当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0102580

漏洞标题:某财务系统通用SQL注入漏洞

相关厂商:上海财大科技发展公司

漏洞作者: 路人甲

提交时间:2015-03-20 18:08

修复时间:2015-06-23 12:00

公开时间:2015-06-23 12:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:12

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-20: 细节已通知厂商并且等待厂商处理中
2015-03-25: 厂商已经确认,细节仅向厂商公开
2015-03-28: 细节向第三方安全合作伙伴开放
2015-05-19: 细节向核心白帽子及相关领域专家公开
2015-05-29: 细节向普通白帽子公开
2015-06-08: 细节向实习白帽子公开
2015-06-23: 细节向公众公开

简要描述:

某财务系统通用SQL注入漏洞

详细说明:

系统名称:财务信息综合查询系统
关键字:科发网上查询系统
漏洞成因:越权导致的SQL注入漏洞
漏洞位置:admin/GenerateRegUser.aspx中检索模块
可注入参数:TabContainer1$TabPanel1$txtQueryGh
部分测试案例:
http://61.142.174.200/cwc/KFweb/admin/GenerateRegUser.aspx
http://gzcx.tynu.edu.cn/KFweb/admin/GenerateRegUser.aspx
http://210.45.92.21/admin/GenerateRegUser.aspx
http://cwc.sxufe.edu.cn/KFweb/admin/GenerateRegUser.aspx
http://www.shcdkf.com/kfweb/admin/GenerateRegUser.aspx
http://221.5.51.228/cjb/admin/GenerateRegUser.aspx
http://cwch.ahu.edu.cn/querynetweb/admin/GenerateRegUser.aspx
http://www.cqvie.com/xfcxsq/admin/GenerateRegUser.aspx
http://59.72.128.44/KfWeb/admin/GenerateRegUser.aspx
http://cycwc.gzife.edu.cn/kefa/admin/GenerateRegUser.aspx
等等
漏洞验证:
以http://61.142.174.200/cwc/KFweb/admin/GenerateRegUser.aspx为例:

1.png


数据包:

