某市人民政府存在SQL注射，sa权限 | wooyun-2015-094354| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-094354

漏洞标题：某市人民政府存在SQL注射，sa权限

漏洞作者： Yang

提交时间：2015-01-28 17:46

修复时间：2015-03-14 17:48

公开时间：2015-03-14 17:48

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-01-28：细节已通知厂商并且等待厂商处理中
2015-02-02：厂商已经确认，细节仅向厂商公开
2015-02-12：细节向核心白帽子及相关领域专家公开
2015-02-22：细节向普通白帽子公开
2015-03-04：细节向实习白帽子公开
2015-03-14：细节向公众公开

简要描述：

某市人民政府存在SQL注射，sa权限

详细说明：

白城市人民政府：
http://www.bc.jl.gov.cn/channel.aspx?id=27
id参数

Database: tempdb
[2 tables]
+--------------------------------------------+
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: BaoLiCMS
[23 tables]
+--------------------------------------------+
| dtproperties                               |
| iNethinkCMS_Channel                        |
| iNethinkCMS_Channel_CustomFields           |
| iNethinkCMS_Channel_WorkFlow               |
| iNethinkCMS_Content                        |
| iNethinkCMS_Content_WorkFlow               |
| iNethinkCMS_Custom_Pages                   |
| iNethinkCMS_Custom_Tags                    |
| iNethinkCMS_Dict                           |
| iNethinkCMS_Extend_Blogroll                |
| iNethinkCMS_MP_Dial                        |
| iNethinkCMS_MP_Menu                        |
| iNethinkCMS_MP_User                        |
| iNethinkCMS_Plugs_ChatRoomMsg              |
| iNethinkCMS_Plugs_ChatRoomNews             |
| iNethinkCMS_Plugs_ChatRoomUser             |
| iNethinkCMS_Plugs_Guestbook                |
| iNethinkCMS_Special                        |
| iNethinkCMS_Upload                         |
| iNethinkCMS_User                           |
| pangolin_test_table                        |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: pubs
[14 tables]
+--------------------------------------------+
| authors                                    |
| discounts                                  |
| employee                                   |
| jobs                                       |
| pub_info                                   |
| publishers                                 |
| roysched                                   |
| sales                                      |
| stores                                     |
| sysconstraints                             |
| syssegments                                |
| titleauthor                                |
| titles                                     |
| titleview                                  |
+--------------------------------------------+
Database: master
[36 tables]
+--------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS       |
| INFORMATION_SCHEMA.COLUMNS                 |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES       |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE  |
| INFORMATION_SCHEMA.DOMAINS                 |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS      |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE        |
| INFORMATION_SCHEMA.PARAMETERS              |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS |
| INFORMATION_SCHEMA.ROUTINES                |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS         |
| INFORMATION_SCHEMA.SCHEMATA                |
| INFORMATION_SCHEMA.TABLES                  |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS       |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES        |
| INFORMATION_SCHEMA.VIEWS                   |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE       |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE        |
| MSreplication_options                      |
| spt_datatype_info                          |
| spt_datatype_info_ext                      |
| spt_fallback_db                            |
| spt_fallback_dev                           |
| spt_fallback_usg                           |
| spt_monitor                                |
| spt_provider_types                         |
| spt_server_info                            |
| spt_values                                 |
| sysconstraints                             |
| syslogins                                  |
| sysoledbusers                              |
| sysopentapes                               |
| sysremotelogins                            |
| syssegments                                |
+--------------------------------------------+
Database: msdb
[82 tables]
+--------------------------------------------+
| RTblClassDefs                              |
| RTblDBMProps                               |
| RTblDBXProps                               |
| RTblDTMProps                               |
| RTblDTSProps                               |
| RTblDatabaseVersion                        |
| RTblEQMProps                               |
| RTblEnumerationDef                         |
| RTblEnumerationValueDef                    |
| RTblGENProps                               |
| RTblIfaceDefs                              |
| RTblIfaceHier                              |
| RTblIfaceMem                               |
| RTblMDSProps                               |
| RTblNamedObj                               |
| RTblOLPProps                               |
| RTblParameterDef                           |
| RTblPropDefs                               |
| RTblProps                                  |
| RTblRelColDefs                             |
| RTblRelshipDefs                            |
| RTblRelshipProps                           |
| RTblRelships                               |
