日照和和网络科技有限公司开发的建站系统存在SQL注入[影响大量医院和政府站]
案例:
http://www.jxxm.gov.cn/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxywj.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxzxwsy.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxgzwsy.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxazwsy.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxbjy.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxzlyy.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxqswsy.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxsywsy.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxqsyy.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxlyjw.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxjhfzs.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxjsws.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxcywsy.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxlswsy.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
http://www.jxjbkz.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9
bigclassname参数存在注入
我们拿http://www.jxywj.com/mucc/news.asp?bigclassname=%D0%D0%D5%FE%D0%ED%BF%C9进行测试