乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-15: 细节已通知厂商并且等待厂商处理中 2016-01-19: 厂商已经确认,细节仅向厂商公开 2016-01-29: 细节向核心白帽子及相关领域专家公开 2016-02-08: 细节向普通白帽子公开 2016-02-18: 细节向实习白帽子公开 2016-03-04: 细节向公众公开
**.**.**.**/jsw2/ 南京计生系统存在命令执行,泄露了1400W+900W详细的个人信息(详细到门牌号,)30W+30W+30W个人身份信息。个人身份信息在第一个数据库,前三个表,1400W+900W在第二个数据库第一个表和第二个表,在下文中会详细标注出来。数据过于庞大,只给出部分作为证明。
<url>jdbc:oracle:thin:@**.**.**.**:1521:newjsw</url> <driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name> <properties> <property> <name>user</name> <value>newjsw</value> </property> </properties> <password-encrypted>{AES}dEZPo7qIt3MM2zCL6du/3BzOPatkRFQOWGy6BH70FvY=</password-encrypted> les1028 <url>jdbc:oracle:thin:@**.**.**.**:1521:jswbt</url> <driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name> <properties> <property> <name>user</name> <value>jswbt</value> </property> </properties> <password-encrypted>{AES}rHKIQNE6mqsNW75maekqELa5lggoDu9WfMKz48gvtdM=</password-encrypted> les1028
数据库配置
Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS descTABLE_NAMEVARCHAR2 NUM_ROWSNUMBERJSBT_TXDA_320100V3 333965JSW_TXDA 333849JSW_TXDA_20151111BAK 325576JSW_TXDA_20151012BAK 320655JSW_TXDA_20150813BAK 314212JSW_TXDA_20150630BAK 311708JSW_TXDA_20150604BAK 309579JSW_TXDA_20150513BAK 300563JSW_TXDA_20150309BAK 295287JSW_TXDA_20150202BAK 292358JSW_TXDA_20141215 283399JSW_TXDA_20150114BAK 283399JSBT_TXDA2 283004JSBT_TXDA 280297JSW_TXDA_20141201BAK 278586JSW_TXDA_20141104BAK 273934JSW_TXDA_20141010BAK 270572JSW_TXDA_20140801BAK 264138JSW_TXDA_20140911BAK 264138JSW_TXDA_20140804BAK 260116JSW_TXDA_20140701BAK 256633JSW_TXDA_20140509 253179JSW_TXDA_20140603BAK 253119JSW_SQJLB_20150402 252870JSW_TXDA_20140505BAK 249626JSW_TXDA_20140403BAK 245901JSW_TXDA_20140307BAK 243457JSW_TXDA_20140112BAK 235669JSW_TXDA_20140220BAK 235669JSW_TXDA_20140107BAK 230191JSW_TXDA_20131013BAK 219642JSW_TXDA_20131231BAK 219642JSW_TXDA_20131009BAK 214630JSW_TXDA_20130901BAK 206081TMP_JSW_ZFQKMXB_BAK20131009 201596JSW_TXDA_20130703BAK 201569JSW_TXDA_20130617BAK 196804JSW_TXDA_20130428BAK 192955TMP_JSW_ZFQKMXB 187912JSW_TXDA_20130403BAK 184605JSW_TXDA_BAK_20130301 184605VVV_FFRYTJ 163072JSW_GSQKMXB 154644JSW_SQJLB 153461JSW_ZFQKMXB 150289JSW_SQJLB_20150402BAK 128999JSW_SQJLB20140619 104158TMP_JSW_HPQKMXB 79085JSBT_TXDA_BC 73455JSW_HPQKMXB2 45515VVV_FFFFF 41875JSW_SQJLB_20131013BAK 38099JSW_GSQKMXB_20131013BAK 37748JSW_ZFQKMXB_20131013BAK 37095JSW_JFRY 29506JSW_GSQKMXB_20130424BAK 25210JSW_HPQKMXB2_20140415BAK 24426JSW_JFRY_20150416_BAK 