当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0170124

漏洞标题:浙江省某市住房公积金漏洞(影响海量个人信息/涉及全市公积金信息/大量缴费信息泄露

相关厂商:cecert

漏洞作者: 路人甲

提交时间:2016-01-16 16:46

修复时间:2016-03-04 13:27

公开时间:2016-03-04 13:27

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-16: 细节已通知厂商并且等待厂商处理中
2016-01-20: 厂商已经确认,细节仅向厂商公开
2016-01-30: 细节向核心白帽子及相关领域专家公开
2016-02-09: 细节向普通白帽子公开
2016-02-19: 细节向实习白帽子公开
2016-03-04: 细节向公众公开

简要描述:

详细说明:

**.**.**.**:7001/wscx_jx 浙江省嘉兴市住房公积金查询系统,存在命令执行,通过写shell,配置数据库发现大量信息。2000W个人信息,以及公积金缴费详情。包含部分企业单位信息。
数据过大,截取部分证明危害。

漏洞证明:

1111.png

db.png

xinxi.png

xinxi1.png

xinxi2.png

xinxi3.png

xinxi4.png

xinxi5.png

xinxi6.png

xinxi7.png

xinxi8.png

xinxi9.png

<url>jdbc:oracle:thin:@**.**.**.**:1521:orcl</url>
    <driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name>
    <properties>
      <property>
        <name>user</name>
        <value>WASYS3_wscx</value>
      </property>
    </properties>
    <password-encrypted>{AES}kTFs2tmvepXR1baMxenz+OCuPU6t7hnM2m+vDiR9eGE=</password-encrypted> wasoft