POST /cwc/KFweb/admin/GenerateRegUser.aspx HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: http://61.142.174.200/cwc/KFweb/admin/GenerateRegUser.aspx
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Content-Length: 12071
DNT: 1
Host: 61.142.174.200
Pragma: no-cache
Cookie: ASP.NET_SessionId=qyplnqv3rdsfao2x3zu22j55; ASPSESSIONIDCQASSDBD=DHLFKDFBDAIGJGBNMELCIFBM
TabContainer1_ClientState=%7B%22ActiveTabIndex%22%3A0%2C%22TabState%22%3A%5Btrue%2Ctrue%5D%7D&__EVENTTARGET=TabContainer1&__EVENTARGUMENT=activeTabChanged%3A1&__VIEWSTATE=%2FwEPDwUJNTM5NzIwODA5D2QWAgIDD2QWBAIDDw8WAh4EVGV4dAVSPHN0eWxlIHR5cGU9J3RleHQvY3NzJz48IS0tLmFqYXhfX3RhYl94cCAuYWpheF9fdGFiX3RhYiB7aGVpZ2h0OiAyMXB4O30tLT48L3N0eWxlPmRkAgUPZBYEZg9kFgICAQ9kFgICBw88KwANAQAPFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCzwRkFgJmD2QWGmYPZBYCAg4PDxYCHgdWaXNpYmxlaGRkAgEPZBYeZg9kFgQCAQ8PFgIeD0NvbW1hbmRBcmd1bWVudAUkNWJmNTVlNzYtMWFmMy00NGI3LTg2OTktMzljM2VhYmVjYTIwZGQCAw8PFgQeDU9uQ2xpZW50Q2xpY2sFOXJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTjgJDnhormmZPkupHjgJHkurrlkZjlkJfvvJ8nKR8EBSQ1YmY1NWU3Ni0xYWYzLTQ0YjctODY5OS0zOWMzZWFiZWNhMjBkZAIBDw8WAh8ABQYxMTAwMDFkZAICDw8WAh8ABQnnhormmZPkupFkZAIDDw8WAh8ABRIzNjAxMDMxOTU2MDkyNjM0MjVkZAIEDw8WAh8ABSLpmaLnuqfpooblr7wgICAgICAgICAgICAgICAgICAgICAgZGQCBQ9kFgJmDxAPFgQfAGUeB0NoZWNrZWRnZGRkZAIGD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBw9kFgJmDxAPFgQfAGUfBmhkZGRkAggPZBYCZg8QDxYEHwBlHwZnZGRkZAIJD2QWAmYPEA8WBB8AZR8GaGRkZGQCCg9kFgJmDxAPFgQfAGUfBmdkZGRkAgsPZBYCZg8QDxYEHwBlHwZoZGRkZAIMD2QWAmYPEA8WBB8AZR8GaGRkZGQCDQ9kFgJmDxAPFgQfAGUfBmhkZGRkAg4PDxYEHwAFJDViZjU1ZTc2LTFhZjMtNDRiNy04Njk5LTM5YzNlYWJlY2EyMB8DaGRkAgIPZBYeZg9kFgQCAQ8PFgIfBAUkZTE1OWRkYzAtZjVhZC00MjZlLWE5NjQtMDBhMzg5YWU2NGQ5ZGQCAw8PFgQfBQU2cmV0dXJuIGNvbmZpcm0oJ%2BehruiupOWIoOmZpOOAkOiDoeWImuOAkeS6uuWRmOWQl%2B%2B8nycpHwQFJGUxNTlkZGMwLWY1YWQtNDI2ZS1hOTY0LTAwYTM4OWFlNjRkOWRkAgEPDxYCHwAFBjExMDAwMmRkAgIPDxYCHwAFBuiDoeWImmRkAgMPDxYCHwAFEjIzMDEwMzE5NjQxMjE1MzI5NWRkAgQPDxYCHwAFIumZoue6p%2BmihuWvvCAgICAgICAgICAgICAgICAgICAgICBkZAIFD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBg9kFgJmDxAPFgQfAGUfBmdkZGRkAgcPZBYCZg8QDxYEHwBlHwZoZGRkZAIID2QWAmYPEA8WBB8AZR8GZ2RkZGQCCQ9kFgJmDxAPFgQfAGUfBmhkZGRkAgoPZBYCZg8QDxYEHwBlHwZnZGRkZAILD2QWAmYPEA8WBB8AZR8GaGRkZGQCDA9kFgJmDxAPFgQfAGUfBmhkZGRkAg0PZBYCZg8QDxYEHwBlHwZoZGRkZAIODw8WBB8ABSRlMTU5ZGRjMC1mNWFkLTQyNmUtYTk2NC0wMGEzODlhZTY0ZDkfA2hkZAIDD2QWHmYPZBYEAgEPDxYCHwQFJDc1YzFhMDU4LWE5NWEtNDRmOS1hN2RlLTExMTU1ZDQ2YTk5M2RkAgMPDxYEHwUFOXJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTjgJDlj7bpo57mnb7jgJHkurrlkZjlkJfvvJ8nKR8EBSQ3NWMxYTA1OC1hOTVhLTQ0ZjktYTdkZS0xMTE1NWQ0NmE5OTNkZAIBDw8WAh8ABQYxMTAwMDNkZAICDw8WAh8ABQnlj7bpo57mnb5kZAIDDw8WAh8ABRI0NDAxMDQxOTYyMTEyNzA3MTRkZAIEDw8WAh8ABSLpmaLnuqfpooblr7wgICAgICAgICAgICAgICAgICAgICAgZGQCBQ9kFgJmDxAPFgQfAGUfBmdkZGRkAgYPZBYCZg8QDxYEHwBlHwZnZGRkZAIHD2QWAmYPEA8WBB8AZR8GaGRkZGQCCA9kFgJmDxAPFgQfAGUfBmdkZGRkAgkPZBYCZg8QDxYEHwBlHwZoZGRkZAIKD2QWAmYPEA8WBB8AZR8GZ2RkZGQCCw9kFgJmDxAPFgQfAGUfBmhkZGRkAgwPZBYCZg8QDxYEHwBlHwZoZGRkZAIND2QWAmYPEA8WBB8AZR8GaGRkZGQCDg8PFgQfAAUkNzVjMWEwNTgtYTk1YS00NGY5LWE3ZGUtMTExNTVkNDZhOTkzHwNoZGQCBA9kFh5mD2QWBAIBDw8WAh8EBSQ5NWJiNzljOC1jYmE4LTRkNDctODgxNC1lNDdmNzVmYjI0YjVkZAIDDw8WBB8FBTlyZXR1cm4gY29uZmlybSgn56Gu6K6k5Yig6Zmk44CQ6ams5YW05bu644CR5Lq65ZGY5ZCX77yfJykfBAUkOTViYjc5YzgtY2JhOC00ZDQ3LTg4MTQtZTQ3Zjc1ZmIyNGI1ZGQCAQ8PFgIfAAUGMTEwMDA0ZGQCAg8PFgIfAAUJ6ams5YW05bu6ZGQCAw8PFgIfAAUSMTQyNDAxMTk2MTA0MDYyNzE1ZGQCBA8PFgIfAAUi6Zmi57qn6aKG5a%2B8ICAgICAgICAgICAgICAgICAgICAgIGRkAgUPZBYCZg8QDxYEHwBlHwZnZGRkZAIGD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBw9kFgJmDxAPFgQfAGUfBmhkZGRkAggPZBYCZg8QDxYEHwBlHwZnZGRkZAIJD2QWAmYPEA8WBB8AZR8GaGRkZGQCCg9kFgJmDxAPFgQfAGUfBmdkZGRkAgsPZBYCZg8QDxYEHwBlHwZoZGRkZAIMD2QWAmYPEA8WBB8AZR8GaGRkZGQCDQ9kFgJmDxAPFgQfAGUfBmhkZGRkAg4PDxYEHwAFJDk1YmI3OWM4LWNiYTgtNGQ0Ny04ODE0LWU0N2Y3NWZiMjRiNR8DaGRkAgUPZBYeZg9kFgQCAQ8PFgIfBAUkYjZlNDFjZWYtZDVlMy00NGIyLTg5NGYtNDkyMDRhNDRjZTFjZGQCAw8PFgQfBQU5cmV0dXJuIGNvbmZpcm0oJ%2BehruiupOWIoOmZpOOAkOm7hOW%2Fl%2BS4muOAkeS6uuWRmOWQl%2B%2B8nycpHwQFJGI2ZTQxY2VmLWQ1ZTMtNDRiMi04OTRmLTQ5MjA0YTQ0Y2UxY2RkAgEPDxYCHwAFBjExMDAwNWRkAgIPDxYCHwAFCem7hOW%2Fl%2BS4mmRkAgMPDxYCHwAFEjQ0MDEwNjE5NjIxMDIyMTkzeGRkAgQPDxYCHwAFIumZoue6p%2BmihuWvvCAgICAgICAgICAgICAgICAgICAgICBkZAIFD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBg9kFgJmDxAPFgQfAGUfBmdkZGRkAgcPZBYCZg8QDxYEHwBlHwZoZGRkZAIID2QWAmYPEA8WBB8AZR8GZ2RkZGQCCQ9kFgJmDxAPFgQfAGUfBmhkZGRkAgoPZBYCZg8QDxYEHwBlHwZnZGRkZAILD2QWAmYPEA8WBB8AZR8GaGRkZGQCDA9kFgJmDxAPFgQfAGUfBmhkZGRkAg0PZBYCZg8QDxYEHwBlHwZoZGRkZAIODw8WBB8ABSRiNmU0MWNlZi1kNWUzLTQ0YjItODk0Zi00OTIwNGE0NGNlMWMfA2hkZAIGD2QWHmYPZBYEAgEPDxYCHwQFJGY1NmQzYzE3LTExOTAtNDA5Ni1hODRjLTBkNzZlMzhiMWYzNWRkAgMPDxYEHwUFNnJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTjgJDliJjmo67jgJHkurrlkZjlkJfvvJ8nKR8EBSRmNTZkM2MxNy0xMTkwLTQwOTYtYTg0Yy0wZDc2ZTM4YjFmMzVkZAIBDw8WAh8ABQYxMTAwMTVkZAICDw8WAh8ABQbliJjmo65kZAIDDw8WAh8ABRI0NDA2MDIxOTYyMTExODE1OTlkZAIEDw8WAh8ABSLpmaLnuqfpooblr7wgICAgICAgICAgICAgICAgICAgICAgZGQCBQ9kFgJmDxAPFgQfAGUfBmdkZGRkAgYPZBYCZg8QDxYEHwBlHwZnZGRkZAIHD2QWAmYPEA8WBB8AZR8GaGRkZGQCCA9kFgJmDxAPFgQfAGUfBmdkZGRkAgkPZBYCZg8QDxYEHwBlHwZoZGRkZAIKD2QWAmYPEA8WBB8AZR8GZ2RkZGQCCw9kFgJmDxAPFgQfAGUfBmhkZGRkAgwPZBYCZg8QDxYEHwBlHwZoZGRkZAIND2QWAmYPEA8WBB8AZR8GaGRkZGQCDg8PFgQfAAUkZjU2ZDNjMTctMTE5MC00MDk2LWE4NGMtMGQ3NmUzOGIxZjM1HwNoZGQCBw9kFh5mD2QWBAIBDw8WAh8EBSQ1MjgxZjQ1Ni1hYjIzLTQzMjgtYjVlZC02YzE4MmE1MzQwMGZkZAIDDw8WBB8FBTlyZXR1cm4gY29uZmlybSgn56Gu6K6k5Yig6Zmk44CQ5pu%2B6ZuF5Li944CR5Lq65ZGY5ZCX77yfJykfBAUkNTI4MWY0NTYtYWIyMy00MzI4LWI1ZWQtNmMxODJhNTM0MDBmZGQCAQ8PFgIfAAUGMTEwMzQ5ZGQCAg8PFgIfAAUJ5pu%2B6ZuF5Li9ZGQCAw8PFgIfAAUSNTEwMjE1MTk2MzA1MTkwNDg2ZGQCBA8PFgIfAAUi6Zmi57qn6aKG5a%2B8ICAgICAgICAgICAgICAgICAgICAgIGRkAgUPZBYCZg8QDxYEHwBlHwZnZGRkZAIGD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBw9kFgJmDxAPFgQfAGUfBmhkZGRkAggPZBYCZg8QDxYEHwBlHwZnZGRkZAIJD2QWAmYPEA8WBB8AZR8GaGRkZGQCCg9kFgJmDxAPFgQfAGUfBmdkZGRkAgsPZBYCZg8QDxYEHwBlHwZoZGRkZAIMD2QWAmYPEA8WBB8AZR8GaGRkZGQCDQ9kFgJmDxAPFgQfAGUfBmhkZGRkAg4PDxYEHwAFJDUyODFmNDU2LWFiMjMtNDMyOC1iNWVkLTZjMTgyYTUzNDAwZh8DaGRkAggPZBYeZg9kFgQCAQ8PFgIfBAUkMDliMDRjYjQtYzliMi00ZjY1LThmY2EtM2ZlNzExNDZjMWMxZGQCAw8PFgQfBQU5cmV0dXJuIGNvbmZpcm0oJ%2BehruiupOWIoOmZpOOAkOiwt%2BiBlOejiuOAkeS6uuWRmOWQl%2B%2B8nycpHwQFJDA5YjA0Y2I0LWM5YjItNGY2NS04ZmNhLTNmZTcxMTQ2YzFjMWRkAgEPDxYCHwAFBjExMDAxM2RkAgIPDxYCHwAFCeiwt%2BiBlOejimRkAgMPDxYCHwAFEjQxMjcyNTE5ODExMjI4ODIxNGRkAgQPDxYCHwAFI%2BWFmuWnlOWKnuWFrOWupCAgICAgICAgICAgICAgICAgICAgZGQCBQ9kFgJmDxAPFgQfAGUfBmdkZGRkAgYPZBYCZg8QDxYEHwBlHwZnZGRkZAIHD2QWAmYPEA8WBB8AZR8GaGRkZGQCCA9kFgJmDxAPFgQfAGUfBmdkZGRkAgkPZBYCZg8QDxYEHwBlHwZoZGRkZAIKD2QWAmYPEA8WBB8AZR8GZ2RkZGQCCw9kFgJmDxAPFgQfAGUfBmhkZGRkAgwPZBYCZg8QDxYEHwBlHwZoZGRkZAIND2QWAmYPEA8WBB8AZR8GaGRkZGQCDg8PFgQfAAUkMDliMDRjYjQtYzliMi00ZjY1LThmY2EtM2ZlNzExNDZjMWMxHwNoZGQCCQ9kFh5mD2QWBAIBDw8WAh8EBSQ4OTZjYmNlMC1hMDY3LTQ4YzQtYjJkZi1iMjlkNGFiYzMxMWNkZAIDDw8WBB8FBTlyZXR1cm4gY29uZmlybSgn56Gu6K6k5Yig6Zmk44CQ6ZmI57un5ail44CR5Lq65ZGY5ZCX77yfJykfBAUkODk2Y2JjZTAtYTA2Ny00OGM0LWIyZGYtYjI5ZDRhYmMzMTFjZGQCAQ8PFgIfAAUGMTEwMDMzZGQCAg8PFgIfAAUJ6ZmI57un5ailZGQCAw8PFgIfAAUSMjEwODAyMTk2MjAzMTgxMDQ0ZGQCBA8PFgIfAAUj5YWa5aeU5Yqe5YWs5a6kICAgICAgICAgICAgICAgICAgICBkZAIFD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBg9kFgJmDxAPFgQfAGUfBmdkZGRkAgcPZBYCZg8QDxYEHwBlHwZoZGRkZAIID2QWAmYPEA8WBB8AZR8GZ2RkZGQCCQ9kFgJmDxAPFgQfAGUfBmhkZGRkAgoPZBYCZg8QDxYEHwBlHwZnZGRkZAILD2QWAmYPEA8WBB8AZR8GaGRkZGQCDA9kFgJmDxAPFgQfAGUfBmhkZGRkAg0PZBYCZg8QDxYEHwBlHwZoZGRkZAIODw8WBB8ABSQ4OTZjYmNlMC1hMDY3LTQ4YzQtYjJkZi1iMjlkNGFiYzMxMWMfA2hkZAIKD2QWHmYPZBYEAgEPDxYCHwQFJDVjMWYwZjA2LWE4ZDYtNGFiNS1iNGZmLTY1YjU5ZTE2NTVmYWRkAgMPDxYEHwUFOXJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTjgJDotbXnu7TooaHjgJHkurrlkZjlkJfvvJ8nKR8EBSQ1YzFmMGYwNi1hOGQ2LTRhYjUtYjRmZi02NWI1OWUxNjU1ZmFkZAIBDw8WAh8ABQYxMTAwNjhkZAICDw8WAh8ABQnotbXnu7TooaFkZAIDDw8WAh8ABRI0NDA3MjIxOTc0MTIyMjM4MThkZAIEDw8WAh8ABSPlhZrlp5Tlip7lhazlrqQgICAgICAgICAgICAgICAgICAgIGRkAgUPZBYCZg8QDxYEHwBlHwZnZGRkZAIGD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBw9kFgJmDxAPFgQfAGUfBmhkZGRkAggPZBYCZg8QDxYEHwBlHwZnZGRkZAIJD2QWAmYPEA8WBB8AZR8GaGRkZGQCCg9kFgJmDxAPFgQfAGUfBmdkZGRkAgsPZBYCZg8QDxYEHwBlHwZoZGRkZAIMD2QWAmYPEA8WBB8AZR8GaGRkZGQCDQ9kFgJmDxAPFgQfAGUfBmhkZGRkAg4PDxYEHwAFJDVjMWYwZjA2LWE4ZDYtNGFiNS1iNGZmLTY1YjU5ZTE2NTVmYR8DaGRkAgsPDxYCHwNoZGQCDA9kFgJmD2QWAgIBDw8WBB4IUGFnZVNpemUCCh4LUmVjb3JkY291bnQCzwRkZAIBD2QWAgIBD2QWAgIHDzwrAA0BAA8WBB8BZx8CAh5kFgJmD2QWGAIBD2QWBmYPZBYEAgEPDxYCHwQFETAxMDAm6Zmi57qn6aKG5a%2B8ZGQCAw8PFgQfBAUEMDEwMB8FBTxyZXR1cm4gY29uZmlybSgn56Gu6K6k5Yig6Zmk6YOo6Zeo44CQ6Zmi57qn6aKG5a%2B844CR5ZCX77yfJylkZAIBDw8WAh8ABQowMTAwICAgICAgZGQCAg8PFgIfAAUi6Zmi57qn6aKG5a%2B8ICAgICAgICAgICAgICAgICAgICAgIGRkAgIPZBYGZg9kFgQCAQ8PFgIfBAUUMDEwMSblhZrlp5Tlip7lhazlrqRkZAIDDw8WBB8EBQQwMTAxHwUFP3JldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTpg6jpl6jjgJDlhZrlp5Tlip7lhazlrqTjgJHlkJfvvJ8nKWRkAgEPDxYCHwAFCjAxMDEgICAgICBkZAICDw8WAh8ABSPlhZrlp5Tlip7lhazlrqQgICAgICAgICAgICAgICAgICAgIGRkAgMPZBYGZg9kFgQCAQ8PFgIfBAUUMDEwMibpmaLplb%2Flip7lhazlrqRkZAIDDw8WBB8EBQQwMTAyHwUFP3JldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTpg6jpl6jjgJDpmaLplb%2Flip7lhazlrqTjgJHlkJfvvJ8nKWRkAgEPDxYCHwAFCjAxMDIgICAgICBkZAICDw8WAh8ABSPpmaLplb%2Flip7lhazlrqQgICAgICAgICAgICAgICAgICAgIGRkAgQPZBYGZg9kFgQCAQ8PFgIfBAUUMDEwMybnu4Tnu4fkurrkuovlpIRkZAIDDw8WBB8EBQQwMTAzHwUFP3JldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTpg6jpl6jjgJDnu4Tnu4fkurrkuovlpITjgJHlkJfvvJ8nKWRkAgEPDxYCHwAFCjAxMDMgICAgICBkZAICDw8WAh8ABSPnu4Tnu4fkurrkuovlpIQgICAgICAgICAgICAgICAgICAgIGRkAgUPZBYGZg9kFgQCAQ8PFgIfBAUOMDEwNCbmlZnliqHlpIRkZAIDDw8WBB8EBQQwMTA0HwUFOXJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTpg6jpl6jjgJDmlZnliqHlpITjgJHlkJfvvJ8nKWRkAgEPDxYCHwAFCjAxMDQgICAgICBkZAICDw8WAh8ABSHmlZnliqHlpIQgICAgICAgICAgICAgICAgICAgICAgICBkZAIGD2QWBmYPZBYEAgEPDxYCHwQFDjAxMDUm56eR56CU5aSEZGQCAw8PFgQfBAUEMDEwNR8FBTlyZXR1cm4gY29uZmlybSgn56Gu6K6k5Yig6Zmk6YOo6Zeo44CQ56eR56CU5aSE44CR5ZCX77yfJylkZAIBDw8WAh8ABQowMTA1ICAgICAgZGQCAg8PFgIfAAUh56eR56CU5aSEICAgICAgICAgICAgICAgICAgICAgICAgZGQCBw9kFgZmD2QWBAIBDw8WAh8EBQ4wMTA2JuWtpueUn%2BWkhGRkAgMPDxYEHwQFBDAxMDYfBQU5cmV0dXJuIGNvbmZpcm0oJ%2BehruiupOWIoOmZpOmDqOmXqOOAkOWtpueUn%2BWkhOOAkeWQl%2B%2B8nycpZGQCAQ8PFgIfAAUKMDEwNiAgICAgIGRkAgIPDxYCHwAFIeWtpueUn%2BWkhCAgICAgICAgICAgICAgICAgICAgICAgIGRkAggPZBYGZg9kFgQCAQ8PFgIfBAULMDEwNyblm6Llp5RkZAIDDw8WBB8EBQQwMTA3HwUFNnJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTpg6jpl6jjgJDlm6Llp5TjgJHlkJfvvJ8nKWRkAgEPDxYCHwAFCjAxMDcgICAgICBkZAICDw8WAh8ABSDlm6Llp5QgICAgICAgICAgICAgICAgICAgICAgICAgIGRkAgkPZBYGZg9kFgQCAQ8PFgIfBAUOMDEwOCbotKLliqHlpIRkZAIDDw8WBB8EBQQwMTA4HwUFOXJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTpg6jpl6jjgJDotKLliqHlpITjgJHlkJfvvJ8nKWRkAgEPDxYCHwAFCjAxMDggICAgICBkZAICDw8WAh8ABSHotKLliqHlpIQgICAgICAgICAgICAgICAgICAgICAgICBkZAIKD2QWBmYPZBYEAgEPDxYCHwQFDjAxMDkm5oC75Yqh5aSEZGQCAw8PFgQfBAUEMDEwOR8FBTlyZXR1cm4gY29uZmlybSgn56Gu6K6k5Yig6Zmk6YOo6Zeo44CQ5oC75Yqh5aSE44CR5ZCX77yfJylkZAIBDw8WAh8ABQowMTA5ICAgICAgZGQCAg8PFgIfAAUh5oC75Yqh5aSEICAgICAgICAgICAgICAgICAgICAgICAgZGQCCw8PFgIfA2hkZAIMD2QWAmYPZBYCAgEPDxYEHwcCCh8IAh5kZBgEBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUNVGFiQ29udGFpbmVyMQUNVGFiQ29udGFpbmVyMQ8PZGZkBSFUYWJDb250YWluZXIxJFRhYlBhbmVsMiRHcmlkVmlldzIPPCsACQEIAgNkBSFUYWJDb250YWluZXIxJFRhYlBhbmVsMSRHcmlkVmlldzEPPCsACQEIAjxkIrOEjWnvigxTE%2BPMJ5CmHK%2BVOzI%3D&TabContainer1%24TabPanel1%24txtQueryGh=aaaaa&TabContainer1%24TabPanel1%24txtQueryXm=aaa&TabContainer1%24TabPanel1%24btQueryPerson=%B2%E9%D1%AF&TabContainer1%24TabPanel1%24GridView1%24ctl13%24AspNetPager1_input=1&TabContainer1%24TabPanel2%24GridView2%24ctl13%24AspNetPager2_input=1&__EVENTVALIDATION=%2FwEWjAEChITVlwUC47jXrgwCuYDvqQkC0OXyvQkCxZmmxgYCwpm6xgYCtaL2rAkCk4WUxQsCvb751wkCvoKB9AkCv4KB9AkCwIKB9AkCwYKB9AkCwoKB9AkCw4KB9AkCxIKB9AkCxYKB9AkCtoKB9AkCxIKRygQCwOONuw4C%2Bfq2nQkC%2Bvq2nQkC%2B%2Fq2nQkC%2FPq2nQkC%2Ffq2nQkC%2Fvq2nQkC%2F%2Fq2nQkCgPu2nQkC8fq2nQkCicCt3A8Cm43TqwICtL2aiw4Ctb2aiw4Ctr2aiw4Ct72aiw4CuL2aiw4Cub2aiw4Cur2aiw4Cu72aiw4CrL2aiw4CktHGzw8CzoX37QoCt4%2FVpwwCuI%2FVpwwCuY%2FVpwwCuo%2FVpwwCu4%2FVpwwCvI%2FVpwwCvY%2FVpwwCvo%2FVpwwCr4%2FVpwwC16nM%2Fw8CqarMtgsC8oeL0QsC84eL0QsC9IeL0QsC9YeL0QsC9oeL0QsC94eL0QsC%2BIeL0QsC%2BYeL0QsC6oeL0QsCiIzg5gMC%2FMDzbQKtyu4%2BAq7K7j4Cr8ruPgKwyu4%2BArHK7j4CssruPgKzyu4%2BArTK7j4CpcruPgKdyvqtBwKHprHaDwL42sSwCAL52sSwCAL62sSwCAL72sSwCAL82sSwCAL92sSwCAL%2B2sSwCAL%2F2sSwCALw2sSwCAL2x7bNBALqxY35BQLb07n0CwLc07n0CwLd07n0CwLe07n0CwLf07n0CwLg07n0CwLh07n0CwLi07n0CwLT07n0CwL1yce3AwLfm5aUBQKgx6TiAQKhx6TiAQKix6TiAQKjx6TiAQKkx6TiAQKlx6TiAQKmx6TiAQKnx6TiAQKYx6TiAQLOx4NXAuKUuIsGAoPAmaYFAoTAmaYFAoXAmaYFAobAmaYFAofAmaYFAojAmaYFAonAmaYFAorAmaYFAvu%2FmaYFAt7DtvYEArS9krcBAsTo6%2F8EAun5nb0CApv4j9UEAuDohMoCAsjw%2B7QIApur6LcHAu38iIAPAuqt67IOAuqh%2BqoOAqXwzqADAo%2Buh%2FYEAszykoEGAqyOq9cOAre0%2BLkCAqGplaEBAobS5NIOAs6S7ukLAt%2B04%2FgGAqnaotcBAq635vMNAvahsaAKGiTLJpflMaYop%2FBXEO%2BvtchxNHM%3D


