某通用型行政大厅服务系统SQL注射

### 简要描述： 某通用型行政大厅服务系统SQL注射 ### 详细说明： 某通用型行政大厅服务系统SQL注射。 关键字搜索： 技术支持：邯郸市连邦软件发展有限公司 inurl:newsinfo.aspx?columntitle= [<img src="https://images.seebug.org/upload/201504/061900340bb1c922787e8be5215d2eb6aad5d52e.png" alt="QQ图片20150406181711.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/061900340bb1c922787e8be5215d2eb6aad5d52e.png) 案例： http://121.30.251.3:85/portal/xzsp3/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E7%AE%80%E4%BB%8B http://60.220.253.153:81/portal/xzsp_zhangzi/newsinfo.aspx?columntitle=%E5%AE%A1%E6%94%B9%E5%8A%A8%E6%80%81 http://www.gjzwzx.cn/portal/xzsp3/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E5%8A%A8%E6%80%81 http://www.hdxzwzx.com/portal/xzsp_handanxian1/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E5%8A%A8%E6%80%81 http://211.142.37.152:85/portal/xzsp3/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E5%8A%A8%E6%80%81 http://www.bdxzfw.cn/portal/xzsp/newsinfo.aspx?columntitle=%E6%96%B0%E9%97%BB%E5%8A%A8%E6%80%81 ### 漏洞证明： 注入证明： http://121.30.251.3:85/portal/xzsp3/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E7%AE%80%E4%BB%8B [<img src="https://images.seebug.org/upload/201504/06190203be8f17e0f1938ef11d8a20d3ae5eb362.png" alt="QQ图片20150406182424.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/06190203be8f17e0f1938ef11d8a20d3ae5eb362.png) [<img src="https://images.seebug.org/upload/201504/06190157b396ac10f6f2a11cb0aab49a9b5ba6b1.png" alt="QQ图片20150406182449.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/06190157b396ac10f6f2a11cb0aab49a9b5ba6b1.png)