数据库配置

CW_GR_PZ	15839839
CW_GR_PZ_2	13119297
GZ_GR_HBJ	10507444
GD_DK_HK	5813206
CW_GR_PZ_NCYE	2508385
CW_DW_PZ	2473269
GD_DK_HK_1	2043578
CW_GR_PZ_1	1306098
GZ_GR_TQ	1150190
GZ_GR_ZZ	950441
GZ_GR_FZ	945291
GZ_GR_ZZ_LSND	897935
CW_GR_PZ_ZXD	812851
GZ_GR_JCHD	710343
CW_GR_PZ_NCYE_3	690635
GZ_GR_HBJ_ZXD	658726
G_GRHJSJ	603643
GD_DK_HK_ZXD	464211
GZ_GR_ZZ_QIN	366026
GZ_GR_ZZ_1	365875
CW_GR_PZ_NCYE_1	353577
GZ_GR_JCHD_1	329940
CW_DW_PZ_1	289325
GD_SQ_SQR	240525
GZ_GR_ZZBG	240161
LMK_QIN	208864
S_CARD	202353
GZ_GR_TQ_1	201740
T_WA_SYS_OPTLOG	142532
CW_GR_PZ_DEL	137035
GD_SQ_JB	133238
GD_SQ_SH	133238
GD_SQ_DK	133237
GD_DK_FZZ	132493
GD_DK_ZZ	132488
GZ_GR_ZZ_ZXD	131523
GZ_GR_FZ_ZXD	131523
GD_SQ_SQR_QIN	106988
GZ_GR_HBJ_DEL	103478
CW_LOAD_PZ_MX	100416
CW_DW_PZ_ZXD	96226
GZ_GR_JCHD_QIN	92803
GZ_GR_ZZBG_1	86823
GD_SQ_SQR_1106	83151
GD_SQ_SQR_5	80680
CW_LOAD_PZ_FL	78199
CW_DW_PZ_NCYE	74331
GZ_PWD	72458
GZ_GR_ZZBG_ZXD	68940
GD_SQ_DB_1	65864
GZ_GR_TQ_ZXD	62869
GD_SQ_DK_1	59435
GD_DK_ZZ_QIN_1	58884
GD_DK_ZZ_WWJ	58660
GD_TX_HK	55088
TF	51164
11111	48431
GD_DB_DYDB	48246
LK_QIN	46233
GD_SQ_SH_5	45869
GD_SQ_SH_3	45866
GD_SQ_JB_5	45856
GD_SQ_JB_3	45853
GD_DK_ZZ_QIN	45433
GD_DK_ZZ_5	45318
GD_DK_ZZ_4	45318
GD_SQ_SH_1	45223
GD_DB_DYDB_5	38397
GD_DB_DYDB_3	38397
GD_DB_DYDB_2	38397
GD_TX_HK_YH	38319
GD_DB_DYDB_1	38119
GD_SQ_DB	36608
SMS_DXDLB	33989
GZ_DW_JCRD	31271
GD_TX_YHMX	29006
GZ_DW_JCRD_DEPT	28709
GZ_DW_JCRD_1	26880
GD_SQ_SQR_3	25191
HKDC_GR	24504
GD_SQ_SQR_ZXD	23339
HKMX	21743
HKKGJJ_QIN	20401
SYS_EXPORT_SCHEMA_26	19877
SYS_EXPORT_SCHEMA_25	19870
SYS_EXPORT_SCHEMA_28	19637
SYS_EXPORT_SCHEMA_33	19296
SYS_EXPORT_SCHEMA_30	19250
SYS_EXPORT_SCHEMA_31	19247
SYS_EXPORT_SCHEMA_29	19245
BM_A003	18402
G_DWHJSJ	17506
HKDC	17270
GZ_DW_JCRD_QIN	13142
GZZ_QIN	12974
GZ_DW_JK	12963
GZ_DW_JK_20141203	12917
GD_SQ_JB_ZXD	12908
GD_SQ_SH_ZXD	12908
GD_SQ_DK_ZXD	12908
GD_DK_ZZ_JSYH	12588
GD_DK_ZZ_ZXD	12309
GD_DK_FZZ_ZXD	12309
TMP_GD_TABLE	11878
T_MK_SYS_WF_NODELOG	11370
WEBINFO_LOG	10734
GZ_DW_MYLX	10348
GZ_TX_TS_SJFS	9346
T_MK_SYS_WF_PROCESSLOG	9188
GZ_GR_TQCL	9051
CW_DW_PZ_DEL	8866
GD_DB_DYDB_ZXD	8339
GZ_QIN	8071
GZ_DW_ZZ	7839
GD_DK_SPLC	7324
JSYH	7193
SYS_EXPORT_SCHEMA_34	7090
T_MK_SYS_WF_OPINIONLOG	6711
T_MK_SYS_WF_ROUTELOG	6711
GZ_GR_HBJ_1	6533
GD_XM_XKZ	6371
GD_XM_LD	6246
GZ_DW_WTXY	6011
BM_A003_QIN	5686
GZ_TX_ZJDZK	5648
JZNY1	5553
SYS_EXPORT_SCHEMA_32	5511
GZ_DW_JCRD_DEL	4837
GD_DK_ZZ_ZGYH	4716
GD_DK_ZZ_ZH	4711
GD_SH_YJ	4657
HBJ	4378
GZ_WD_YWRJ	4360
TMP_USERXX_TABLE	4317
GD_DK_YQ_1	4217
GD_XM_XKZ_QW	4205
T_WA_SYS_LOG_ERR	4150
GSYH	4027
GZ_DWJCRD_QIN	3908
GD_DK_ZZ_GSYH	3840
SDXY_1011	3712
CW_DW_PZ_NCYE_ZXD	3671
GD_SQ_DB_ZXD	3660
GZ_GR_JCHD_ZXD	3506
GD_DK_ZZ_PHJSYH	3461
SYS_EXPORT_SCHEMA_35	3408