| RTblSIMProps                               |
| RTblScriptDefs                             |
| RTblSites                                  |
| RTblSumInfo                                |
| RTblTFMProps                               |
| RTblTypeInfo                               |
| RTblTypeLibs                               |
| RTblUMLProps                               |
| RTblUMXProps                               |
| RTblVersionAdminInfo                       |
| RTblVersions                               |
| RTblWorkspaceItems                         |
| backupfile                                 |
| backupmediafamily                          |
| backupmediaset                             |
| backupset                                  |
| log_shipping_databases                     |
| log_shipping_monitor                       |
| log_shipping_plan_databases                |
| log_shipping_plan_history                  |
| log_shipping_plans                         |
| log_shipping_primaries                     |
| log_shipping_secondaries                   |
| logmarkhistory                             |
| mswebtasks                                 |
| restorefile                                |
| restorefilegroup                           |
| restorehistory                             |
| sqlagent_info                              |
| sysalerts                                  |
| syscachedcredentials                       |
| syscategories                              |
| sysconstraints                             |
| sysdbmaintplan_databases                   |
| sysdbmaintplan_history                     |
| sysdbmaintplan_jobs                        |
| sysdbmaintplans                            |
| sysdownloadlist                            |
| sysdtscategories                           |
| sysdtspackagelog                           |
| sysdtspackages                             |
| sysdtssteplog                              |
| sysdtstasklog                              |
| sysjobhistory                              |
| sysjobs                                    |
| sysjobs_view                               |
| sysjobschedules                            |
| sysjobservers                              |
| sysjobsteps                                |
| sysnotifications                           |
| sysoperators                               |
| syssegments                                |
| systargetservergroupmembers                |
| systargetservergroups                      |
| systargetservers                           |
| systargetservers_view                      |
| systaskids                                 |
| systasks                                   |
| systasks_view                              |
+--------------------------------------------+
Database: model
[2 tables]
+--------------------------------------------+
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: Northwind
[31 tables]
+--------------------------------------------+
| Categories                                 |
| CustomerCustomerDemo                       |
| CustomerDemographics                       |
| Customers                                  |
| EmployeeTerritories                        |
| Employees                                  |
| Invoices                                   |
| Orders                                     |
| Products                                   |
| Region                                     |
| Shippers                                   |
| Suppliers                                  |
| Territories                                |
| Alphabetical list of products              |
| Category Sales for 1997                    |
| Current Product List                       |
| Customer and Suppliers by City             |
| Order Details Extended                     |
| Order Details                              |
| Order Subtotals                            |
| Orders Qry                                 |
| Product Sales for 1997                     |
| Products Above Average Price               |
| Products by Category                       |
| Quarterly Orders                           |
| Sales Totals by Amount                     |
| Sales by Category                          |
| Summary of Sales by Quarter                |
| Summary of Sales by Year                   |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: tempdb
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: msdb
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.RTblRelships                     | 6910    |
| dbo.RTblIfaceHier                    | 3345    |
| dbo.RTblVersionAdminInfo             | 2328    |
| dbo.RTblVersions                     | 2328    |
| dbo.RTblNamedObj                     | 2191    |
| dbo.RTblIfaceMem                     | 1186    |
| dbo.RTblPropDefs                     | 794     |
| dbo.RTblClassDefs                    | 537     |
| dbo.RTblIfaceDefs                    | 452     |
| dbo.RTblProps                        | 392     |
| dbo.RTblRelColDefs                   | 320     |
| dbo.RTblRelshipDefs                  | 144     |
| dbo.RTblParameterDef                 | 136     |
| dbo.backupfile                       | 104     |
| dbo.sysconstraints                   | 99      |
| dbo.backupset                        | 53      |
| dbo.backupmediafamily                | 52      |
| dbo.backupmediaset                   | 52      |