23017JSW_SQJLB_BAK20130514 22799OA_MANAGER_QX 21206JSW_DWDA_20151111BAK 18295JSW_DWDA_20151012BAK 18061JSW_DWDA 17762Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS descTABLE_NAMEVARCHAR2 NUM_ROWSNUMBERTP_JSBT_TXDWMX TP_JSBT_SQJLMX TP_JSBT_TXCXMX WAS_TRANSDATASET 14028748 1400W个人的详细信息BAK$WAS_TRANSDATASET101219 9732609 900W个人详细信息BAK$WAS_TRANSDATA101219 5664107WAS_TRANSDATA 5071046WAS_TRANSLOG 739474BAK$WAS_TRANSDATA 518357BAK_JSBT_HPQKMXB_20141208 447799BAK_JSBT_HPQKMXB_20140530 445908BAK_JSBT_HPQKMXB_20150716 444970BAK_JSBT_HPQKMXB_20121025 443914BAK_JSBT_HPQKMXB_20121106 441857JSBT_KPQKMXB_TMP 440432BAK_JSBT_HPQKMXB_20120112 439701JSBT_HPQKMXB 429604BAK$JSBT_HPQKMXB$20110701 423722BAK_JSBT_KPQKMXB_20121025 418216BAK_JSBT_KPQKMXB_20120112 416273JSBT_KPQKMXB 416034YY_HP1 410698BAK$JSBT_KPQKMXB$20110701 398972BAK$JSBT_HPQKMXB$20101224 386080JSBT_TXDA_OLD 302870JSBT_TXDA_20100623 302870JSBT_TXDA20100525 294326JSBT_TXDA20100524 292479JSBT_TXDA2 283004JSBT_TXDA_20140212_BAK 282494JSBT_TXDA_20140125BAK 282394JSBT_TXDA_20131028BAK 282384BAK_JSBT_TXDA_20121012 282384BAK_JSBT_TXDA_20120112 280474BAK_JSBT_TXDA_20111130 280343BAK_JSBT_TXDA_20111111 280335BAK_JSBT_TXDA_20111101 280299JSBT_TXDA 280297BAK$JSBT_TXDA$20110701 280297BAK$JSBT_TXDA$20101224 279825JSBT_TXDA_20101222 279672BAK$WAS_TRANSDATASET 276151BAK$JSBT_KPQKMXB$20101224 268207JSBT_KPQKMXB_20100623 262354JSBT_TXDA_320100V3 211848JSBT_TXDA_320100V2_BAK 211838JSBT_GSQKLSB 193956BAK_JSBT_ZFQKMXB_20150716 178992JSBT_ZFQKMXB 178980BAK_JSBT_ZFQKMXB_20141208 178778JSB_ZFQKMXB_20140612 178776BAK_JSBT_ZFQKMXB_20140530 178774BAK_JSBT_ZFQKMXB_20130606 178488BAK_JSBT_ZFQKMXB_201314 178484BAK_JSBT_ZFQKMXB_201313 178484BAK_JSBT_ZFQKMXB_20121012 175282BAK_JSBT_ZFQKMXB_20121025 175282BAK_JSBT_ZFQKMXB_20121106 175263JSBT_ZFQKMXB_20120712 174764BAK_JSBT_ZFQKMXB_20120112 172590YY_ZF_HP 166316BAK$JSBT_ZFQKMXB$20110701 143144JSBT_ZFQKMXB20101229 137440BAK$JSBT_ZFQKMXB$20101224 137136TMP_JSBT_HPQKMXB 135980TP_LDFF_20121115 128836TP_LDFF 128451TP_JSBT_FFHP20110228 117368JSBT_TXDA_320100V2_BC_BAK 103778JSBT_TXDA_BC 73455JSBT_TXDA_BC_20101222 73167JSBT_TXDA_BC_20131030BAK 72815JSBT_TXDA_320100V2_BC_20100622 68152WAS_CZRZB 59385TP_JSBT_DXQY 55338TP_JSBT_ZXDW 33163BAK$JSBT_KPQKMXB_SBSQY 31092TP_JSBT_TXDA_SBSQY_QH 30487BAK$JSBT_TXDA_BC_SBSQY 30319JSBT_TXDA_BAK 21764BAK_JSBT_SQJLB_20121025 17608BAK_JSBT_GSQKMXB_20121025 17603JSBT_SQJLB 17561BAK$JSBT_GSQKMXB$20110701 17510JSBT_GSQKMXB 17388BAK$JSBT_SQJLB$20101224 16819BAK$JSBT_GSQKMXB$20101224 