### 简要描述: RT ### 详细说明: 吉大正元信息技术股份有限公司:http://www.jit.com.cn/ 众多政府网站都在使用该系统。 我就用5个案例来测试。 注入链接是: ``` /zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no= ``` 案例: ``` http://218.27.207.22/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://61.232.168.107/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://zwgk.wangqing.gov.cn/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://218.62.100.33:8000/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://218.62.90.168/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 ``` ### 漏洞证明: 案例一: ``` http://218.27.207.22/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 ``` [<img src="https://images.seebug.org/upload/201412/22151741cb290312092057c0f3ff4cb97c6128e8.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/22151741cb290312092057c0f3ff4cb97c6128e8.jpg) ``` ``` [<img...
### 简要描述: RT ### 详细说明: 吉大正元信息技术股份有限公司:http://www.jit.com.cn/ 众多政府网站都在使用该系统。 我就用5个案例来测试。 注入链接是: ``` /zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no= ``` 案例: ``` http://218.27.207.22/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://61.232.168.107/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://zwgk.wangqing.gov.cn/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://218.62.100.33:8000/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://218.62.90.168/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 ``` ### 漏洞证明: 案例一: ``` http://218.27.207.22/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 ``` [<img src="https://images.seebug.org/upload/201412/22151741cb290312092057c0f3ff4cb97c6128e8.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/22151741cb290312092057c0f3ff4cb97c6128e8.jpg) ``` ``` [<img src="https://images.seebug.org/upload/201412/221517537b31ff5327ec49165a733e267838fed4.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/221517537b31ff5327ec49165a733e267838fed4.jpg) ``` ``` 案例二: ``` http://61.232.168.107/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 ``` [<img src="https://images.seebug.org/upload/201412/221604262f14a732110c08aa8cee2d9eef245486.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/221604262f14a732110c08aa8cee2d9eef245486.jpg) ``` ``` 案例三: ``` http://zwgk.wangqing.gov.cn/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 ``` [<img src="https://images.seebug.org/upload/201412/221620038d6590be4e370762dde0ea9edcec3b1c.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/221620038d6590be4e370762dde0ea9edcec3b1c.jpg) ``` ``` 案例四: ``` http://218.62.100.33:8000/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 ``` [<img src="https://images.seebug.org/upload/201412/22162039aeb4332ac5e004f412718316b09f75da.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/22162039aeb4332ac5e004f412718316b09f75da.jpg) ``` ``` 案例五: ``` http://218.62.90.168/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 ``` [<img src="https://images.seebug.org/upload/201412/22162103e72f0b61c09f427acb8e151f87bdcfab.jpg" alt="06.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/22162103e72f0b61c09f427acb8e151f87bdcfab.jpg) ``` ```