| dbo.RTblSites                        | 38      |
| dbo.RTblRelshipProps                 | 28      |
| dbo.sysjobhistory                    | 26      |
| dbo.syscategories                    | 19      |
| dbo.RTblTypeLibs                     | 16      |
| dbo.sysalerts                        | 9       |
| dbo.sysdtscategories                 | 3       |
| dbo.syssegments                      | 3       |
| dbo.sysdbmaintplans                  | 2       |
| dbo.RTblDatabaseVersion              | 1       |
| dbo.syscachedcredentials             | 1       |
| dbo.sysdbmaintplan_databases         | 1       |
| dbo.sysdbmaintplan_jobs              | 1       |
| dbo.sysjobs                          | 1       |
| dbo.sysjobs_view                     | 1       |
| dbo.sysjobschedules                  | 1       |
| dbo.sysjobservers                    | 1       |
| dbo.sysjobsteps                      | 1       |
| dbo.systargetservers_view            | 1       |
+--------------------------------------+---------+
Database: pubs
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.roysched                         | 86      |
| dbo.employee                         | 43      |
| dbo.sysconstraints                   | 34      |
| dbo.titleauthor                      | 25      |
| dbo.titleview                        | 25      |
| dbo.authors                          | 23      |
| dbo.sales                            | 21      |
| dbo.titles                           | 18      |
| dbo.jobs                             | 14      |
| dbo.pub_info                         | 8       |
| dbo.publishers                       | 8       |
| dbo.stores                           | 6       |
| dbo.discounts                        | 3       |
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: master
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| INFORMATION_SCHEMA.PARAMETERS        | 3584    |
| INFORMATION_SCHEMA.ROUTINES          | 1018    |
| dbo.spt_values                       | 730     |
| INFORMATION_SCHEMA.COLUMNS           | 392     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES | 379     |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE | 302     |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS   | 159     |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE  | 63      |
| dbo.spt_datatype_info                | 36      |
| INFORMATION_SCHEMA.TABLES            | 36      |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES  | 34      |
| dbo.spt_server_info                  | 29      |
| INFORMATION_SCHEMA.VIEWS             | 26      |
| dbo.spt_provider_types               | 25      |
| dbo.spt_datatype_info_ext            | 10      |
| INFORMATION_SCHEMA.SCHEMATA          | 7       |
| dbo.syssegments                      | 3       |
| dbo.MSreplication_options            | 2       |
| dbo.syslogins                        | 2       |
| dbo.spt_monitor                      | 1       |
| dbo.sysconstraints                   | 1       |
| dbo.sysoledbusers                    | 1       |
+--------------------------------------+---------+
Database: BaoLiCMS
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.iNethinkCMS_Content              | 11800   |
| dbo.iNethinkCMS_Upload               | 929     |
| dbo.iNethinkCMS_Plugs_ChatRoomMsg    | 527     |
| dbo.iNethinkCMS_Channel              | 412     |
| dbo.sysconstraints                   | 53      |
| dbo.iNethinkCMS_Plugs_ChatRoomNews   | 46      |
| dbo.iNethinkCMS_Channel_CustomFields | 10      |
| dbo.iNethinkCMS_Plugs_ChatRoomUser   | 10      |
| dbo.iNethinkCMS_Dict                 | 8       |
| dbo.iNethinkCMS_User                 | 7       |
| dbo.syssegments                      | 3       |
| dbo.iNethinkCMS_Custom_Tags          | 1       |
| dbo.iNethinkCMS_Extend_Blogroll      | 1       |
+--------------------------------------+---------+
Database: model
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: Northwind
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.[Order Details Extended]         | 2155    |
| dbo.[Order Details]                  | 2155    |
| dbo.Invoices                         | 2155    |
| dbo.[Order Subtotals]                | 830     |
| dbo.[Orders Qry]                     | 830     |
| dbo.Orders                           | 830     |
| dbo.[Summary of Sales by Quarter]    | 809     |
| dbo.[Summary of Sales by Year]       | 809     |
| dbo.[Customer and Suppliers by City] | 120     |
| dbo.Customers                        | 91      |
| dbo.[Quarterly Orders]               | 86      |
| dbo.[Product Sales for 1997]         | 77      |
| dbo.[Sales by Category]              | 77      |
| dbo.Products                         | 77      |
| dbo.[Alphabetical list of products]  | 69      |
| dbo.[Current Product List]           | 69      |
| dbo.[Products by Category]           | 69      |
| dbo.[Sales Totals by Amount]         | 66      |
| dbo.Territories                      | 53      |
| dbo.EmployeeTerritories              | 49      |
| dbo.sysconstraints                   | 43      |
| dbo.Suppliers                        | 29      |
| dbo.[Products Above Average Price]   | 25      |
| dbo.Employees                        | 9       |
| dbo.[Category Sales for 1997]        | 8       |
| dbo.Categories                       | 8       |
| dbo.Region                           | 4       |
| dbo.Shippers                         | 3       |
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+