16490JSBT_SQJLB_20100705 15481YY_HP2 12890TP_JSBT_WD 10394JSBT_HPQKMXB_20100623 10235BAK_JSBT_HPQKB_20150716 9929JSBT_TXDA_20110916_SWRY 9911BAK_JSBT_HPQKB_20141208 9895BAK_JSBT_HPQKB_20140530 9864BAK_JSBT_HPQKB_20121106 9667BAK_JSBT_HPQKB_20121025 9666BAK_JSBT_HPQKB_20120112 9554JSBT_HPQKB 9522BAK$JSBT_HPQKB$20110701 9370OA_MANAGER_QX 8926JSBT_TXDA20100601 8544TP_JNTXDA 8280JSBT_HPQKB20101230 8156BAK$JSBT_HPQKB$20101224 7960TP_JSBT_YHYFF_20120113 7254TP_JSBT_SBSQY_RYB 6115TP_GCTXDA 6073TP_JSBT_SWRQ20101201TO20110630 5536JSBT_DWDA_OLD 5505JSBT_DWDA_20100623 5505JSBT_DWDA20100525 5497JSBT_DWDA20100524 5476JSBT_DWDA_20140408BAK 5464JSBT_DWDA_20140212_BAK 5458BAK$JSBT_DWDA$20110701 5457BAK$JSBT_DWDA$20101224 5455JSBT_DWDA_20100707 5454JSBT_DWDA 5454TMP_HASNOTSEND 5126BAK_JSBT_KPQKB_20121025 4985BAK_JSBT_KPQKB_20120112 4966BAK$JSBT_KPQKB$20110701 4877BAK_JSBT_ZFQKMXB_YFHRY 4835BAK$JSBT_KPQKB$20101224 4823JSBT_KPQKB 4791TP_JSBT_FFRY_LH_0617 4444JSBT_DWDA_320100V2_20100622 4272JSBT_DWDA_320100V2_BAK 4272JSBT_KPQKB_20100623 4049TP_LDFF_20130606 3847TP_JSBT_ZFQKMXB_20121011 3576TP_JSBT_ZFQKMXB_20130606 3489TP_PANDA_SENDED_20121114 2888TP_JSBT_FFRY_JN_0617 2864TP_SWRY_20121115 2761TP_SWRY 2737JSBT_ZFQKMXB_BAK 2689JSBT_HPQKMXB_BAK 2683TP_JSBT_SWZFB 2498TP_JSBT_SWFF20110308 2492TP_JSBT_SWFF20110429 2491TP_JSBT_SWRY_20110915 2443TP_JSBT_SWFF20110727 2443TP_JSBT_XSRY_GC 2360BZ_JSBT_SQMCH 2292JSBT_DWDA_320100V2_BC_BAK 2281JSBT_DWDA_BC 2281BZ_JSBT_SQB 2127BZ_SQB 2110TMP_JSBT_QYFH_20130130_2 2100TP_JSBT_FFRY_GC_0617 1961JSW_TXDA_20120113 1907TP_JSBT_FFRY_LS_0617 1623TP_JSBT_FFRY_LS 1623TP_JSBT_KPQKMXB_SBSQY 1557TP_FFQKMX_20121128 1513JSBT_HPQKMXB_00000039 1422TP_JSBT_FFRY_PK_0617 1416JSBT_DWDA_BAK 1409JSBT_SQJLB_BAK 1143JSBT_HPQKB_20100623 1069BAK_JSBT_ZFQKB_20150716 837JSBT_ZFQKB 831BAK_JSBT_ZFQKB_20141208 821BAK_JSBT_ZFQKB_20140530 815TP_JSBT_1ST2HPDW 775BAK_JSBT_ZFQKB_20121025 769BAK_JSBT_ZFQKB_20121106 761JSBT_TXDA_320100V2 748BAK_JSBT_ZFQKB_20120112 744BAK$JSBT_ZFQKB$20110701 721TP_JSBT_TXDA 712JSBT_GSQKB 690TP_JSBT_XSRY_LH 675WAS_FIELD 636JSBT_ZFQKB20101229 519BAK$JSBT_GSQKB$20110701 513TMP_JSBT_HASNOTINSERT 507TMP_JSBT_QYFH_20130130 505BAK$JSBT_ZFQKB$20101224 487TP_JSBT_TXDA_20110616 466JSBT_FFCWMXB 460JSBT_DWFFQKB 440TP_FHQYMX_20121115 360TP_FHQYMX 360TP_JSBT_ZFQKMXB_20130613 358TP_KNQY 341BAK$JSBT_KPQKB_SBSQY 317OA_ROLES_QX 300YX_RYB 291BAK$JSBT_GSQKB$20101224 287OA_MAN_ROLES 287ZFTEST 286P 286TP_JSBT_CZRY 274OA_TZ_SJKSB 257TP_JSBT_ZTQY_0720 