.244.207:82/portal/dzjc/jsjy/list.aspx?columnTag=%27zcfg%27 http://121.18.36.138:90/anxin/website/list.aspx?columntag=tscy http://211.142.37.152:90/portal/dzjc/jsjy/list.aspx?columnTag='dzjc_jxtb' ``` ### 漏洞证明： 注入证明： 以http://www.jzxdzjc.gov.cn/portal/dzjc/jsjy/list.aspx?columnTag=%27zcfg%27为例： [<img src="https://images.seebug.org/upload/201504/081941340c5710421e897fbdcb9694448687f4de.png" alt="QQ图片20150408193702.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/081941340c5710421e897fbdcb9694448687f4de.png) [<img src="https://images.seebug.org/upload/201504/0819412647b27a0ba8ef48d6cd8ef1bae1113fed.png" alt="QQ图片20150408193717.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0819412647b27a0ba8ef48d6cd8ef1bae1113fed.png)