A general SQL injection vulnerability exists in a query system.
Baidu search keyword: Kefa online query system
Http://www.baidu.com? Wd = Kefa online query system & ie = UTF-8
Http://cn.bing.com/search? Q = Kefa online query system & ie = UTF-8
The example is as follows:
Http://cwch.ahu.edu.cn/querynetweb/wjmm.aspx
Http: // 61.142.174.200/cwc/KFweb/wjmm. aspx
Http://gzcx.tynu.edu.cn/kfweb/wjmm.aspx
Http: // 221.5.51.228/cjb/wjmm. aspx
Http: // 210.45.92.21/wjmm. aspx
Http://www.shcdkf.com/kfweb/wjmm.aspx
Http://cwc.sxufe.edu.cn/KfWeb/wjmm.aspx
Injection exists for all three parameters. TextBox_xm, TextBox_sfz, and TextBox_yhm are TextBox_xm. For example:
Five cases:
1. http://cwch.ahu.edu.cn/querynetweb/wjmm.aspx
POST http://cwch.ahu.edu.cn/querynetweb/wjmm.aspx HTTP/1.1Host: cwch.ahu.edu.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://cwch.ahu.edu.cn/querynetweb/wjmm.aspxCookie: ASP.NET_SessionId=kwogas453javiuqbykovnhuo; K_V_D_ASP.NET_SessionId=apcookfgcoefkappdpddcafgebennhohfnninmbclohkmniaeebfinbioffiimlaicmimobhajokConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 271__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJOTM3NDU0MDU3ZGSC3oXtb6olw1bKF%2FNkUya696jmaA%3D%3D&TextBox_xm=1&TextBox_sfz=2&TextBox_yhm=3&Button_tj=%CC%E1%BD%BB&__EVENTVALIDATION=%2FwEWBgLe1OSNAwLh04iPCwLw7pu8DgKvzdH%2BCALWyuD7AgLmyryBDAiFep3lc0k5gWsZKG2GzYRWcWOE
2. http: // 61.142.174.200/cwc/KFweb/wjmm. aspx
POST /cwc/KFweb/wjmm.aspx HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://61.142.174.200/cwc/KFweb/wjmm.aspxContent-Length: 288Content-Type: application/x-www-form-urlencodedAcunetix-Aspect: enabledAcunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66cAcunetix-Aspect-Queries: filelist;aspectalertsCookie: ASP.NET_SessionId=bcyxzd45zx4qnh553bcgefq3Host: 61.142.174.200Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*Button_cz=%d6%d8%d6%c3&Button_tj=%cc%e1%bd%bb&TextBox_sfz=1&TextBox_xm=1&TextBox_yhm=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBgKGwdCsBgLh04iPCwLw7pu8DgKvzdH%2bCALWyuD7AgLmyryBDMe91X4sMkFdyUIlWmAsGYe8ZoVE&__VIEWSTATE=/wEPDwUJOTM3NDU0MDU3ZGR5P7UyiNMYg8NlcpcpuRkEaUl1Ow%3d%3d
3. http://gzcx.tynu.edu.cn/kfweb/wjmm.aspx
POST /kfweb/wjmm.aspx HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://gzcx.tynu.edu.cn/kfweb/wjmm.aspxContent-Length: 290Content-Type: application/x-www-form-urlencodedAcunetix-Aspect: enabledAcunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66cAcunetix-Aspect-Queries: filelist;aspectalertsCookie: ASP.NET_SessionId=oc5kwrnykdrfdn55pcd21055Host: gzcx.tynu.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*Button_cz=%d6%d8%d6%c3&Button_tj=%cc%e1%bd%bb&TextBox_sfz=1&TextBox_xm=1&TextBox_yhm=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBgLq2MbEBQLh04iPCwLw7pu8DgKvzdH%2bCALWyuD7AgLmyryBDKp3r77uz2yPpfcNFXI3isVTKLNP&__VIEWSTATE=/wEPDwUJOTM3NDU0MDU3ZGQNe1wC%2b6bTd4MUAkQIuJzkQdgMhA%3d%3d
4. http: // 221.5.51.228/cjb/wjmm. aspx
POST /cjb/wjmm.aspx HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://221.5.51.228/cjb/wjmm.aspxContent-Length: 290Content-Type: application/x-www-form-urlencodedAcunetix-Aspect: enabledAcunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66cAcunetix-Aspect-Queries: filelist;aspectalertsCookie: ASP.NET_SessionId=xieqrheghgjoar45r2aopx55Host: 221.5.51.228Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*Button_cz=%d6%d8%d6%c3&Button_tj=%cc%e1%bd%bb&TextBox_sfz=1&TextBox_xm=1&TextBox_yhm=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBgKOlbTNBwLh04iPCwLw7pu8DgKvzdH%2bCALWyuD7AgLmyryBDKO%2bODdAQ/uALsU7wCu1bAkKwmz9&__VIEWSTATE=/wEPDwUJOTM3NDU0MDU3ZGTnp9oFQuKltgpOexX2KbOSio0VVA%3d%3d
5. http: // 210.45.92.21/wjmm. aspx
POST /wjmm.aspx HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://210.45.92.21/wjmm.aspxContent-Length: 288Content-Type: application/x-www-form-urlencodedAcunetix-Aspect: enabledAcunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66cAcunetix-Aspect-Queries: filelist;aspectalertsCookie: ASP.NET_SessionId=2eqrjqf3vxptkry1o0az42euHost: 210.45.92.21Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*Button_cz=%d6%d8%d6%c3&Button_tj=%cc%e1%bd%bb&TextBox_sfz=1&TextBox_xm=1&TextBox_yhm=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBgLLqZWEBQLh04iPCwLw7pu8DgKvzdH%2bCALWyuD7AgLmyryBDPT5vIGXydiQUva6RJDvOuVPqXt9&__VIEWSTATE=/wEPDwUJOTM3NDU0MDU3ZGQhkZHE52jodq4/B9xIgUnfTQQs9A%3d%3d
Filter
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
