News Document Title:
====================
Remote SQL Vulnerabilities patched in CN Government Programs


Release Date:
=============
2014-10-08


Laboratory Article:
===================
In the last year we reported several (25) remote sql injection vulnerabilities to the chinese government during an exchange partnership with the cnnvd.
The issues has not been actively captured by the researchers and came up during different analysis of provided information to the vulnerability laboratory.
The following domains was vulnerable to sql injection attacks. Since the last year the websites patched all the issues. It took a long time for every 
involved instance to interact but we was successful on exchange. Thanks also to the CNCERT team for coordination. 


http://tumen.ybga.gov.cn/list.php?l=[SQL-INJECTION VULNERABILITY!]&amp;page=0
http://www.glqdj.gov.cn/news_detail.php?id=1095[SQL-INJECTION VULNERABILITY!]
http://cg.gsxzf.gov.cn/[SQL-INJECTION VULNERABILITY!]
http://www.szhpfpc.gov.cn:8080/wsj/news/18430.htm[SQL-INJECTION VULNERABILITY!]
http://www.jssports.gov.cn/webos/guestbook/mrxh.jsp?id=%E8%82%96%E9%92%A6[SQL-INJECTION VULNERABILITY!]
www.qnwqdj.gov.cn/index.php?c=specart&amp;a=list&amp;page=1&amp;specid=&#039;[SQL-INJECTION VULNERABILITY!]
http://www.zxws.gov.cn/myweb/main/[SQL-INJECTION VULNERABILITY!]
http://www.hdfte.gov.cn/topic.php[SQL-INJECTION VULNERABILITY!]
http://www.nanchong.gov.cn/ldzc1.php?t=1%27[SQL-INJECTION VULNERABILITY!]&amp;id=38128[SQL-INJECTION VULNERABILITY!]&amp;hd=1
http://rsj.longjing.gov.cn/user/index.xhtml?menu_id=&amp;mode=view_list&amp;page=&amp;is_top=0[SQL-INJECTION VULNERABILITY!]
www.zxws.gov.cn/myweb/main/?id=41[SQL-INJECTION VULNERABILITY!]
http://www.rzsq.gov.cn/historylist.php?id=&amp;Month=&amp;Day=[SQL-INJECTION VULNERABILITY!]
http://www.longjing.gov.cn/user/index.xhtml?menu_id=269&amp;mode=view_content&amp;news_content_id=3809[SQL-INJECTION VULNERABILITY!]&amp;page=1&amp;is_top=0[SQL-INJECTION VULNERABILITY!]
www.nmca.gov.cn/web/xt.php?lmid=6&amp;page=0[SQL-INJECTION VULNERABILITY!]
http://www.cckc.gov.cn/cckc/jjj/news_view.php?id=11&#039;[SQL-INJECTION VULNERABILITY!]
www.zhenyuan.gov.cn/show.php?contentid=1228[SQL-INJECTION VULNERABILITY!]
http://www.nbast.gov.cn/1120/tools/institute/infolist_out.php?cid=3[SQL-INJECTION VULNERABILITY!]&amp;nid=76[SQL-INJECTION VULNERABILITY!]
http://www.gzx.gov.cn/index/lxfm.php
http://www.tchjbh.gov.cn/news_display.php?id=&quot;&#039;&gt;&lt;hr&gt;[SQL-INJECTION VULNERABILITY!]
http://www.sh-notary.gov.cn/law/statute_in.php[SQL-INJECTION VULNERABILITY!]
http://www.xsyc.gov.cn/search.php[SQL-INJECTION VULNERABILITY!]
http://www.xxwhj.gov.cn/textinfo.php?tl_id=3d[SQL-INJECTION VULNERABILITY!]
http://www.smetjjx.gov.cn/sub.jsp[SQL-INJECTION VULNERABILITY!]
http://www.hanchuan.gov.cn/jeecms/msg_index_look.do?id_del=%27[SQL-INJECTION VULNERABILITY!]
http://admin.zjcx.gov.cn/AdminCP/UserFiles/File/1default.jsp?sort=1&amp;dir=C%3A%5C[DT]&[SQL-INJECTION VULNERABILITY!]