漏洞证明：

Database: tempdb
[2 tables]
+--------------------------------------------+
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: BaoLiCMS
[23 tables]
+--------------------------------------------+
| dtproperties                               |
| iNethinkCMS_Channel                        |
| iNethinkCMS_Channel_CustomFields           |
| iNethinkCMS_Channel_WorkFlow               |
| iNethinkCMS_Content                        |
| iNethinkCMS_Content_WorkFlow               |
| iNethinkCMS_Custom_Pages                   |
| iNethinkCMS_Custom_Tags                    |
| iNethinkCMS_Dict                           |
| iNethinkCMS_Extend_Blogroll                |
| iNethinkCMS_MP_Dial                        |
| iNethinkCMS_MP_Menu                        |
| iNethinkCMS_MP_User                        |
| iNethinkCMS_Plugs_ChatRoomMsg              |
| iNethinkCMS_Plugs_ChatRoomNews             |
| iNethinkCMS_Plugs_ChatRoomUser             |
| iNethinkCMS_Plugs_Guestbook                |
| iNethinkCMS_Special                        |
| iNethinkCMS_Upload                         |
| iNethinkCMS_User                           |
| pangolin_test_table                        |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: pubs
[14 tables]
+--------------------------------------------+
| authors                                    |
| discounts                                  |
| employee                                   |
| jobs                                       |
| pub_info                                   |
| publishers                                 |
| roysched                                   |
| sales                                      |
| stores                                     |
| sysconstraints                             |
| syssegments                                |
| titleauthor                                |
| titles                                     |
| titleview                                  |
+--------------------------------------------+
Database: master
[36 tables]
+--------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS       |
| INFORMATION_SCHEMA.COLUMNS                 |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES       |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE  |
| INFORMATION_SCHEMA.DOMAINS                 |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS      |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE        |
| INFORMATION_SCHEMA.PARAMETERS              |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS |
| INFORMATION_SCHEMA.ROUTINES                |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS         |
| INFORMATION_SCHEMA.SCHEMATA                |
| INFORMATION_SCHEMA.TABLES                  |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS       |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES        |
| INFORMATION_SCHEMA.VIEWS                   |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE       |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE        |
| MSreplication_options                      |
| spt_datatype_info                          |
| spt_datatype_info_ext                      |
| spt_fallback_db                            |
| spt_fallback_dev                           |
| spt_fallback_usg                           |
| spt_monitor                                |
| spt_provider_types                         |
| spt_server_info                            |
| spt_values                                 |
| sysconstraints                             |
| syslogins                                  |
| sysoledbusers                              |
| sysopentapes                               |
| sysremotelogins                            |
| syssegments                                |
+--------------------------------------------+
Database: msdb
[82 tables]
+--------------------------------------------+
| RTblClassDefs                              |
| RTblDBMProps                               |
| RTblDBXProps                               |
| RTblDTMProps                               |
| RTblDTSProps                               |
| RTblDatabaseVersion                        |
| RTblEQMProps                               |
| RTblEnumerationDef                         |
| RTblEnumerationValueDef                    |
| RTblGENProps                               |
| RTblIfaceDefs                              |
| RTblIfaceHier                              |
| RTblIfaceMem                               |
| RTblMDSProps                               |
| RTblNamedObj                               |
| RTblOLPProps                               |
| RTblParameterDef                           |
| RTblPropDefs                               |
| RTblProps                                  |
| RTblRelColDefs                             |
| RTblRelshipDefs                            |
| RTblRelshipProps                           |
| RTblRelships                               |
| RTblSIMProps                               |
| RTblScriptDefs                             |
| RTblSites                                  |
| RTblSumInfo                                |
| RTblTFMProps                               |
| RTblTypeInfo                               |
| RTblTypeLibs                               |
| RTblUMLProps                               |
| RTblUMXProps                               |
| RTblVersionAdminInfo                       |
| RTblVersions                               |
| RTblWorkspaceItems                         |
