### 简要描述: 影响案例很大,转应急中心把 ### 详细说明: 案例如下: http://117.40.186.185:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://wssp.jdz.gov.cn/outportal/transactlist/searchtransactlist.jsp?applysubject= http://xzsp.jxgc.gov.cn/outportal/transactlist/searchtransactlist.jsp?applysubject= http://117.40.187.175:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://xzsp.jxyanshan.gov.cn/outportal/transactlist/searchtransactlist.jsp?applysubject= http://www.jaspw.gov.cn/outportal/transactlist/searchtransactlist.jsp?applysubject= http://117.40.188.34:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://111.75.198.33:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://117.40.131.172:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= 1.测试注入点:http://111.75.198.33:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= [<img...
### 简要描述: 影响案例很大,转应急中心把 ### 详细说明: 案例如下: http://117.40.186.185:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://wssp.jdz.gov.cn/outportal/transactlist/searchtransactlist.jsp?applysubject= http://xzsp.jxgc.gov.cn/outportal/transactlist/searchtransactlist.jsp?applysubject= http://117.40.187.175:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://xzsp.jxyanshan.gov.cn/outportal/transactlist/searchtransactlist.jsp?applysubject= http://www.jaspw.gov.cn/outportal/transactlist/searchtransactlist.jsp?applysubject= http://117.40.188.34:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://111.75.198.33:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://117.40.131.172:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= 1.测试注入点:http://111.75.198.33:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= [<img src="https://images.seebug.org/upload/201501/10180544020cc4e0660ad153105ea8e6273b2476.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/10180544020cc4e0660ad153105ea8e6273b2476.png) 就测试一个。 ### 漏洞证明: 1.测试注入点:http://111.75.198.33:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= [<img src="https://images.seebug.org/upload/201501/10180544020cc4e0660ad153105ea8e6273b2476.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/10180544020cc4e0660ad153105ea8e6273b2476.png)