SYS_EXPORT_SCHEMA_27	3380
GD_HK_TMP	2851
T_WA_SYS_BOCLOG	2762
GD_DK_ZZ_NYYH	2745
GD_SQ_SQR_1	2676
GD_DK_YH	2474
GZ_DW_JK_DEL	2405
T_MK_SYS_WF_FLOWLOG	2375
GZ_GR_ZR	2353
GZ_GR_LMK_MX	2203
GZ_DW_JCRD_ZXD	2112
GZ_DW_ZZ_ZXD	2085
BM_A003_ZXD	2074
MBWT	1925
GD_DK_BG	1889
LHH1_QIN	1871
T_MK_SYS_MODULE_ROLE	1831
HKDC_GR_4	1777
GZ_DW_WTXY_ZXD	1737
HR_YG_SJQX_YH	1737
HR_YG_SJQX_CBWD	1711
GZ_WD_TQ_MYQK	1705
SDXY	1670
ZY_QIN	1644
SDXY_QIN	1615
GZ_GR_FZ_3	1595
GZ_GR_ZZBG_3	1595
GZ_GR_ZZ_3	1595
GD_DK_ZZ_JXYH	1585
CW_KMBM	1535
SYYH_1	1519
GZ_GR_TQ_DEL	1490
BM_XTCS_CW	1368
GD_DK_ZZ_PHGSYH	1350
BM_DKTJ	1340
NYYH	1293
SDXY_1021	1203
GD_SQ_SQR_HKDC_1	1193
HKDC_GR_1	1167
GD_DK_ZZ_XZNH	1135
GD_DK_ZZ_JTYH	1131
JTYH	1127
GZ_WD_TQ_QC	1060
TMP_GD_SPQKTJCX	1048
GZ_GR_WYFXX	1043
ZGYH	988
GZ_TX_TQKHMX	946
SMS_SJHMB	932
GZ_GR_ZZBG_2	883
GZ_GR_FZ_1	883
HKDC_GR_3	841
GZ_TX_TQDZMX	801
GZ_DW_MYTJCX_SX	795
DK_QIN	787
HKDC_1	787
JXYH	747
T_MK_SYS_DICTIONARY_DATA	734
GZ_GR_FZBG	719
GD_TX_HK_YH1201	709
XZNH	679
SDXY_1041	621
GD_DK_ZZ_PHNYYH	611
GD_DK_ZZ_HZYH	602
GZ_GR_HB	598
LHH_QIN	574
GD_DK_ZZ_ZXYH	544
ZXYH	539
GD_XM_JB	539
GZ_GR_TQCL_FZ	539
ZXYH_1	528
GD_TX_DK_FF	486
GD_SQ_SQR_HKDC_GR	483
T_WA_USERXXBG_LOG	477
GD_XM_QYYH	454
T_WA_SYS_REPORT	443
BM_A093	443
GZ_GR_TQCL_DEL	436
CY_2014	421
GZ_DW_WYID_TMP	410
PR_GJJ	398
PR_GJJ_DETAIL	398
GD_DK_FF_DEL	390
GD_SQ_SQR_DEL	368
GD_XM_QYYH2014	367
GD_XM_JB_1	365
T_WA_SYS_HOLIDAY	365
GD_XM_JB_QW	363
GD_XM_LD_QW	363
SDXY_1051	360
GD_GRDKLL	335
CW_PZ_FL_DEL	320
GD_DK_ZZ_PHZGYH	319
BM_DKYWLC	315
GD_TX_HK1201	313
GD_SFDW	298
T_MK_SYS_ROLE_USER	298
GZ_DW_BG	295
GD_TX_HK_YH2014	294
BM_WYH	276
CW_KMYE	273
GD_SQ_FWMJMX	271
GZZZ_QIN	265
BM_XTCS_GZ	264
BM_D006	263
GD_SQ_SQR_HKDC_GR_1	260
NHTS	247
CW_FZHS_QCJE	243
CW_PZ_FL	243
TMP_SYS_PROCESSLOG	238
GZ_DW_JK_DZ_TMP	227
PR_GJJ_1	225
T_MK_SYS_DICTIONARY	223
GZ_GR_SYS_RJ_LOG	218
BM_ZGBM	217
GD_SQ_SC	215
GD_SFDW_QW	203
BM_XTCS_GD	192
SDXY_1081	191
BM_ZYDY_GZ	186
GZ_GR_SDDJXX	179
GD_TX_HK1203	179
GD_SQ_SQR_HKDC_GR1	176
GD_SQ_SQR_2	175
GZ_GR_TQ_QIN	172
BM_KMDY_GZ	169
GD_DK_YQ	168
JHTSHJ	157
CW_KMJB	156
LMK_QINWEI	154
BM_A097	150
TQ_QIN	145
TZ_QIN	131
GZ_GR_TZ	130
HR_YG_SJQX_GJD	130
T_MK_SYS_MENU	128
BM_XTCS_AI	128
BM_KMDY_DB	120
GZ_GR_HB_1	116
T_MK_SYS_USER	116
GD_DK_REPLOG	113
BM_XTCS_SMS	110
BM_KMDY_GD	108
GD_DK_ZZ_TMP	101
BM_DKXX	96
SMS_QYBGB	92
DKSZG	92
GZ_GR_ZR_1	91
GZ_GJD_LSND	90
TMP_GZ_TABLE	89
GD_DK_ZZ_PHZXYH	88
BM_TQCL	86
HCNS	85
GD_DK_ZZ_HCNS	85
SDXY_1121	85
BM_P015	84
GZ_NHTS	82
BM_XTCS_TEL	80
GZ_GR_TQ_QIN_1	79
T_MK_SYS_DEPT_USER	78
T_WA_SYS_USER_SCOPE	78
GD_DK_KKZHTZ	73
CW_PZ_LB	72
BM_DKZGTJ	72
CW_YD_JZ	72
GZ_GR_WYFXX_ZXD	70
GD_XM_WTYH	69
GD_DK_ZZ_ZS	69
BM_DBSFXM	66
GZHK_QIN	66
GZ_GR_ZZBG_DEL	66
CW_ND	64
GD_WD_YWRJ	60
BM_A071	60