| backupfile                                 |
| backupmediafamily                          |
| backupmediaset                             |
| backupset                                  |
| log_shipping_databases                     |
| log_shipping_monitor                       |
| log_shipping_plan_databases                |
| log_shipping_plan_history                  |
| log_shipping_plans                         |
| log_shipping_primaries                     |
| log_shipping_secondaries                   |
| logmarkhistory                             |
| mswebtasks                                 |
| restorefile                                |
| restorefilegroup                           |
| restorehistory                             |
| sqlagent_info                              |
| sysalerts                                  |
| syscachedcredentials                       |
| syscategories                              |
| sysconstraints                             |
| sysdbmaintplan_databases                   |
| sysdbmaintplan_history                     |
| sysdbmaintplan_jobs                        |
| sysdbmaintplans                            |
| sysdownloadlist                            |
| sysdtscategories                           |
| sysdtspackagelog                           |
| sysdtspackages                             |
| sysdtssteplog                              |
| sysdtstasklog                              |
| sysjobhistory                              |
| sysjobs                                    |
| sysjobs_view                               |
| sysjobschedules                            |
| sysjobservers                              |
| sysjobsteps                                |
| sysnotifications                           |
| sysoperators                               |
| syssegments                                |
| systargetservergroupmembers                |
| systargetservergroups                      |
| systargetservers                           |
| systargetservers_view                      |
| systaskids                                 |
| systasks                                   |
| systasks_view                              |
+--------------------------------------------+
Database: model
[2 tables]
+--------------------------------------------+
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: Northwind
[31 tables]
+--------------------------------------------+
| Categories                                 |
| CustomerCustomerDemo                       |
| CustomerDemographics                       |
| Customers                                  |
| EmployeeTerritories                        |
| Employees                                  |
| Invoices                                   |
| Orders                                     |
| Products                                   |
| Region                                     |
| Shippers                                   |
| Suppliers                                  |
| Territories                                |
| Alphabetical list of products              |
| Category Sales for 1997                    |
| Current Product List                       |
| Customer and Suppliers by City             |
| Order Details Extended                     |
| Order Details                              |
| Order Subtotals                            |
| Orders Qry                                 |
| Product Sales for 1997                     |
| Products Above Average Price               |
| Products by Category                       |
| Quarterly Orders                           |
| Sales Totals by Amount                     |
| Sales by Category                          |
| Summary of Sales by Quarter                |
| Summary of Sales by Year                   |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: tempdb
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: msdb
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.RTblRelships                     | 6910    |
| dbo.RTblIfaceHier                    | 3345    |
| dbo.RTblVersionAdminInfo             | 2328    |
| dbo.RTblVersions                     | 2328    |
| dbo.RTblNamedObj                     | 2191    |
| dbo.RTblIfaceMem                     | 1186    |
| dbo.RTblPropDefs                     | 794     |
| dbo.RTblClassDefs                    | 537     |
| dbo.RTblIfaceDefs                    | 452     |
| dbo.RTblProps                        | 392     |
| dbo.RTblRelColDefs                   | 320     |
| dbo.RTblRelshipDefs                  | 144     |
| dbo.RTblParameterDef                 | 136     |
| dbo.backupfile                       | 104     |
| dbo.sysconstraints                   | 99      |
| dbo.backupset                        | 53      |
| dbo.backupmediafamily                | 52      |
| dbo.backupmediaset                   | 52      |
| dbo.RTblSites                        | 38      |
| dbo.RTblRelshipProps                 | 28      |
| dbo.sysjobhistory                    | 26      |
| dbo.syscategories                    | 19      |
| dbo.RTblTypeLibs                     | 16      |
| dbo.sysalerts                        | 9       |
| dbo.sysdtscategories                 | 3       |
| dbo.syssegments                      | 3       |
| dbo.sysdbmaintplans                  | 2       |
| dbo.RTblDatabaseVersion              | 1       |
| dbo.syscachedcredentials             | 1       |
| dbo.sysdbmaintplan_databases         | 1       |
| dbo.sysdbmaintplan_jobs              | 1       |
| dbo.sysjobs                          | 1       |