255TP_JSBT_DW20110107 253TP_JSBT_DWDA_20110915 247OA_ACTMENU 244JSBT_DWDA_ZLKP 234TP_JSBT_KPQKB_SBSQY 207WAS_BMXZB 205BAK_JSBT_KPQKMXB_100528 204TMP_ZDXM_20121107 197JSBT_GSDYB 192TP_JSBT_GZQY 171JSBT_KPTOJDDW 168BAK_JSBT_KPTOJDDW_20121025 167TP_JSBT_KPQKMXB_20110616 157TEST3_20140626 149TEST4_20140626 149BZ_JDB 148BZ_JSBT_JDB 148TEST20140701 145TP_JSBT_ZTDW_V2 136TEST_20140626 129JSBT_FF_LH 123TP_JSBT_XM 122TP_JSBT_KPWDJQY 119TP_PANDA 114JSBT_ZFQKMXB_BAK_20130926 114TMP_JSBT_RSFF_20130704 113JSBT_QRSB 113TP_JSBT_ZFQKMXB_20130614 112TP_PANDA_FF 112TMP_BBB 108JSBT_DWDA_CXKP 107WAS_NODE 84PP 81TP_JSBT_GTQY 69BAK_JSBT_DWDA_20130325 68TMP_JSBT_4TO99 68TMP_JSBT_FFQK_CHECK_20130121 66OA_TYMENU 56TP_JSBT_XSRY_JN 45TP_JSBT_XSRY_LS 43JSBT_CDLQ 42JSBT_ZFQKMXB_20131025BAK 42TP_JSBT_DW20110916 41TP_SWRY_20120109 37WAS_DATASET 36TP_JSBT_NOFF 36WAS_DATASETCOL 36WAS_ITEMAPPID 32WAS_RWPRO 31WAS_ITEM 31TMP_JSBT_LEFT_RY 27TP_JSBT_XSRY_PK 26TP_JSBT_TXDA_20121012 26JSBT_ZFQKMXB_20100623 22PBCATEDT 21PBCATFMT 20OA_TZ_XXB 19TP_JSBT_ZTDW_V3 19JSBT_ZFQKB_20100623 18BZ_JSBT_QHDZB 17BZ_QMB 17TP_JSBT_ZTDW_V5 16TP_JSBT_ZTDW_V4 16JSBT_ZFQKMXB_BAK_20110620 16JSBT_HPQKMXB_BAK_20110620 16JSBT_DWDA_RECOVERY 16JSBT_SQJLB20140626 14OA_TZ_FJB 12BZ_JSBT_LSGXB 10JSBT_HPQKMXB_2014_DELINFO 9BAK_JSBT_GSQKMXB_20111122 8JSBT_ZFQKMXB_2014_DELINFO 8JSBT_DWDA20100601 8OA_ROLES 7BZ_JSBT_TCQHB 6JSBT_HPQKB_RECOVERY 6JSBT_HPQKMXB_RECOVERY 6JSBT_ZFQKMXB_CG6R 6OA_THEME 6JSBT_ZFQKMXB_BAK_20130606 5JSBT_TXDA_BC_RECOVERY 5JSBT_HPQKB_00000039 5JSBT_HPQKMXB_BAK_20130606 5BZ_JSBT_RYLBB 5JSBT_DWDA_320100V2 5JSBT_ZFQKB_RECOVERY 4JSBT_HPQKB_BAK_20110620 4JSBT_ZFQKMXB_RECOVERY 4JSBT_ZFQKB_BAK_20110620 4BZ_JSBT_DWTZHB 4JSBT_TXDA_201407DELINFO 3BZ_JSBT_DLGXB 3TP_JSBT_DWDA_20110616 3BZ_JSBT_XBB 3JSBT_ZFQKMXB20140702 3JSBT_GSQKMXB_RECOVERY 3JSBT_SQJLB_BAK20130903 2JSBT_SQJLB_201407DELINFO 2JSBT_HPQKB_BAK_20130606 2JSBT_GSQKMXB_BAK20130903 2BZ_JSBT_ZJLXB 2BZ_JSBT_TXTZB 2BZ_JSBT_FFFSB 2BZ_JSBT_BTJGB 2OA_STATUS 2OA_YCCSB 2OA_YDCSB 2OA_GQCSB 2OA_FJCSB 2JSBT_ZFQKB_BAK_20130606 2JSBT_TXDA_RECOVERY 2JSBT_HPQKMXB_DELINFO 1JSBT_KPQKMXB_DELINFO 1TP_JSBT_HPQKMXB_00004262 1BZ_JSBT_BTJS 1JSBT_TXDA_BC_DELINFO 1JSBT_TXDA_DELINFO 1JSBT_GSQKB_BAK20130903 1JSBT_KPTOJDDW_20130903 1JSBT_TKQKB 0JSBT_ZFQKMXB_TMP 0OA_FJB 0OA_JSXXB 0OA_XXB 0ZH_ERR_JL 0PBCATTBL 0PBCATVLD 0WAS_DTBMXZB 0WAS_TAB_COL 0WAS_TRANSDATA_BF 0PBCATCOL 0OA_JSXXB 0JSW_ZFQKMXB_JC20130301BAK 0
数据库结构
**.**.**.**/jsw2/1.jspx 9635789
危害等级:中
漏洞Rank:10
确认时间:2016-01-19 13:26
漏洞重复,CNVD不在重复处置。
暂无