GD_SQ_SQR_4	59
ZSYH	59
CW_PZ_ML	58
GD_DK_ZZ_PFYH	58
PDFZ	58
T_MK_SYS_USERCONFIG	57
GJJ_QIN	57
GZ_GR_HB_ZXD	56
GZ_GR_HBJ_4	56
SMS_QYXXB	54
BM_A095	54
GJJ1_QIN	53
XM	53
IM_DQCK_QIN	53
IM_DQCK	53
BM_P012	51
CW_GR_PZ1	50
GZ_GRCKLL	48
BM_C006	46
BM_G071	46
HK_QIN	44
GZ_TX_LMK_ZKMX	43
BM_XHYY	43
IM_DQCKYTMXB	42
SMS_DXGSB	42
GD_SQ_DK_QIN	42
GD_SQ_SH_QIN	42
HKK_QIN	40
ZXDK	40
GD_DK_JQ_DEL	40
GZ_WD_GJTQ_MYQK	40
GZ_DW_JCRD_TMP	38
GD_DB_DYDB_QIN	38
BM_ZJSYLX	37
GZ_GR_ZLDJXX	37
BM_DBFS	36
BM_KMBM	34
T_MK_SYS_SEQ	34
GD_TX_TQHK	34
AAAA	33
GD_SQ_JB_4	33
GD_SQ_SH_4	33
BM_ZHLX_IM	33
SDXY_1081_1	32
GD_DB_DYDB_BG	32
GZ_GR_TQWTZM	31
BM_TXJY	30
GD_DB_DYDB_4	30
BM_B031	30
BM_BGCL	30
BM_TQCLBM	28
GD_DK_HTFH	28
BM_KMDY_IM	27
HKKGJJ2_QIN	27
BM_FCYY	26
BM_DB_YWLB	25
BM_A073	25
TMP_CW_LOADPZML	25
BM_XTCS_DB	24
BM_DJYY	24
BM_D075	24
BM_DBLX_IM	24
GD_TX_HK_YH2014_1	24
CW_BBML	23
BM_HKLX_IM	22
CW_YHDZD	21
CW_YHDZ_LOAD_DZD	21
BM_GZ_CODETYPE	19
YHZH_QIN	19
T_MK_SYS_ROLE	18
BM_XGCL	18
BM_DKXMXZ	17
BM_SYS_CODETYPE	16
BM_XTCS_IM	16
BM_DYLX	16
GZ_GR_ZZBG_QC	16
BM_B012_DW	15
GZ_WD_GJTQ_QC	15
GD_WD_DK_QC	15
BM_PJLX_IM	14
BM_A073_ZXD	14
BM_P015_ZXD	14
BM_CKLX_IM	13
SMS_DXNRXSZ	12
BM_HKFS	12
BM_B012_GR	12
BM_JDYY	12
BM_D014	12
BM_FWTX	12
BM_GD_CODETYPE	12
GD_DK_ZZ_PHJTYH	12
BM_ZGZW	11
BM_SFXM	10
BM_DKBGLB	10
BM_B012_DW_JCBG	10
BM_AI_GRSJFL	10
T_MK_SYS_DEPT	9
GD_DK_FZZ_QIN	9
CY_2014_1	9
BM_SQDKZT	8
BM_TQFW	8
BM_KKYH	8
BM_G094	8
BM_A075	8
BM_TQSBYY	7
CW_YHRJZ	7
BM_G095	7
GD_DK_XXBG	7
GD_DK_BZJ_ZZ	7
BM_PJZT	6
BM_XHCL	6
BM_XHZM	6
BM_ZGXL	6
BM_DWZT	6
SMS_DXYWB	6
BM_ZGZT	6
CW_YHDZ_LOAD_RJZ	6
BM_ZJSYLX_IM	6
BM_SSQX	5
BM_YQFL	5
BM_ZGZC	5
BM_ZJLX	5
BM_GD_TWLC	5
GZ_PWD_2	5
BM_DKZT	5
BM_FWJG	5
BM_HKZT	5
BM_PJZL	4
GZ_DW_ZCKTQ	4
SMS_DSSCDXJL	4
TMP_CW_TABLE	4
BM_DQLL_IM	4
BM_A015	4
BM_CSDQ	4
GZ_TX_LMK_ZKSB	4
XYYH	4
BM_SPZT_GZ	3
BM_SRXM	3
BM_ZGHY	3
BM_DKLX	3
BM_A091	3
BM_CXLX	3
SDXY_1071	3
BM_ZYZG	3
BM_SSJD	2
BM_ZFLX	2
GZ_DW_ZCKTZ	2
BM_GZLX_IM	2
GD_DK_HK_DEL	2
BM_FWXZ	2
CW_YHDZ_INIT	2
CW_FZHS_MX	1
GZ_DW_ZCKTQ_DEL	1
GZ_GR_NDJSTZ	1
BM_JSLX	1
TMP_GD_DKEDNXCALC_A	1
CW_USER_QX	1
CW_ZTML	1
SMS_DXSJSZ	1
T_MK_APP_TASKRECORD	0
T_MK_APP_TRAIN	0
T_MK_APP_TRAIN_ACHIEVEMENT	0
T_MK_APP_VOTE	0
T_MK_APP_WORKLOG	0
T_MK_APP_WORKREPORT	0
T_MK_APP_WORKREPORT_COMMENT	0
T_MK_APP_WORKREPORT_SCOPE	0
T_MK_APP_WORKREQUEST	0
T_MK_APP_WORK_EXPERIENCE	0
T_MK_APP_WORK_OVER	0
T_MK_APP_WORK_OVER_COUNT	0
T_MK_SYS_DEPT_LEADER	0
T_MK_SYS_FILES	0
T_MK_SYS_MESSAGES	0
T_MK_SYS_PERSONNEL	0
T_MK_SYS_UPDATED	0
T_MK_SYS_USERSTATE	0
T_MK_SYS_USER_LOGIN_CS	0
T_P	0
T_WA_APP_COUNT	0
T_WA_SYS_CALLLOG	0
T_WA_SYS_DBTRACE	0
T_WA_SYS_INFO	0
T_WA_SYS_PROC_RET_CODE	0
T_WA_SYS_SIGN	0
USERS	0
WA_DICTIONARY	0
WA_TABLE1	0
WA_TABLE10	0
WA_TABLE11	0
WA_TABLE12	0
WA_TABLE13	0
WA_TABLE14	0