结果验证:

1.png


3.png


数据库:

4.png


漏洞证明:

漏洞验证:
以http://61.142.174.200/cwc/KFweb/admin/GenerateRegUser.aspx为例:

1.png


数据包:

POST /cwc/KFweb/admin/GenerateRegUser.aspx HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: http://61.142.174.200/cwc/KFweb/admin/GenerateRegUser.aspx
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Content-Length: 12071
DNT: 1
Host: 61.142.174.200
Pragma: no-cache
Cookie: ASP.NET_SessionId=qyplnqv3rdsfao2x3zu22j55; ASPSESSIONIDCQASSDBD=DHLFKDFBDAIGJGBNMELCIFBM
TabContainer1_ClientState=%7B%22ActiveTabIndex%22%3A0%2C%22TabState%22%3A%5Btrue%2Ctrue%5D%7D&__EVENTTARGET=TabContainer1&__EVENTARGUMENT=activeTabChanged%3A1&__VIEWSTATE=%2FwEPDwUJNTM5NzIwODA5D2QWAgIDD2QWBAIDDw8WAh4EVGV4dAVSPHN0eWxlIHR5cGU9J3RleHQvY3NzJz48IS0tLmFqYXhfX3RhYl94cCAuYWpheF9fdGFiX3RhYiB7aGVpZ2h0OiAyMXB4O30tLT48L3N0eWxlPmRkAgUPZBYEZg9kFgICAQ9kFgICBw88KwANAQAPFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCzwRkFgJmD2QWGmYPZBYCAg4PDxYCHgdWaXNpYmxlaGRkAgEPZBYeZg9kFgQCAQ8PFgIeD0NvbW1hbmRBcmd1bWVudAUkNWJmNTVlNzYtMWFmMy00NGI3LTg2OTktMzljM2VhYmVjYTIwZGQCAw8PFgQeDU9uQ2xpZW50Q2xpY2sFOXJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTjgJDnhormmZPkupHjgJHkurrlkZjlkJfvvJ8nKR8EBSQ1YmY1NWU3Ni0xYWYzLTQ0YjctODY5OS0zOWMzZWFiZWNhMjBkZAIBDw8WAh8ABQYxMTAwMDFkZAICDw8WAh8ABQnnhormmZPkupFkZAIDDw8WAh8ABRIzNjAxMDMxOTU2MDkyNjM0MjVkZAIEDw8WAh8ABSLpmaLnuqfpooblr7wgICAgICAgICAgICAgICAgICAgICAgZGQCBQ9kFgJmDxAPFgQfAGUeB0NoZWNrZWRnZGRkZAIGD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBw9kFgJmDxAPFgQfAGUfBmhkZGRkAggPZBYCZg8QDxYEHwBlHwZnZGRkZAIJD2QWAmYPEA8WBB8AZR8GaGRkZGQCCg9kFgJmDxAPFgQfAGUfBmdkZGRkAgsPZBYCZg8QDxYEHwBlHwZoZGRkZAIMD2QWAmYPEA8WBB8AZR8GaGRkZGQCDQ9kFgJmDxAPFgQfAGUfBmhkZGRkAg4PDxYEHwAFJDViZjU1ZTc2LTFhZjMtNDRiNy04Njk5LTM5YzNlYWJlY2EyMB8DaGRkAgIPZBYeZg9kFgQCAQ8PFgIfBAUkZTE1OWRkYzAtZjVhZC00MjZlLWE5NjQtMDBhMzg5YWU2NGQ5ZGQCAw8PFgQfBQU2cmV0dXJuIGNvbmZpcm0oJ%2BehruiupOWIoOmZpOOAkOiDoeWImuOAkeS6uuWRmOWQl%2B%2B8nycpHwQFJGUxNTlkZGMwLWY1YWQtNDI2ZS1hOTY0LTAwYTM4OWFlNjRkOWRkAgEPDxYCHwAFBjExMDAwMmRkAgIPDxYCHwAFBuiDoeWImmRkAgMPDxYCHwAFEjIzMDEwMzE5NjQxMjE1MzI5NWRkAgQPDxYCHwAFIumZoue6p%2BmihuWvvCAgICAgICAgICAgICAgICAgICAgICBkZAIFD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBg9kFgJmDxAPFgQfAGUfBmdkZGRkAgcPZBYCZg8QDxYEHwBlHwZoZGRkZAIID2QWAmYPEA8WBB8AZR8GZ2RkZGQCCQ9kFgJmDxAPFgQfAGUfBmhkZGRkAgoPZBYCZg8QDxYEHwBlHwZnZGRkZAILD2QWAmYPEA8WBB8AZR8GaGRkZGQCDA9kFgJmDxAPFgQfAGUfBmhkZGRkAg0PZBYCZg8QDxYEHwBlHwZoZGRkZAIODw8WBB8ABSRlMTU5ZGRjMC1mNWFkLTQyNmUtYTk2NC0wMGEzODlhZTY0ZDkfA2hkZAIDD2QWHmYPZBYEAgEPDxYCHwQFJDc1YzFhMDU4LWE5NWEtNDRmOS1hN2RlLTExMTU1ZDQ2YTk5M2RkAgMPDxYEHwUFOXJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTjgJDlj7bpo57mnb7jgJHkurrlkZjlkJfvvJ8nKR8EBSQ3NWMxYTA1OC1hOTVhLTQ0ZjktYTdkZS0xMTE1NWQ0NmE5OTNkZAIBDw8WAh8ABQYxMTAwMDNkZAICDw8WAh8ABQnlj7bpo57mnb5kZAIDDw8WAh8ABRI0NDAxMDQxOTYyMTEyNzA3MTRkZAIEDw8WAh8ABSLpmaLnuqfpooblr7wgICAgICAgICAgICAgICAgICAgICAgZGQCBQ9kFgJmDxAPFgQfAGUfBmdkZGRkAgYPZBYCZg8QDxYEHwBlHwZnZGRkZAIHD2QWAmYPEA8WBB8AZR8GaGRkZGQCCA9kFgJmDxAPFgQfAGUfBmdkZGRkAgkPZBYCZg8QDxYEHwBlHwZoZGRkZAIKD2QWAmYPEA8WBB8AZR8GZ2RkZGQCCw9kFgJmDxAPFgQfAGUfBmhkZGRkAgwPZBYCZg8QDxYEHwBlHwZoZGRkZAIND2QWAmYPEA8WBB8AZR8GaGRkZGQCDg8PFgQfAAUkNzVjMWEwNTgtYTk1YS00NGY5LWE3ZGUtMTExNTVkNDZhOTkzHwNoZGQCBA9kFh5mD2QWBAIBDw8WAh8EBSQ5NWJiNzljOC1jYmE4LTRkNDctODgxNC1lNDdmNzVmYjI0YjVkZAIDDw8WBB8FBTlyZXR1cm4gY29uZmlybSgn56Gu6K6k5Yig6Zmk44CQ6ams5YW05bu644CR5Lq65ZGY5ZCX77yfJykfBAUkOTViYjc5YzgtY2JhOC00ZDQ3LTg4MTQtZTQ3Zjc1ZmIyNGI1ZGQCAQ8PFgIfAAUGMTEwMDA0ZGQCAg8PFgIfAAUJ6ams5YW05bu6ZGQCAw8PFgIfAAUSMTQyNDAxMTk2MTA0MDYyNzE1ZGQCBA8PFgIfAAUi6Zmi57qn6aKG5a%2B8ICAgICAgICAgICAgICAgICAgICAgIGRkAgUPZBYCZg8QDxYEHwBlHwZnZGRkZAIGD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBw9kFgJmDxAPFgQfAGUfBmhkZGRkAggPZBYCZg8QDxYEHwBlHwZnZGRkZAIJD2QWAmYPEA8WBB8AZR8GaGRkZGQCCg9kFgJmDxAPFgQfAGUfBmdkZGRkAgsPZBYCZg8QDxYEHwBlHwZoZGRkZAIMD2QWAmYPEA8WBB8AZR8GaGRkZGQCDQ9kFgJmDxAPFgQfAGUfBmhkZGRkAg4PDxYEHwAFJDk1YmI3OWM4LWNiYTgtNGQ0Ny04ODE0LWU0N2Y3NWZiMjRiNR8DaGRkAgUPZBYeZg9kFgQCAQ8PFgIfBAUkYjZlNDFjZWYtZDVlMy00NGIyLTg5NGYtNDkyMDRhNDRjZTFjZGQCAw8PFgQfBQU5cmV0dXJuIGNvbmZpcm0oJ%2BehruiupOWIoOmZpOOAkOm7hOW%2Fl%2BS4muOAkeS6uuWRmOWQl%2B%2B8nycpHwQFJGI2ZTQxY2VmLWQ1ZTMtNDRiMi04OTRmLTQ5MjA0YTQ0Y2UxY2RkAgEPDxYCHwAFBjExMDAwNWRkAgIPDxYCHwAFCem7hOW%2Fl%2BS4mmRkAgMPDxYCHwAFEjQ0MDEwNjE5NjIxMDIyMTkzeGRkAgQPDxYCHwAFIumZoue6p%2BmihuWvvCAgICAgICAgICAgICAgICAgICAgICBkZAIFD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBg9kFgJmDxAPFgQfAGUfBmdkZGRkAgcPZBYCZg8QDxYEHwBlHwZoZGRkZAIID2QWAmYPEA8WBB8AZR8GZ2RkZGQCCQ9kFgJmDxAPFgQfAGUfBmhkZGRkAgoPZBYCZg8QDxYEHwBlHwZnZGRkZAILD2QWAmYPEA8WBB8AZR8GaGRkZGQCDA9kFgJmDxAPFgQfAGUfBmhkZGRkAg0PZBYCZg8QDxYEHwBlHwZoZGRkZAIODw8WBB8ABSRiNmU0MWNlZi1kNWUzLTQ0YjItODk0Zi00OTIwNGE0NGNlMWMfA2hkZAIGD2QWHmYPZBYEAgEPDxYCHwQFJGY1NmQzYzE3LTExOTAtNDA5Ni1hODRjLTBkNzZlMzhiMWYzNWRkAgMPDxYEHwUFNnJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTjgJDliJjmo67jgJHkurrlkZjlkJfvvJ8nKR8EBSRmNTZkM2MxNy0xMTkwLTQwOTYtYTg0Yy0wZDc2ZTM4YjFmMzVkZAIBDw8WAh8ABQYxMTAwMTVkZAICDw8WAh8ABQbliJjmo65kZAIDDw8WAh8ABRI0NDA2MDIxOTYyMTExODE1OTlkZAIEDw8WAh8ABSLpmaLnuqfpooblr7wgICAgICAgICAgICAgICAgICAgICAgZGQCBQ9kFgJmDxAPFgQfAGUfBmdkZGRkAgYPZBYCZg8QDxYEHwBlHwZnZGRkZAIHD2QWAmYPEA8WBB8AZR8GaGRkZGQCCA9kFgJmDxAPFgQfAGUfBmdkZGRkAgkPZBYCZg8QDxYEHwBlHwZoZGRkZAIKD2QWAmYPEA8WBB8AZR8GZ2RkZGQCCw9kFgJmDxAPFgQfAGUfBmhkZGRkAgwPZBYCZg8QDxYEHwBlHwZoZGRkZAIND2QWAmYPEA8WBB8AZR8GaGRkZGQCDg8PFgQfAAUkZjU2ZDNjMTctMTE5MC00MDk2LWE4NGMtMGQ3NmUzOGIxZjM1HwNoZGQCBw9kFh5mD2QWBAIBDw8WAh8EBSQ1MjgxZjQ1Ni1hYjIzLTQzMjgtYjVlZC02YzE4MmE1MzQwMGZkZAIDDw8WBB8FBTlyZXR1cm4gY29uZmlybSgn56Gu6K6k5Yig6Zmk44CQ5pu%2B6ZuF5Li944CR5Lq65ZGY5ZCX77yfJykfBAUkNTI4MWY0NTYtYWIyMy00MzI4LWI1ZWQtNmMxODJhNTM0MDBmZGQCAQ8PFgIfAAUGMTEwMzQ5ZGQCAg8PFgIfAAUJ5pu%2B6ZuF5Li9ZGQCAw8PFgIfAAUSNTEwMjE1MTk2MzA1MTkwNDg2ZGQCBA8PFgIfAAUi6Zmi57qn6aKG5a%2B8ICAgICAgICAgICAgICAgICAgICAgIGRkAgUPZBYCZg8QDxYEHwBlHwZnZGRkZAIGD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBw9kFgJmDxAPFgQfAGUfBmhkZGRkAggPZBYCZg8QDxYEHwBlHwZnZGRkZAIJD2QWAmYPEA8WBB8AZR8GaGRkZGQCCg9kFgJmDxAPFgQfAGUfBmdkZGRkAgsPZBYCZg8QDxYEHwBlHwZoZGRkZAIMD2QWAmYPEA8WBB8AZR8GaGRkZGQCDQ9kFgJmDxAPFgQfAGUfBmhkZGRkAg4PDxYEHwAFJDUyODFmNDU2LWFiMjMtNDMyOC1iNWVkLTZjMTgyYTUzNDAwZh8DaGRkAggPZBYeZg9kFgQCAQ8PFgIfBAUkMDliMDRjYjQtYzliMi00ZjY1LThmY2EtM2ZlNzExNDZjMWMxZGQCAw8PFgQfBQU5cmV0dXJuIGNvbmZpcm0oJ%2BehruiupOWIoOmZpOOAkOiwt%2BiBlOejiuOAkeS6uuWRmOWQl%2B%2B8nycpHwQFJDA5YjA0Y2I0LWM5YjItNGY2NS04ZmNhLTNmZTcxMTQ2YzFjMWRkAgEPDxYCHwAFBjExMDAxM2RkAgIPDxYCHwAFCeiwt%2BiBlOejimRkAgMPDxYCHwAFEjQxMjcyNTE5ODExMjI4ODIxNGRkAgQPDxYCHwAFI%2BWFmuWnlOWKnuWFrOWupCAgICAgICAgICAgICAgICAgICAgZGQCBQ9kFgJmDxAPFgQfAGUfBmdkZGRkAgYPZBYCZg8QDxYEHwBlHwZnZGRkZAIHD2QWAmYPEA8WBB8AZR8GaGRkZGQCCA9kFgJmDxAPFgQfAGUfBmdkZGRkAgkPZBYCZg8QDxYEHwBlHwZoZGRkZAIKD2QWAmYPEA8WBB8AZR8GZ2RkZGQCCw9kFgJmDxAPFgQfAGUfBmhkZGRkAgwPZBYCZg8QDxYEHwBlHwZoZGRkZAIND2QWAmYPEA8WBB8AZR8GaGRkZGQCDg8PFgQfAAUkMDliMDRjYjQtYzliMi00ZjY1LThmY2EtM2ZlNzExNDZjMWMxHwNoZGQCCQ9kFh5mD2QWBAIBDw8WAh8EBSQ4OTZjYmNlMC1hMDY3LTQ4YzQtYjJkZi1iMjlkNGFiYzMxMWNkZAIDDw8WBB8FBTlyZXR1cm4gY29uZmlybSgn56Gu6K6k5Yig6Zmk44CQ6ZmI57un5ail44CR5Lq65ZGY5ZCX77yfJykfBAUkODk2Y2JjZTAtYTA2Ny00OGM0LWIyZGYtYjI5ZDRhYmMzMTFjZGQCAQ8PFgIfAAUGMTEwMDMzZGQCAg8PFgIfAAUJ6ZmI57un5ailZGQCAw8PFgIfAAUSMjEwODAyMTk2MjAzMTgxMDQ0ZGQCBA8PFgIfAAUj5YWa5aeU5Yqe5YWs5a6kICAgICAgICAgICAgICAgICAgICBkZAIFD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBg9kFgJmDxAPFgQfAGUfBmdkZGRkAgcPZBYCZg8QDxYEHwBlHwZoZGRkZAIID2QWAmYPEA8WBB8AZR8GZ2RkZGQCCQ9kFgJmDxAPFgQfAGUfBmhkZGRkAgoPZBYCZg8QDxYEHwBlHwZnZGRkZAILD2QWAmYPEA8WBB8AZR8GaGRkZGQCDA9kFgJmDxAPFgQfAGUfBmhkZGRkAg0PZBYCZg8QDxYEHwBlHwZoZGRkZAIODw8WBB8ABSQ4OTZjYmNlMC1hMDY3LTQ4YzQtYjJkZi1iMjlkNGFiYzMxMWMfA2hkZAIKD2QWHmYPZBYEAgEPDxYCHwQFJDVjMWYwZjA2LWE4ZDYtNGFiNS1iNGZmLTY1YjU5ZTE2NTVmYWRkAgMPDxYEHwUFOXJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTjgJDotbXnu7TooaHjgJHkurrlkZjlkJfvvJ8nKR8EBSQ1YzFmMGYwNi1hOGQ2LTRhYjUtYjRmZi02NWI1OWUxNjU1ZmFkZAIBDw8WAh8ABQYxMTAwNjhkZAICDw8WAh8ABQnotbXnu7TooaFkZAIDDw8WAh8ABRI0NDA3MjIxOTc0MTIyMjM4MThkZAIEDw8WAh8ABSPlhZrlp5Tlip7lhazlrqQgICAgICAgICAgICAgICAgICAgIGRkAgUPZBYCZg8QDxYEHwBlHwZnZGRkZAIGD2QWAmYPEA8WBB8AZR8GZ2RkZGQCBw9kFgJmDxAPFgQfAGUfBmhkZGRkAggPZBYCZg8QDxYEHwBlHwZnZGRkZAIJD2QWAmYPEA8WBB8AZR8GaGRkZGQCCg9kFgJmDxAPFgQfAGUfBmdkZGRkAgsPZBYCZg8QDxYEHwBlHwZoZGRkZAIMD2QWAmYPEA8WBB8AZR8GaGRkZGQCDQ9kFgJmDxAPFgQfAGUfBmhkZGRkAg4PDxYEHwAFJDVjMWYwZjA2LWE4ZDYtNGFiNS1iNGZmLTY1YjU5ZTE2NTVmYR8DaGRkAgsPDxYCHwNoZGQCDA9kFgJmD2QWAgIBDw8WBB4IUGFnZVNpemUCCh4LUmVjb3JkY291bnQCzwRkZAIBD2QWAgIBD2QWAgIHDzwrAA0BAA8WBB8BZx8CAh5kFgJmD2QWGAIBD2QWBmYPZBYEAgEPDxYCHwQFETAxMDAm6Zmi57qn6aKG5a%2B8ZGQCAw8PFgQfBAUEMDEwMB8FBTxyZXR1cm4gY29uZmlybSgn56Gu6K6k5Yig6Zmk6YOo6Zeo44CQ6Zmi57qn6aKG5a%2B844CR5ZCX77yfJylkZAIBDw8WAh8ABQowMTAwICAgICAgZGQCAg8PFgIfAAUi6Zmi57qn6aKG5a%2B8ICAgICAgICAgICAgICAgICAgICAgIGRkAgIPZBYGZg9kFgQCAQ8PFgIfBAUUMDEwMSblhZrlp5Tlip7lhazlrqRkZAIDDw8WBB8EBQQwMTAxHwUFP3JldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTpg6jpl6jjgJDlhZrlp5Tlip7lhazlrqTjgJHlkJfvvJ8nKWRkAgEPDxYCHwAFCjAxMDEgICAgICBkZAICDw8WAh8ABSPlhZrlp5Tlip7lhazlrqQgICAgICAgICAgICAgICAgICAgIGRkAgMPZBYGZg9kFgQCAQ8PFgIfBAUUMDEwMibpmaLplb%2Flip7lhazlrqRkZAIDDw8WBB8EBQQwMTAyHwUFP3JldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTpg6jpl6jjgJDpmaLplb%2Flip7lhazlrqTjgJHlkJfvvJ8nKWRkAgEPDxYCHwAFCjAxMDIgICAgICBkZAICDw8WAh8ABSPpmaLplb%2Flip7lhazlrqQgICAgICAgICAgICAgICAgICAgIGRkAgQPZBYGZg9kFgQCAQ8PFgIfBAUUMDEwMybnu4Tnu4fkurrkuovlpIRkZAIDDw8WBB8EBQQwMTAzHwUFP3JldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTpg6jpl6jjgJDnu4Tnu4fkurrkuovlpITjgJHlkJfvvJ8nKWRkAgEPDxYCHwAFCjAxMDMgICAgICBkZAICDw8WAh8ABSPnu4Tnu4fkurrkuovlpIQgICAgICAgICAgICAgICAgICAgIGRkAgUPZBYGZg9kFgQCAQ8PFgIfBAUOMDEwNCbmlZnliqHlpIRkZAIDDw8WBB8EBQQwMTA0HwUFOXJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTpg6jpl6jjgJDmlZnliqHlpITjgJHlkJfvvJ8nKWRkAgEPDxYCHwAFCjAxMDQgICAgICBkZAICDw8WAh8ABSHmlZnliqHlpIQgICAgICAgICAgICAgICAgICAgICAgICBkZAIGD2QWBmYPZBYEAgEPDxYCHwQFDjAxMDUm56eR56CU5aSEZGQCAw8PFgQfBAUEMDEwNR8FBTlyZXR1cm4gY29uZmlybSgn56Gu6K6k5Yig6Zmk6YOo6Zeo44CQ56eR56CU5aSE44CR5ZCX77yfJylkZAIBDw8WAh8ABQowMTA1ICAgICAgZGQCAg8PFgIfAAUh56eR56CU5aSEICAgICAgICAgICAgICAgICAgICAgICAgZGQCBw9kFgZmD2QWBAIBDw8WAh8EBQ4wMTA2JuWtpueUn%2BWkhGRkAgMPDxYEHwQFBDAxMDYfBQU5cmV0dXJuIGNvbmZpcm0oJ%2BehruiupOWIoOmZpOmDqOmXqOOAkOWtpueUn%2BWkhOOAkeWQl%2B%2B8nycpZGQCAQ8PFgIfAAUKMDEwNiAgICAgIGRkAgIPDxYCHwAFIeWtpueUn%2BWkhCAgICAgICAgICAgICAgICAgICAgICAgIGRkAggPZBYGZg9kFgQCAQ8PFgIfBAULMDEwNyblm6Llp5RkZAIDDw8WBB8EBQQwMTA3HwUFNnJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTpg6jpl6jjgJDlm6Llp5TjgJHlkJfvvJ8nKWRkAgEPDxYCHwAFCjAxMDcgICAgICBkZAICDw8WAh8ABSDlm6Llp5QgICAgICAgICAgICAgICAgICAgICAgICAgIGRkAgkPZBYGZg9kFgQCAQ8PFgIfBAUOMDEwOCbotKLliqHlpIRkZAIDDw8WBB8EBQQwMTA4HwUFOXJldHVybiBjb25maXJtKCfnoa7orqTliKDpmaTpg6jpl6jjgJDotKLliqHlpITjgJHlkJfvvJ8nKWRkAgEPDxYCHwAFCjAxMDggICAgICBkZAICDw8WAh8ABSHotKLliqHlpIQgICAgICAgICAgICAgICAgICAgICAgICBkZAIKD2QWBmYPZBYEAgEPDxYCHwQFDjAxMDkm5oC75Yqh5aSEZGQCAw8PFgQfBAUEMDEwOR8FBTlyZXR1cm4gY29uZmlybSgn56Gu6K6k5Yig6Zmk6YOo6Zeo44CQ5oC75Yqh5aSE44CR5ZCX77yfJylkZAIBDw8WAh8ABQowMTA5ICAgICAgZGQCAg8PFgIfAAUh5oC75Yqh5aSEICAgICAgICAgICAgICAgICAgICAgICAgZGQCCw8PFgIfA2hkZAIMD2QWAmYPZBYCAgEPDxYEHwcCCh8IAh5kZBgEBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUNVGFiQ29udGFpbmVyMQUNVGFiQ29udGFpbmVyMQ8PZGZkBSFUYWJDb250YWluZXIxJFRhYlBhbmVsMiRHcmlkVmlldzIPPCsACQEIAgNkBSFUYWJDb250YWluZXIxJFRhYlBhbmVsMSRHcmlkVmlldzEPPCsACQEIAjxkIrOEjWnvigxTE%2BPMJ5CmHK%2BVOzI%3D&TabContainer1%24TabPanel1%24txtQueryGh=aaaaa&TabContainer1%24TabPanel1%24txtQueryXm=aaa&TabContainer1%24TabPanel1%24btQueryPerson=%B2%E9%D1%AF&TabContainer1%24TabPanel1%24GridView1%24ctl13%24AspNetPager1_input=1&TabContainer1%24TabPanel2%24GridView2%24ctl13%24AspNetPager2_input=1&__EVENTVALIDATION=%2FwEWjAEChITVlwUC47jXrgwCuYDvqQkC0OXyvQkCxZmmxgYCwpm6xgYCtaL2rAkCk4WUxQsCvb751wkCvoKB9AkCv4KB9AkCwIKB9AkCwYKB9AkCwoKB9AkCw4KB9AkCxIKB9AkCxYKB9AkCtoKB9AkCxIKRygQCwOONuw4C%2Bfq2nQkC%2Bvq2nQkC%2B%2Fq2nQkC%2FPq2nQkC%2Ffq2nQkC%2Fvq2nQkC%2F%2Fq2nQkCgPu2nQkC8fq2nQkCicCt3A8Cm43TqwICtL2aiw4Ctb2aiw4Ctr2aiw4Ct72aiw4CuL2aiw4Cub2aiw4Cur2aiw4Cu72aiw4CrL2aiw4CktHGzw8CzoX37QoCt4%2FVpwwCuI%2FVpwwCuY%2FVpwwCuo%2FVpwwCu4%2FVpwwCvI%2FVpwwCvY%2FVpwwCvo%2FVpwwCr4%2FVpwwC16nM%2Fw8CqarMtgsC8oeL0QsC84eL0QsC9IeL0QsC9YeL0QsC9oeL0QsC94eL0QsC%2BIeL0QsC%2BYeL0QsC6oeL0QsCiIzg5gMC%2FMDzbQKtyu4%2BAq7K7j4Cr8ruPgKwyu4%2BArHK7j4CssruPgKzyu4%2BArTK7j4CpcruPgKdyvqtBwKHprHaDwL42sSwCAL52sSwCAL62sSwCAL72sSwCAL82sSwCAL92sSwCAL%2B2sSwCAL%2F2sSwCALw2sSwCAL2x7bNBALqxY35BQLb07n0CwLc07n0CwLd07n0CwLe07n0CwLf07n0CwLg07n0CwLh07n0CwLi07n0CwLT07n0CwL1yce3AwLfm5aUBQKgx6TiAQKhx6TiAQKix6TiAQKjx6TiAQKkx6TiAQKlx6TiAQKmx6TiAQKnx6TiAQKYx6TiAQLOx4NXAuKUuIsGAoPAmaYFAoTAmaYFAoXAmaYFAobAmaYFAofAmaYFAojAmaYFAonAmaYFAorAmaYFAvu%2FmaYFAt7DtvYEArS9krcBAsTo6%2F8EAun5nb0CApv4j9UEAuDohMoCAsjw%2B7QIApur6LcHAu38iIAPAuqt67IOAuqh%2BqoOAqXwzqADAo%2Buh%2FYEAszykoEGAqyOq9cOAre0%2BLkCAqGplaEBAobS5NIOAs6S7ukLAt%2B04%2FgGAqnaotcBAq635vMNAvahsaAKGiTLJpflMaYop%2FBXEO%2BvtchxNHM%3D


结果验证:

1.png


3.png


数据库:

4.png


修复方案:

参数过滤

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2015-03-25 11:58

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发相关单位处置。

最新状态:

暂无


漏洞评价:

评论