### 简要描述:
### 详细说明:
某政府网上审批系统通用SQL注入7处打包。
7处注入案例:
http://**.**.**.**/workplate/base/org/WebUserList.aspx?id=99
http://**.**.**.**/workplate/base/org/WebUserList.aspx?id=99
http://**.**.**.**/workplate/base/org/WebUserList.aspx?id=99
http://**.**.**.**/workplate/base/org/WebUserList.aspx?id=99
http://**.**.**.**/workplate/base/org/WebUserList.aspx?id=99
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/sxlist.aspx?baseorg=214
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/sxlist.aspx?baseorg=214
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/sxlist.aspx?baseorg=214
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/sxlist.aspx?baseorg=214
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/sxlist.aspx?baseorg=214
http://**.**.**.**/workplate/xzsp/kqgl/tjfx/listBcmx2.aspx?org=159
http://**.**.**.**/workplate/xzsp/kqgl/tjfx/listBcmx2.aspx?org=159
http://**.**.**.**/workplate/xzsp/kqgl/tjfx/listBcmx2.aspx?org=159
http://**.**.**.**/workplate/xzsp/kqgl/tjfx/listBcmx2.aspx?org=159
http://**.**.**.**/workplate/xzsp/kqgl/tjfx/listBcmx2.aspx?org=159
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/dtl.aspx?id=47068
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/dtl.aspx?id=47068
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/dtl.aspx?id=47068
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/dtl.aspx?id=47068
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/dtl.aspx?id=47068
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID=382
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID=382
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID=382
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID=382
http://**.**.**.**/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID=382
http://**.**.**.**/workplate/comm/noti/mobilemsgsend.aspx
http://**.**.**.**/workplate/comm/noti/mobilemsgsend.aspx
http://**.**.**.**/workplate/comm/noti/mobilemsgsend.aspx
http://**.**.**.**/workplate/comm/noti/mobilemsgsend.aspx
http://**.**.**.**/workplate/comm/noti/mobilemsgsend.aspx
http://**.**.**.**/workplate/xzsp/tjfx/ckmx/ckmxlist.aspx
http://**.**.**.**//workplate/xzsp/tjfx/ckmx/ckmxlist.aspx
http://**.**.**.**//workplate/xzsp/tjfx/ckmx/ckmxlist.aspx
http://**.**.**.**//workplate/xzsp/tjfx/ckmx/ckmxlist.aspx
http://**.**.**.**//workplate/xzsp/tjfx/ckmx/ckmxlist.aspx
### 漏洞证明:
GET注入证明:
http://**.**.**.**/workplate/base/org/WebUserList.aspx?id=99
[<img src="https://images.seebug.org/upload/201506/25161747bf767d495f72084be3608cf79c91db72.jpg" alt="QQ图片20150625151359.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/25161747bf767d495f72084be3608cf79c91db72.jpg)
[<img src="https://images.seebug.org/upload/201506/2516175565e2d42b1d7042e55a21db11a39445c2.jpg" alt="QQ图片20150625161247.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/2516175565e2d42b1d7042e55a21db11a39445c2.jpg)
POST注入证明:
http://**.**.**.**/workplate/xzsp/tjfx/ckmx/ckmxlist.aspx
[<img src="https://images.seebug.org/upload/201506/25161807c24614e961c716ce3908bf6f72bc722d.jpg" alt="QQ图片20150625152059.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/25161807c24614e961c716ce3908bf6f72bc722d.jpg)
[<img src="https://images.seebug.org/upload/201506/2516181594de4148d6b8b2bd47b9c530ccd872d8.jpg" alt="QQ图片20150625152141.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/2516181594de4148d6b8b2bd47b9c530ccd872d8.jpg)
京公网安备 11010502034610号
暂无评论