WA_TABLE2	0
WA_TABLE3	0
WA_TABLE4	0
WA_TABLE5	0
WA_TABLE6	0
WA_TABLE7	0
WA_TABLE8	0
WA_TABLE9	0
WEBSERVICE_CALL_INFO	0
WSP	0
WT_YE_FIX	0
XHLX	0
XL	0
XL_BJ	0
XZSYDW	0
ZGDC	0
ZGDCLSB	0
ZGYHZH	0
ZGYHZHLSB	0
ZSDC	0
ZSDCLSB	0
ZTBG	0
ZXDC	0
ZXDCLSB	0
ZZGL	0
gz_pwd	0
CW_ASF	0
SYS_EXPORT_SCHEMA_09	0
SYS_EXPORT_SCHEMA_10	0
SYS_EXPORT_SCHEMA_11	0
SYS_EXPORT_SCHEMA_12	0
SYS_EXPORT_SCHEMA_13	0
SYS_EXPORT_SCHEMA_14	0
SYS_EXPORT_SCHEMA_15	0
SYS_EXPORT_SCHEMA_16	0
SYS_EXPORT_SCHEMA_17	0
SYS_EXPORT_SCHEMA_18	0
SYS_EXPORT_SCHEMA_19	0
SYS_EXPORT_SCHEMA_20	0
SYS_EXPORT_SCHEMA_21	0
SYS_EXPORT_SCHEMA_22	0
SYS_EXPORT_SCHEMA_23	0
SYS_EXPORT_SCHEMA_24	0
TABLE_USER	0
TMP_001	0
TMP_CW_LSPZXM	0
TMP_DB_TABLE	0
TMP_GD_DKXM_TJCX	0
TMP_GD_DKXM_TJCX_MX	0
TMP_GD_DKYQMX_HZCX	0
TMP_GD_DK_DKSP_TJCX	0
TMP_GD_DK_DKXM_TJCX	0
T_MK_APP_CALENDAR_TAG	0
T_MK_APP_COMPACT	0
T_MK_APP_FAVORITE	0
T_MK_APP_FAVORITE_TAG	0
T_MK_APP_FINANCE_SUBJECT	0
T_MK_APP_FOLDER	0
T_MK_APP_FORUM	0
T_MK_APP_FORUM_CATEGORY	0
T_MK_APP_FORUM_SUBJECT	0
T_MK_APP_GD_SQ_SH	0
T_MK_APP_GZDWJCBGK	0
T_MK_APP_HASTEN	0
T_MK_APP_JTSHGX	0
T_MK_APP_KNOWLEDGE	0
T_MK_APP_KNOWLEDGE_COMMENT	0
T_MK_APP_KNOWLEDGE_TAG	0
T_MK_APP_KNOWLEDGE_TAG_BIND	0
T_MK_APP_KNOWLEDGE_VALUE	0
T_MK_APP_MAIL	0
T_MK_APP_MAIL_ACCOUNT	0
T_MK_APP_MAIL_MAPPING	0
T_MK_APP_MAIL_RULE	0
T_MK_APP_MAIL_RULE_DETAIL	0
T_MK_APP_MAIL_SIGNATURE	0
T_MK_APP_MAIL_TAG	0
T_MK_APP_MAIL_TAG_MAPPING	0
T_MK_APP_MOBILE_MSG	0
T_MK_APP_NAMECARD	0
T_MK_APP_NAMECARD_PUBLIC	0
T_MK_APP_NAMECARD_TAG	0
T_MK_APP_NOTIFY	0
T_MK_APP_OFFICEUSE_DIC	0
T_MK_APP_POLLVOTE	0
T_MK_APP_REGULATIONS	0
T_MK_APP_STUDY_EXPERIENCE	0
T_MK_APP_TASK	0
T_MK_APP_TASKCB	0
T_MK_APP_TASKFK	0
T_MK_APP_TASKMANAGE	0
GD_XZDW_DYDLGS	0
GD_XZDW_FCPG	0
GD_XZDW_GZJG	0
GD_XZDW_LSSW	0
GD_XZDW_ZJGS	0
GHDC	0
GHDCLSB	0
GPJ_GHFH	0
GRHH	0
GRZHOLD	0
GRZY	0
GSYHZH	0
GSYHZHLSB	0
GZ_DWJC_TEL	0
GZ_DW_FYQK	0
GZ_DW_HB	0
GZ_DW_HB_DEL	0
GZ_DW_JCBG	0
GZ_DW_JCBG_DEL	0
GZ_DW_JK_QC	0
GZ_DW_JZ	0
GZ_DW_JZ_LSND	0
GZ_DW_MXZ_CX_HIS	0
GZ_DW_ZZ_LSND	0
GZ_DW_ZZ_ZCK	0
GZ_GJ_MRZZ	0
GZ_GR_DCHDJE_CX	0
GZ_GR_DCHDXX	0
GZ_GR_DCHDXX_1	0
GZ_GR_DCHDXX_BG	0
GZ_GR_DCHDXX_DEL	0
GZ_GR_DCHDXX_HS	0
GZ_GR_HB_DEL	0
GZ_GR_MX_CX_YD	0
GZ_GR_NDJSTZ_BG	0
GZ_GR_SDHKXX	0
GZ_GR_SDQY	0
GZ_GR_SDWTXX	0
GZ_GR_TQCL_BG	0
SJG_LOG	0
SMS_DXDLB_BAK	0
SMS_DXZTBG	0
SMS_HMFZB	0
SMS_SJHMD	0
SMS_TMP_DXFS	0
SMS_TMP_DXTJ	0
SMS_TMP_HMDRB	0
SMS_TMP_YHKTS	0
SMS_TMP_ZGCX_PL	0
SMS_TMP_ZGSQ	0
SMS_ZGCXDXDLB	0
SXDC	0
SXDCLSB	0
SXGJJ_NEWS	0
SXYHZH	0
SXYHZHLSB	0
SYS_EXPORT_SCHEMA_01	0
SYS_EXPORT_SCHEMA_02	0
SYS_EXPORT_SCHEMA_03	0
SYS_EXPORT_SCHEMA_04	0
SYS_EXPORT_SCHEMA_05	0
SYS_EXPORT_SCHEMA_06	0
SYS_EXPORT_SCHEMA_07	0
SYS_EXPORT_SCHEMA_08	0
CW_DW_YWRJ	0
CW_FZHS_LB	0
CW_FZHS_LSQCJE	0
CW_GDZC	0
CW_GDZC_BF	0
CW_JZPZ_SZ	0
CW_JZRQ	0