| dbo.sysjobs_view                     | 1       |
| dbo.sysjobschedules                  | 1       |
| dbo.sysjobservers                    | 1       |
| dbo.sysjobsteps                      | 1       |
| dbo.systargetservers_view            | 1       |
+--------------------------------------+---------+
Database: pubs
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.roysched                         | 86      |
| dbo.employee                         | 43      |
| dbo.sysconstraints                   | 34      |
| dbo.titleauthor                      | 25      |
| dbo.titleview                        | 25      |
| dbo.authors                          | 23      |
| dbo.sales                            | 21      |
| dbo.titles                           | 18      |
| dbo.jobs                             | 14      |
| dbo.pub_info                         | 8       |
| dbo.publishers                       | 8       |
| dbo.stores                           | 6       |
| dbo.discounts                        | 3       |
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: master
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| INFORMATION_SCHEMA.PARAMETERS        | 3584    |
| INFORMATION_SCHEMA.ROUTINES          | 1018    |
| dbo.spt_values                       | 730     |
| INFORMATION_SCHEMA.COLUMNS           | 392     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES | 379     |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE | 302     |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS   | 159     |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE  | 63      |
| dbo.spt_datatype_info                | 36      |
| INFORMATION_SCHEMA.TABLES            | 36      |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES  | 34      |
| dbo.spt_server_info                  | 29      |
| INFORMATION_SCHEMA.VIEWS             | 26      |
| dbo.spt_provider_types               | 25      |
| dbo.spt_datatype_info_ext            | 10      |
| INFORMATION_SCHEMA.SCHEMATA          | 7       |
| dbo.syssegments                      | 3       |
| dbo.MSreplication_options            | 2       |
| dbo.syslogins                        | 2       |
| dbo.spt_monitor                      | 1       |
| dbo.sysconstraints                   | 1       |
| dbo.sysoledbusers                    | 1       |
+--------------------------------------+---------+
Database: BaoLiCMS
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.iNethinkCMS_Content              | 11800   |
| dbo.iNethinkCMS_Upload               | 929     |
| dbo.iNethinkCMS_Plugs_ChatRoomMsg    | 527     |
| dbo.iNethinkCMS_Channel              | 412     |
| dbo.sysconstraints                   | 53      |
| dbo.iNethinkCMS_Plugs_ChatRoomNews   | 46      |
| dbo.iNethinkCMS_Channel_CustomFields | 10      |
| dbo.iNethinkCMS_Plugs_ChatRoomUser   | 10      |
| dbo.iNethinkCMS_Dict                 | 8       |
| dbo.iNethinkCMS_User                 | 7       |
| dbo.syssegments                      | 3       |
| dbo.iNethinkCMS_Custom_Tags          | 1       |
| dbo.iNethinkCMS_Extend_Blogroll      | 1       |
+--------------------------------------+---------+
Database: model
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: Northwind
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.[Order Details Extended]         | 2155    |
| dbo.[Order Details]                  | 2155    |
| dbo.Invoices                         | 2155    |
| dbo.[Order Subtotals]                | 830     |
| dbo.[Orders Qry]                     | 830     |
| dbo.Orders                           | 830     |
| dbo.[Summary of Sales by Quarter]    | 809     |
| dbo.[Summary of Sales by Year]       | 809     |
| dbo.[Customer and Suppliers by City] | 120     |
| dbo.Customers                        | 91      |
| dbo.[Quarterly Orders]               | 86      |
| dbo.[Product Sales for 1997]         | 77      |
| dbo.[Sales by Category]              | 77      |
| dbo.Products                         | 77      |
| dbo.[Alphabetical list of products]  | 69      |
| dbo.[Current Product List]           | 69      |
| dbo.[Products by Category]           | 69      |
| dbo.[Sales Totals by Amount]         | 66      |
| dbo.Territories                      | 53      |
| dbo.EmployeeTerritories              | 49      |
| dbo.sysconstraints                   | 43      |
| dbo.Suppliers                        | 29      |
| dbo.[Products Above Average Price]   | 25      |
| dbo.Employees                        | 9       |
| dbo.[Category Sales for 1997]        | 8       |
| dbo.Categories                       | 8       |
| dbo.Region                           | 4       |
| dbo.Shippers                         | 3       |
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+

修复方案：

版权声明：转载请注明来源 Yang@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：10

确认时间：2015-02-02 08:45

厂商回复：

CNVD确认并复现所述情况,已经转由CNCERT下发给吉林分中心,由其后续协调网站管理单位处置.

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-094354

漏洞标题：某市人民政府存在SQL注射，sa权限

相关厂商：cncert国家互联网应急中心

漏洞作者： Yang

提交时间：2015-01-28 17:46

修复时间：2015-03-14 17:48

公开时间：2015-03-14 17:48

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 Yang@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-094354

漏洞标题：某市人民政府存在SQL注射，sa权限

相关厂商：cncert国家互联网应急中心

漏洞作者： Yang

提交时间：2015-01-28 17:46

修复时间：2015-03-14 17:48

公开时间：2015-03-14 17:48

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-094354"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 Yang@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：