CW_LOAD_PZ_MX_SFK	0
CW_MXZ_ML	0
CW_MXZ_NR	0
TMP_GD_DK_LPDKQK	0
TMP_GD_WDYQQK_HZCX	0
TMP_GJD_CHG	0
TMP_GJ_SJ_DOWNLOAD	0
TMP_GZ_DW_BGMX_CX_3	0
TMP_GZ_DW_CJ_CX	0
TMP_GZ_DW_HJ_PLDY	0
TMP_GZ_DW_JJ_HZCX	0
TMP_GZ_GJ_JXDY	0
TMP_GZ_GR_DCHDXX_CHG	0
TMP_GZ_GR_DZMX_CX_SX	0
TMP_GZ_GR_GRMX_DOWNLOAD	0
TMP_GZ_GR_INFO_CHG_PL	0
TMP_GZ_GR_INFO_CHG_ZKXX	0
TMP_GZ_GR_MX_CX_PL	0
TMP_GZ_GR_NDJSTZ_DR	0
TMP_GZ_GR_ZZ	0
TMP_GZ_YWFL_CX	0
TMP_HD	0
TMP_IM_TABLE	0
TMP_LOGERR	0
TMP_ZJ_TABLE	0
TOAD_PLAN_TABLE	0
T_MK_APP_ATTENDANCE	0
T_MK_APP_ATTENDANCE_RECORD	0
T_MK_APP_ATTENDANCE_WORKDAY	0
T_MK_APP_ATTENDANCE_WORKTIME	0
T_MK_APP_CALENDAR	0
GD_TX_YHMX_WT	0
GD_TX_YHMX_WT_20130131	0
GD_TX_YHYQMX	0
GD_TX_YHYQMX_ALL	0
GD_TX_YHYQMX_HIS	0
GD_TX_YHYQMX_LS	0
GD_WD_DK_MRQK	0
GD_WD_DK_MYQK	0
GD_WD_DK_QC_YB	0
GD_XM_BG	0
GD_XM_BG_SHYJ	0
GD_XM_FW	0
GD_XM_GYTDSYZ	0
GD_XM_JHBMLXWJ	0
GD_XM_JSGCGHXKZ	0
GD_XM_JSYDGHXKZ	0
GD_XM_JZGCSGXKZ	0
GD_XM_LP	0
GD_XM_SHYJ	0
GD_XM_SPWJ	0
GD_XM_XKZ_SHYJ	0
GD_XM_ZTH	0
GD_XZDW_BXGS	0
GD_XZDW_CSDLJG	0
GD_XZDW_DBDW	0
GD_XZDW_DBGS	0
GD_DK_YQCS	0
GD_DK_YWLC	0
GD_DK_ZZLSB	0
GD_FXLL	0
GD_KFS_DSHCY	0
GD_SFDW_SHYJ	0
GD_SQ_DBDW	0
GD_SQ_DB_SC	0
GD_SQ_GYCQR	0
GD_SQ_GZ	0
GD_SQ_GZLL	0
GD_SQ_JTCC	0
GD_SQ_JTFZ	0
GD_SQ_JTSR	0
GD_SQ_JTZC	0
GD_SQ_SQCL	0
GD_SQ_TB	0
GD_TX_DKHK_YEDZK	0
GD_TX_DKHK_YHYEK	0
BM_DKDA	0
BM_DKSPJB	0
BM_DKSPSC	0
BM_DKXTBMDY	0
BM_FZXM	0
BM_GZGMFS	0
BM_HZDW	0
BM_H_KM	0
BM_KHCL	0
BM_LSDA	0
BM_PJDYLX_IM	0
BM_PJYH	0
BM_PJZL_IM	0
BM_QFYY	0
BM_SFYH	0
BM_SFYH_YHZH	0
BM_SPWJ	0
BM_SSGX	0
BM_SSZH	0
BM_TSZT	0
BM_WLDWBMSZ_IM	0
BM_WLDW_IM	0
BM_WTDW	0
BM_YHLHH	0
BM_YH_IM	0
BM_YWZL_CW	0
BM_ZCXM	0
BM_ZGZY	0
BM_ZHSZ_IM	0
BM_ZJHB_KXXZ	0
BM_ZJHB_SPZT	0
BM_ZQGS_IM	0
BM_ZXDJ	0
BM_ZXZB	0
BM_ZXZBBZ	0
BM_ZYDY_GD	0
BM_ZZXM	0
CL_CLIENT_BASIC	0
CL_CLIENT_BASIC_TRACE	0
CW_BBDATA	0
CW_BBDATAFILE	0
CW_BB_USER	0
CW_DB_PZ	0
CW_DB_PZ_DEL	0
CW_DW_PZ_NCYE_1	0
GD_DB_DBFWF	0
GD_DB_DBFWF_DEL	0
GD_DB_DESXF	0
GD_DB_DESXF_DEL	0
GD_DB_DYDJF	0
GD_DB_DYDJF_DEL	0
GD_DB_DZF	0
GD_DB_DZF_DEL	0
GD_DB_DZWDF	0
GD_DB_DZWDF_DEL	0
GD_DB_FCPG	0
GD_DB_FF	0
GD_DB_FF_DEL	0
GD_DB_FKXX	0
GD_DB_FXLL	0
GD_DB_FXTZ	0
GD_DB_GRBZJ	0
GD_DB_GRBZJ_DEL	0
GD_DB_GRBZJ_FH	0
GD_DB_GRBZJ_FH_DEL	0
GD_DB_GRDB	0
GD_DB_GRDB_BG	0
GD_DB_HK	0
GD_DB_HK_DEL	0
GD_DB_KFSBZJ	0
GD_DB_KFSBZJ_DEL	0
GD_DB_KFSBZJ_FH	0
GD_DB_KFSBZJ_FH_DEL	0
GD_DB_PGF	0
GD_DB_PGF_DEL	0
GD_DB_SF_FH	0
GD_DB_SF_FH_DEL	0
GD_DB_SF_ZZ	0
GD_DB_SKXX	0
GD_DB_TX_DBSF	0
GD_DB_TX_YQHK	0
GD_DB_XMZLF	0
GD_DB_XMZLF_DEL	0
GD_DB_YQCS	0
GD_DB_YQHS	0
GD_DB_YQHS_DEL	0
GD_DB_YQYJ_YQMX_CX	0
GD_DB_YQ_QC	0
GD_DB_ZCBZJ	0
GD_DB_ZCBZJ_DEL	0
GD_DB_ZCBZJ_FH	0
GD_DB_ZCBZJ_FH_DEL	0
GD_DB_ZJHB	0
GD_DB_ZJHB_SHYJ	0
GD_DB_ZYDB	0
GD_DB_ZYDB_BG	0
GD_DKYQ_TEL	0
GD_DK_BG_SHYJ	0
GD_DK_BZJ_BG	0
GD_DK_BZJ_FH	0
GD_DK_BZJ_FH_SHYJ	0
GD_DK_BZJ_JX	0
GD_DK_BZJ_SZMX	0
GD_DK_BZJ_SZMX_DEL	0
GD_DK_HMD	0
GD_DK_TX_ZZ	0
GD_DK_WDTZ	0
GD_DK_YD_ZZ	0
GD_DK_YHJETZ	0
CW_PZ_YW	0
CW_PZ_YW_DEL	0
CW_PZ_ZY	0
CW_RP_INFO	0
CW_XMYE	0
CW_YHDZD_LOAD	0
CW_YHLL	0
CW_YWKM	0
CW_YWPJ	0
CW_YWPJ_CX	0
CW_YWPJ_DY	0
CW_YWPJ_MX	0
CW_YWPJ_SQ	0
CW_YWPJ_ZF	0
DCPO	0
DCZDR	0
DKGL	0
DKGLZGXX	0
DKZLLSB	0
DWREPORT	0
DWXZLSB	0
ERR_A001	0
ERR_TABLE	0
FG_BM_A003	0
FG_BM_A003_SFKZZ	0
FG_BM_A071	0
FG_BM_A073	0
FG_BM_A075	0
FG_BM_A095	0
FG_BM_C007	0
FG_BM_D006	0
FG_BM_DWZJLX	0
FG_BM_DWZT	0
FG_BM_KMDY	0
FG_BM_P012	0
FG_BM_P015	0
FG_BM_SSQX	0
FG_BM_XTCS	0
FG_BM_ZGBM	0
FG_BM_ZJLX	0
FG_BM_ZXYY	0
FG_GZLLK	0
FG_GZNDK	0
FG_GZPZK	0
FG_GZPZK_FH	0
FG_GZPZK_LSSJ	0
FG_GZZGPZK	0
FG_LOG_ERR	0
FG_TMP_JC	0
FG_TMP_TABLE	0
FG_ZJBGK	0
FG_ZJBGK_QC	0
FG_ZJBJK	0
FG_ZJDWBGK	0
FG_ZJJKK	0
FG_ZJJZK	0
FG_ZJJZK_DWMX	0
FG_ZJRDK	0
FG_ZJZQK	0
FG_ZJZYK	0
GD_113_UPDATE_E022_LOG	0
GD_DB_BZJ_YQ	0
GD_DB_BZJ_YQ_DEL	0
GD_DB_BZJ_ZZ	0
IM_GJSXF	0
IM_GZDFK	0
IM_GZFXB	0
IM_GZK	0
IM_GZPZB	0
IM_GZYTMXB	0
IM_QSHKB	0
IM_QSHKB_MX	0
IM_QSMXB	0
IM_SYXXB	0
IM_SYXXB_DQ	0
IM_SYXXB_DQSB	0
IM_SYXXB_FF	0
IM_SYXXB_FF_TJ	0
IM_SYXXB_GZ	0
IM_SYXXB_LZZF	0
IM_SYXXB_SHGLF	0
IM_SYXXB_SPYJ	0
IM_SYXXB_TBZJ	0
IM_YHRJZ	0
IM_YHZH_QCJESZ	0
IM_YWID_TMP	0
IM_YWPJ	0
IM_YWPJ_CX	0
IM_YWPJ_MX	0
IM_YWPJ_SQ	0
IM_YWPJ_YW	0
IM_YWPJ_ZF	0
IM_ZESPB	0
IM_ZESQB	0
JIANHANG	0
JTDC	0
JTDCLSB	0
JTYHZH	0
JTYHZHLSB	0
KFSZH	0
LOAN_RATE	0
MH_SESMON	0
MH_SYS_MON_NAME	0
MH_SYS_MON_STAT	0
MH_SYS_PARAM_MON_SMS	0
MH_SYS_PARAM_MON_SMS_RECV	0
MH_SYS_STAT	0
NHDC	0
NHDCLSB	0
NYYHZH	0
NYYHZHLSB	0
NYYHZHLSB1	0
OLD_CW_CZY	0
PARAMETER	0
PFYHZH	0
PFYHZHLSB	0
PFZHLSB	0
PLSQL_PROFILER_DATA	0
PLSQL_PROFILER_RUNS	0
PLSQL_PROFILER_UNITS	0
Q_GRXX	0
Q_GRXX_GZJSBGINFO	0
Q_GRXX_ZTBGINFO	0
Q_WLDW	0
Q_WTSKTZD	0
Q_WTSK_BJMX	0
REPORTLSB	0
CW_PZ_FL_1	0
AI_DC_CWZF	0
AI_DC_DKZH	0
AI_DC_DWZH	0
AI_DC_GRZH	0
AI_DC_YWCW	0
AI_JH_CW_PZSJ	0
AI_JH_MX	0
AI_SJ_CW_KMYHXX	0
AI_SJ_CW_SXF	0
AI_SJ_CW_YWSR	0
AI_SJ_DW	0
AI_SJ_DWJC_DWQJ	0
AI_SJ_GD_FJCR	0
AI_SJ_GD_JCBZ	0
AI_SJ_GD_QCCX	0
AI_SJ_GD_QXCX	0
AI_SJ_GD_SFBZ	0
AI_SJ_GD_SRBZ	0
AI_SJ_GD_ZHFC	0
AI_SJ_GD_ZZCX	0
AI_SJ_GR	0
AI_SJ_HZQK_CWHS	0
AI_SJ_HZQK_GJZF	0
AI_SJ_HZQK_GRXD	0
AI_SJ_JC_BLCX	0
AI_SJ_JC_CFJC	0
AI_SJ_JC_DEBJ	0
AI_SJ_JC_DWQJ	0
AI_SJ_JC_EDCX	0
AI_SJ_JC_JCPM	0
AI_SJ_JC_JSCX	0
AI_SJ_TQ_CSCX	0
AI_SJ_TQ_DETQ	0
AI_SJ_TQ_GZTQ	0
AI_SJ_TQ_SWTQ	0
AI_SJ_TQ_WDDX	0
AI_SJ_TQ_YXWX	0
BM_A003_1	0
BM_CW_JSLX	0
GZ_GR_WSZC	0
GZ_GR_ZCTQ	0
GZ_GR_ZR_DEL	0
GZ_GR_ZZBG_QC_DEL	0
GZ_GR_ZZ_LOD	0
G_AUTHORS	0
G_BOOKS	0
G_BOOK_AUTHORS	0
G_CART	0
G_CUSTOMERS	0
G_LINE_ITEMS	0
G_ORDERS	0
HOTPROBLEMS	0
HR_YG_BG	0
HR_YG_JB	0
HR_YG_SJQX	0
HR_YG_SJQX_BM	0
HR_YG_SJQX_DW	0
IM_DKSXF	0
IM_DQCKDF	0
IM_DQCKDF_SPYJ	0
IM_DQCKTQDF_MX	0
IM_DQCKYTMXB_DEL	0
IM_DQFXB	0
IM_EDJHB	0

数据库结构

**.**.**.**:7001/wscx_jx/a.jspx 95zzz

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2016-01-20 10:16

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给浙江分中心,由其后续协调网站管理单位处置.

最新状态:

暂无

漏洞评价:

评价

  1. 2016-01-16 16:48 | 牛 小 帅 ( 普通白帽子 | Rank:1117 漏洞数:260 | 1.乌云最帅的男人 ...)

    草,吓得我看看有没有我

  2. 2016-01-16 16:56 | 木易 ( 普通白帽子 | Rank:110 漏洞数:25 | 历代鬼谷子虽一人之力,却强于百万之师。一...)

    @独臂刀王 我记得你,你就是那个买柚子的时候不付钱,非要给摊主转账两个乌云币的那家伙

  3. 2016-01-16 17:00 | 欧冠狂魔阿森纳 ( 实习白帽子 | Rank:38 漏洞数:14 | 静静的看你们装逼)

    草,吓得我看看有没有我

  4. 2016-01-16 18:01 | von ( 路人 | Rank:4 漏洞数:3 | 一个帅字贯穿了我的一生~)

    草,吓得我看看有没有我未来的女票

  5. 2016-01-16 22:13 | 404notfound ( 普通白帽子 | Rank:259 漏洞数:71 | 考研中,有事请留言)

    @牛 小 帅 你特么又匿名赚rank,离900这么快了