漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0149477
漏洞标题:惠普某后台存在post注入泄漏大量订单和用户
相关厂商:惠普
漏洞作者: 路人甲
提交时间:2015-10-26 10:01
修复时间:2015-10-31 10:02
公开时间:2015-10-31 10:02
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:12
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-10-26: 细节已通知厂商并且等待厂商处理中
2015-10-31: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
惠普某后台存在post注入泄漏大量订单和用户
详细说明:
注入点 http://alwayson.hp.com.cn/AAS
有大量用户信息和订单信息
sysoriginatingservers_view | syspolicy_conditions | syspolicy_conditions_internal | syspolicy_configuration | syspolicy_configuration_internal | syspolicy_execution_internal | syspolicy_facet_events | syspolicy_management_facets | syspolicy_object_sets | syspolicy_object_sets_internal | syspolicy_policies | syspolicy_policies_internal | syspolicy_policy_categories | syspolicy_policy_categories_internal | syspolicy_policy_category_subscriptions | syspolicy_policy_category_subscriptions_internal | syspolicy_policy_execution_history | syspolicy_policy_execution_history_details | syspolicy_policy_execution_history_details_internal | syspolicy_policy_execution_history_internal | syspolicy_system_health_state | syspolicy_system_health_state_internal | syspolicy_target_set_levels | syspolicy_target_set_levels_internal | syspolicy_target_sets | syspolicy_target_sets_internal | sysproxies | sysproxylogin | sysproxyloginsubsystem_view | sysproxysubsystem | sysschedules | sysschedules_localserver_view | syssessions | sysssislog | sysssispackagefolders | sysssispackages | syssubsystems | systargetservergroupmembers | systargetservergroups | systargetservers | systargetservers_view | systaskids | sysutility_mi_configuration | sysutility_mi_configuration_internal | sysutility_mi_cpu_stage_internal | sysutility_mi_dac_execution_statistics_internal | sysutility_mi_session_statistics_internal | sysutility_mi_smo_objects_to_collect_internal | sysutility_mi_smo_properties_to_collect_internal | sysutility_mi_smo_stage_internal | sysutility_mi_volumes_stage_internal | sysutility_ucp_aggregated_dac_health | sysutility_ucp_aggregated_dac_health_internal | sysutility_ucp_aggregated_mi_health | sysutility_ucp_aggregated_mi_health_internal | sysutility_ucp_computer_cpu_health | sysutility_ucp_computer_cpu_health_internal | sysutility_ucp_computer_cpu_utilizations | sysutility_ucp_computer_policies | sysutility_ucp_computers | sysutility_ucp_computers_stub | sysutility_ucp_configuration | sysutility_ucp_configuration_internal | sysutility_ucp_cpu_utilization_stub | sysutility_ucp_dac_cpu_utilizations | sysutility_ucp_dac_database_file_space_health | sysutility_ucp_dac_database_file_space_utilizations | sysutility_ucp_dac_file_space_health_internal | sysutility_ucp_dac_health | sysutility_ucp_dac_health_internal | sysutility_ucp_dac_policies | sysutility_ucp_dac_policy_type | sysutility_ucp_dac_volume_space_utilizations | sysutility_ucp_dacs_stub | sysutility_ucp_database_files | sysutility_ucp_databases | sysutility_ucp_databases_stub | sysutility_ucp_datafiles | sysutility_ucp_datafiles_stub | sysutility_ucp_deployed_dacs | sysutility_ucp_filegroups | sysutility_ucp_filegroups_stub | sysutility_ucp_filegroups_with_policy_violations_internal | sysutility_ucp_health_policies_internal | sysutility_ucp_instance_policies | sysutility_ucp_instance_policy_type | sysutility_ucp_instances | sysutility_ucp_logfiles | sysutility_ucp_logfiles_stub | sysutility_ucp_managed_instances | sysutility_ucp_managed_instances_internal | sysutility_ucp_mi_cpu_utilizations | sysutility_ucp_mi_database_file_space_utilizations | sysutility_ucp_mi_database_health | sysutility_ucp_mi_database_health_internal | sysutility_ucp_mi_file_space_health | sysutility_ucp_mi_file_space_health_internal | sysutility_ucp_mi_health | sysutility_ucp_mi_health_internal | sysutility_ucp_mi_volume_space_health | sysutility_ucp_mi_volume_space_health_internal | sysutility_ucp_mi_volume_space_utilizations | sysutility_ucp_policies | sysutility_ucp_policy_check_conditions | sysutility_ucp_policy_check_conditions_internal | sysutility_ucp_policy_configuration | sysutility_ucp_policy_target_conditions | sysutility_ucp_policy_target_conditions_internal | sysutility_ucp_policy_violations | sysutility_ucp_policy_violations_internal | sysutility_ucp_processing_state_internal | sysutility_ucp_smo_servers_stub | sysutility_ucp_snapshot_partitions_internal | sysutility_ucp_space_utilization_stub | sysutility_ucp_supported_object_types_internal | sysutility_ucp_utility_space_utilization | sysutility_ucp_volumes | sysutility_ucp_volumes_stub | -----------------------------------------------------------+ atabase: SURFER 5 tables] -----------------------------------------------------------+ INVOICE | ZONE_SRFR | ZoneCharge | Zoneday | surfercso | -----------------------------------------------------------+ atabase: WEBMVS 145 tables] -----------------------------------------------------------+ APDATA_DOA | APDATA_HARD | APDATA_SOFT | ASC3TList | ASCLIST | ASC_CallBackList | ASC_KeyPerson | ASC_PartReceiver | ActionTypeList | ArcList | Blacklist | BlacklistLog | Bulletin | BusinessDOAInfo | CCC_ASC | CIPSMSNAMELIST_beifen | CIPSMSNameList | CITY_BUNDLE | CSO | CSOCaseList | CSOLOG | CSOPART | CSOPART_CCC | CSOPART_STATUS | CSOPART_TAT | CSOPART_USEDTYPE | CSO_Action | CSO_CCC | CSO_OOW_Bill | CSO_SERVICETYPE | CSO_STATUS | CSO_TAT | CUSTOMER | CUSTOMER_CCC | ChinaMap | CloseTAT | DOA | DOA_TAT | DispatchReport | DispatchTAT | ENGINEER | EPLIST | ExamApplyList | FA_Type | GiftNameList | GiftTypeList | Group_ASC | GspReimbuse_OLD | HDEscalation | HP_Newton_EmailList | HR | HR_STATUS | HoliDay | ITCaseList | IssuePath | KTIRegionUser | LCD_OOW_PRICE | LOG_OF_RELEASE_ASCINFO | MailList | ManualList | Menu | PART_CATELOG_COST | PART_DELIVERY | PART_ErrorCode | PART_GOODRMA | PART_GOODRMA_benfei20121105 | PART_OOW_PRICE | PART_RECEIVE | PART_REQUEST | PART_RETURN | PART_SIZE | PAVILION_DOA | PAYTOPL | PUBLISH_ASCLIST | Part | PartHitRateData | PartPlan | Part_OOW_SERVICECOST | PartsBill | PartsGroupValve | Product | ProductODM | Product_part | RPList | RPSTATUS | RegionEmailAddr | Report_PartHitrate | SACC_ENGINEER | SMSList | SMSOUTList | SN_Of_LG | SOM_ActionList | SSS_Log | STORE | STORE_BIZ | SUPPLIER | SpecialProduct | Store_WEEKLY | Storeinit | SupportingList | TAT_ODMtoWHSE | TAT_PAVILION | TSRMOBILELIST | TitleList | UserList | WAREHOUSE | WHSELOG | WHSE_BIN | WHSE_SP | WHSE_SP_beifen20131016XL | WHSE_TAT | YSTF_CSOCLOSE_TAT | YSTF_DISPATCH_TAT | YSTF_PartApply_TAT | ZoneCharge | Zoneday | Dispatch_Cso with not part | Dispatch_Cso with part | apdata_hard2 | asc3tlist_beifen20131107 | asc3tlist_beifen20140306 | asclist_beifen20150609 | bb | cso_newasc | customer0709 | group_asc_beifen20130813 | menuTree | menu_beifen20130216 | part_quantabeifen120321 | partassigntat | partsgroupValve_beifen120903 | product_beifen20140609 | quanta_partn | recc | rma_20121105 | store_ODMdelivery | storeupdate | tat_pavilion_beifen20130509 | tat_pavilion_dd | whse_sp_beifen121119 | whse_sp_ss | zone_pc | zone_pc_beifen130513new | zone_pc_beifen130517all | zone_pc_beifen150717 | -----------------------------------------------------------+ atabase: WEBAASBACKUP 27 tables] -----------------------------------------------------------+ ASC3TList | ASC_KeyPerson | ASC_PartReceiver | CIPSMSNameList | CSOPartBACKUP | Cso_ccc | Customer_ccc_backup | DOABACKUP | GROUP_asc | Product | Product_part | SUPPLIER | TAT_PAVILION | WHSE_SP | ascList | cso | cso_ccc2010 | csolog | csolog2010 | csologbackup | csoold | csopart | customer | customer_ccc2010 | hr | menu | userlist | -----------------------------------------------------------+ atabase: CERT 44 tables] -----------------------------------------------------------+ COURSELIST | D99_Tmp | Menu | SACCLOG | SACC_ENGINEER | VIEW1 | VIEW2 | cert_3t | cert_answer | cert_assign | cert_assign_bak | cert_cerfificatename | cert_cert | cert_certificate | cert_certificate_limit | cert_certificated | cert_certificatename | cert_certificateper_limit | cert_certification | cert_certification_limit | cert_certification_pl | cert_certification_times_limit | cert_city | cert_hq | cert_inactiveuser | cert_inactiveuser_pl | cert_index | cert_logic | cert_notice | cert_photo | cert_productline | cert_province | cert_question | cert_question_pl | cert_questionlogic | cert_score | cert_user | cert_user_pl | cert_vendor | cert_vendor_old | dtproperties | tmp1 | tmpR | user | -----------------------------------------------------------+ atabase: PCPOOL 12 tables] -----------------------------------------------------------+ ASCACTIONS | CSOPART | CSOXML | CUSTOMER | DOA | DownloadEvents | PRODUCT | REPAIR | SNNAction | TESTINFO | TIMEPOINT | WTY | -----------------------------------------------------------+ atabase: master 410 tables] -----------------------------------------------------------+ INFORMATION_SCHEMA.CHECK_CONSTRAINTS | INFORMATION_SCHEMA.COLUMNS | INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE | INFORMATION_SCHEMA.COLUMN_PRIVILEGES | INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE | INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE | INFORMATION_SCHEMA.DOMAINS | INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS | INFORMATION_SCHEMA.KEY_COLUMN_USAGE | INFORMATION_SCHEMA.PARAMETERS | INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS | INFORMATION_SCHEMA.ROUTINES | INFORMATION_SCHEMA.ROUTINE_COLUMNS | INFORMATION_SCHEMA.SCHEMATA | INFORMATION_SCHEMA.SEQUENCES | INFORMATION_SCHEMA.TABLES | INFORMATION_SCHEMA.TABLE_CONSTRAINTS | INFORMATION_SCHEMA.TABLE_PRIVILEGES | INFORMATION_SCHEMA.VIEWS | INFORMATION_SCHEMA.VIEW_COLUMN_USAGE | INFORMATION_SCHEMA.VIEW_TABLE_USAGE | MSreplication_options | spt_fallback_db | spt_fallback_dev | spt_fallback_usg | spt_monitor | spt_values | sys.all_columns | sys.all_objects | sys.all_parameters | sys.all_sql_modules | sys.all_views | sys.allocation_units | sys.assemblies | sys.assembly_files | sys.assembly_modules | sys.assembly_references | sys.assembly_types | sys.asymmetric_keys | sys.availability_databases_cluster | sys.availability_group_listener_ip_addresses | sys.availability_group_listeners | sys.availability_groups | sys.availability_groups_cluster | sys.availability_read_only_routing_lists | sys.availability_replicas | sys.backup_devices | sys.certificates | sys.change_tracking_databases | sys.change_tracking_tables | sys.check_constraints | sys.column_store_dictionaries | sys.column_store_segments | sys.column_type_usages | sys.column_xml_schema_collection_usages | sys.columns | sys.computed_columns | sys.configurations | sys.conversation_endpoints | sys.conversation_groups | sys.conversation_priorities | sys.credentials | sys.crypt_properties | sys.cryptographic_providers | sys.data_spaces | sys.database_audit_specification_details | sys.database_audit_specifications | sys.database_files | sys.database_filestream_options | sys.database_mirroring | sys.database_mirroring_endpoints | sys.database_mirroring_witnesses | sys.database_permissions | sys.database_principals | sys.database_recovery_status | sys.database_role_members | sys.databases | sys.default_constraints | sys.destination_data_spaces | sys.dm_audit_actions | sys.dm_audit_class_type_map | sys.dm_broker_activated_tasks | sys.dm_broker_connections | sys.dm_broker_forwarded_messages | sys.dm_broker_queue_monitors | sys.dm_cdc_errors | sys.dm_cdc_log_scan_sessions | sys.dm_clr_appdomains | sys.dm_clr_loaded_assemblies | sys.dm_clr_properties | sys.dm_clr_tasks | sys.dm_cryptographic_provider_properties | sys.dm_database_encryption_keys | sys.dm_db_file_space_usage | sys.dm_db_fts_index_physical_stats | sys.dm_db_index_usage_stats | sys.dm_db_log_space_usage | sys.dm_db_mirroring_auto_page_repair | sys.dm_db_mirroring_connections | sys.dm_db_mirroring_past_actions | sys.dm_db_missing_index_details | sys.dm_db_missing_index_group_stats | sys.dm_db_missing_index_groups | sys.dm_db_partition_stats | sys.dm_db_persisted_sku_features | sys.dm_db_script_level | sys.dm_db_session_space_usage | sys.dm_db_task_space_usage | sys.dm_db_uncontained_entities | sys.dm_exec_background_job_queue | sys.dm_exec_background_job_queue_stats | sys.dm_exec_cached_plans | sys.dm_exec_connections | sys.dm_exec_procedure_stats | sys.dm_exec_query_memory_grants | sys.dm_exec_query_optimizer_info | sys.dm_exec_query_resource_semaphores | sys.dm_exec_query_stats | sys.dm_exec_query_transformation_stats | sys.dm_exec_requests | sys.dm_exec_sessions | sys.dm_exec_trigger_stats | sys.dm_filestream_file_io_handles | sys.dm_filestream_file_io_requests | sys.dm_filestream_non_transacted_handles | sys.dm_fts_active_catalogs | sys.dm_fts_fdhosts | sys.dm_fts_index_population | sys.dm_fts_memory_buffers | sys.dm_fts_memory_pools | sys.dm_fts_outstanding_batches | sys.dm_fts_population_ranges | sys.dm_fts_semantic_similarity_population | sys.dm_hadr_auto_page_repair | sys.dm_hadr_availability_group_states | sys.dm_hadr_availability_replica_cluster_nodes | sys.dm_hadr_availability_replica_cluster_states | sys.dm_hadr_availability_replica_states | sys.dm_hadr_cluster | sys.dm_hadr_cluster_members | sys.dm_hadr_cluster_networks | sys.dm_hadr_database_replica_cluster_states | sys.dm_hadr_database_replica_states | sys.dm_hadr_instance_node_map | sys.dm_hadr_name_id_map | sys.dm_io_backup_tapes | sys.dm_io_cluster_shared_drives | sys.dm_io_pending_io_requests | sys.dm_logpool_hashentries | sys.dm_logpool_stats | sys.dm_os_buffer_descriptors | sys.dm_os_child_instances | sys.dm_os_cluster_nodes | sys.dm_os_cluster_properties | sys.dm_os_dispatcher_pools | sys.dm_os_dispatchers | sys.dm_os_hosts | sys.dm_os_latch_stats | sys.dm_os_loaded_modules | sys.dm_os_memory_allocations | sys.dm_os_memory_broker_clerks | sys.dm_os_memory_brokers | sys.dm_os_memory_cache_clock_hands | sys.dm_os_memory_cache_counters | sys.dm_os_memory_cache_entries | sys.dm_os_memory_cache_hash_tables | sys.dm_os_memory_clerks | sys.dm_os_memory_node_access_stats | sys.dm_os_memory_nodes | sys.dm_os_memory_objects | sys.dm_os_memory_pools | sys.dm_os_nodes | sys.dm_os_performance_counters | sys.dm_os_process_memory | sys.dm_os_ring_buffers | sys.dm_os_schedulers | sys.dm_os_server_diagnostics_log_configurations | sys.dm_os_spinlock_stats | sys.dm_os_stacks | sys.dm_os_sublatches | sys.dm_os_sys_info | sys.dm_os_sys_memory | sys.dm_os_tasks | sys.dm_os_threads | sys.dm_os_virtual_address_dump | sys.dm_os_wait_stats | sys.dm_os_waiting_tasks | sys.dm_os_windows_info | sys.dm_os_worker_local_storage | sys.dm_os_workers | sys.dm_qn_subscriptions | sys.dm_repl_articles | sys.dm_repl_schemas | sys.dm_repl_tranhash | sys.dm_repl_traninfo | sys.dm_resource_governor_configuration | sys.dm_resource_governor_resource_pool_affinity | sys.dm_resource_governor_resource_pools | sys.dm_resource_governor_workload_groups | sys.dm_server_audit_status | sys.dm_server_memory_dumps | sys.dm_server_registry | sys.dm_server_services | sys.dm_tcp_listener_states | sys.dm_tran_active_snapshot_database_transactions | sys.dm_tran_active_transactions | sys.dm_tran_commit_table | sys.dm_tran_current_snapshot | sys.dm_tran_current_transaction | sys.dm_tran_database_transactions | sys.dm_tran_locks | sys.dm_tran_session_transactions | sys.dm_tran_top_version_generators | sys.dm_tran_transactions_snapshot | sys.dm_tran_version_store | sys.dm_xe_map_values | sys.dm_xe_object_columns | sys.dm_xe_objects | sys.dm_xe_packages | sys.dm_xe_session_event_actions | sys.dm_xe_session_events | sys.dm_xe_session_object_columns | sys.dm_xe_session_targets | sys.dm_xe_sessions | sys.endpoint_webmethods | sys.endpoints | sys.event_notification_event_types | sys.event_notifications | sys.events | sys.extended_procedures | sys.extended_properties | sys.filegroups | sys.filetable_system_defined_objects | sys.filetables | sys.foreign_key_columns | sys.foreign_keys | sys.fulltext_catalogs | sys.fulltext_document_types | sys.fulltext_index_catalog_usages | sys.fulltext_index_columns | sys.fulltext_index_fragments | sys.fulltext_indexes | sys.fulltext_languages | sys.fulltext_semantic_language_statistics_database | sys.fulltext_semantic_languages | sys.fulltext_stoplists | sys.fulltext_stopwords | sys.fulltext_system_stopwords | sys.function_order_columns | sys.http_endpoints | sys.identity_columns | sys.index_columns | sys.indexes | sys.internal_tables | sys.key_constraints | sys.key_encryptions | sys.linked_logins | sys.login_token | sys.master_files | sys.master_key_passwords | sys.message_type_xml_schema_collection_usages | sys.messages | sys.module_assembly_usages | sys.numbered_procedure_parameters | sys.numbered_procedures | sys.objects | sys.openkeys | sys.parameter_type_usages | sys.parameter_xml_schema_collection_usages | sys.parameters | sys.partition_functions | sys.partition_parameters | sys.partition_range_values | sys.partition_schemes | sys.partitions | sys.plan_guides | sys.procedures | sys.registered_search_properties | sys.registered_search_property_lists | sys.remote_logins | sys.remote_service_bindings | sys.resource_governor_configuration | sys.resource_governor_resource_pool_affinity | sys.resource_governor_resource_pools | sys.resource_governor_workload_groups | sys.routes | sys.schemas | sys.securable_classes | sys.selective_xml_index_namespaces | sys.selective_xml_index_paths | sys.sequences | sys.server_assembly_modules | sys.server_audit_specification_details | sys.server_audit_specifications | sys.server_audits | sys.server_event_notifications | sys.server_event_session_actions | sys.server_event_session_events | sys.server_event_session_fields | sys.server_event_session_targets | sys.server_event_sessions | sys.server_events | sys.server_file_audits | sys.server_permissions | sys.server_principal_credentials | sys.server_principals | sys.server_role_members | sys.server_sql_modules | sys.server_trigger_events | sys.server_triggers | sys.servers | sys.service_broker_endpoints | sys.service_contract_message_usages | sys.service_contract_usages | sys.service_contracts | sys.service_message_types | sys.service_queue_usages | sys.service_queues | sys.services | sys.soap_endpoints | sys.spatial_index_tessellations | sys.spatial_indexes | sys.spatial_reference_systems | sys.sql_dependencies | sys.sql_expression_dependencies | sys.sql_logins | sys.sql_modules | sys.stats | sys.stats_columns | sys.symmetric_keys | sys.synonyms | sys.sysaltfiles | sys.syscacheobjects | sys.syscharsets | sys.syscolumns | sys.syscomments | sys.sysconfigures | sys.sysconstraints | sys.syscurconfigs | sys.syscursorcolumns | sys.syscursorrefs | sys.syscursors | sys.syscursortables | sys.sysdatabases | sys.sysdepends | sys.sysdevices | sys.sysfilegroups | sys.sysfiles | sys.sysforeignkeys | sys.sysfulltextcatalogs | sys.sysindexes | sys.sysindexkeys | sys.syslanguages | sys.syslockinfo | sys.syslogins | sys.sysmembers | sys.sysmessages | sys.sysobjects | sys.sysoledbusers | sys.sysopentapes | sys.sysperfinfo | sys.syspermissions | sys.sysprocesses | sys.sysprotects | sys.sysreferences | sys.sysremotelogins | sys.sysservers | sys.system_columns | sys.system_components_surface_area_configuration | sys.system_internals_allocation_units | sys.system_internals_partition_columns | sys.system_internals_partitions | sys.system_objects | sys.system_parameters | sys.system_sql_modules | sys.system_views | sys.systypes | sys.sysusers | sys.table_types | sys.tables | sys.tcp_endpoints | sys.trace_categories | sys.trace_columns | sys.trace_event_bindings | sys.trace_events | sys.trace_subclass_values | sys.trace_xe_action_map | sys.trace_xe_event_map | sys.traces | sys.transmission_queue | sys.trigger_event_types | sys.trigger_events | sys.triggers | sys.type_assembly_usages | sys.types | sys.user_token | sys.via_endpoints | sys.views | sys.xml_indexes | sys.xml_schema_attributes | sys.xml_schema_collections | sys.xml_schema_component_placements | sys.xml_schema_components | sys.xml_schema_elements | sys.xml_schema_facets | sys.xml_schema_model_groups | sys.xml_schema_namespaces | sys.xml_schema_types | sys.xml_schema_wildcard_namespaces | sys.xml_schema_wildcards | -----------------------------------------------------------+ atabase: WEBAAS 164 tables] -----------------------------------------------------------+ APDATA_DOA | APDATA_HARD | APDATA_SOFT | ASC3TList | ASCLIST | ASC_CallBackList | ASC_KeyPerson | ASC_PartReceiver | ActionTypeList | ArcList | Blacklist | BlacklistLog | Bulletin | BusinessDOAInfo | CALL_RESPONSE_REP | CCC_ASC | CIPSMSNAMELIST_beifen | CIPSMSNameList | CITY_BUNDLE | CSO | CSOCaseList | CSOLOG | CSOPART | CSOPART_CCC | CSOPART_STATUS | CSOPART_TAT | CSOPART_USEDTYPE | CSO_Action | CSO_CCC | CSO_OOW_Bill | CSO_SERVICETYPE | CSO_STATUS | CSO_TAT | CUSTOMER | CUSTOMER_CCC | ChinaMap | CloseTAT | DOA | DOA_REP | DOA_TAT | DispatchReport | DispatchTAT | DoaStore | ENGINEER | EPLIST | ExamApplyList | FA_Type | GSPREIMBURSE | GSPREIMBURSE_2 | GiftNameList | GiftTypeList | Group_ASC | GspReimbuse_OLD | HDEscalation | HP_Newton_EmailList | HR | HR_STATUS | HoliDay | ITCaseList | IssuePath | KTIRegionUser | LCD_OOW_PRICE | LOG_OF_RELEASE_ASCINFO | MailList | ManualList | Menu | ONSITE_BENCH | ONSITE_BENCH_REP | PART_CATELOG_COST | PART_DELIVERY | PART_ErrorCode | PART_GOODRMA | PART_GOODRMA_benfei20121105 | PART_OOW_PRICE | PART_RECEIVE | PART_REQUEST | PART_RETURN | PART_SIZE | PAVILION_DOA | PAYTOPL | PCVISION | PUBLISH_ASCLIST | Part | PartHitRateData | PartPlan | Part_OOW_SERVICECOST | PartsBill | PartsGroupValve | Product | ProductODM | Product_part | RPList | RPSTATUS | RegionEmailAddr | Report_PartHitrate | SACC_ENGINEER | SMSList | SMSOUTList | SN_Of_LG | SOM_ActionList | SSS_Log | STORE | STORE_BIZ | SUPPLIER | Sms_SumaryReport | SpecialProduct | Store_WEEKLY | Storeinit | SupportingList | TAT_ODMtoWHSE | TAT_PAVILION | TSRMOBILELIST | TitleList | UserList | WAREHOUSE | WHSELOG | WHSE_BIN | WHSE_SP | WHSE_SP_beifen20131016XL | WHSE_TAT | YSTF_CSOCLOSE_TAT | YSTF_DISPATCH_TAT | YSTF_PartApply_TAT | YSTF_派单TAT | YSTF_结单TAT | YSTF_配货TAT | ZoneCharge | Zoneday | Dispatch_Cso with not part | Dispatch_Cso with part | apdata_hard2 | asc3tlist_beifen20131107 | asc3tlist_beifen20140306 | asclist_beifen20150609 | bb | cso_newasc | customer0709 | doa_view | group_asc_beifen20130813 | issue | menuTree | menu_beifen20130216 | part_quantabeifen120321 | partassigntat | partsgroupValve_beifen120903 | product_beifen20140609 | quanta_partn | recc | rma_20121105 | store_ODMdelivery | storeupdate | sysdiagrams | tat_pavilion_beifen20130509 | tat_pavilion_dd | whse_sp_beifen121119 | whse_sp_ss | zone_pc | zone_pc_beifen130513new | zone_pc_beifen130517all | zone_pc_beifen150821 | zone_pc_beifen150911 | zone_pc_beifen150925 | zone_pc_beifen151010 | zone_pc_beifen151015 | -----------------------------------------------------------+ atabase: REPORT 22 tables] -----------------------------------------------------------+ APDATA_DOA | APDATA_HARD | APDATA_SOFT | BlacklistLog | CSOPART_TAT | CSO_TAT | CloseTAT | DOA_TAT | DispatchReport | DispatchTAT | PartHitRateData | Report_PartHitrate | Sms_SumaryReport | YSTF_CSOCLOSE_TAT | YSTF_DISPATCH_TAT | YSTF_PartApply_TAT | YSTF_派单TAT | YSTF_结单TAT | YSTF_配货TAT | Dispatch_Cso with not part | Dispatch_Cso with part | partassigntat | -----------------------------------------------------------+ atabase: distribution 59 tables] -----------------------------------------------------------+ IHarticles | IHcolumns | IHconstrainttypes | IHextendedArticleView | IHextendedSubscriptionView | IHindextypes | IHpublications | IHpublishercolumnconstraints | IHpublishercolumnindexes | IHpublishercolumns | IHpublisherconstraints | IHpublisherindexes | IHpublishers | IHpublishertables | IHsubscriptions | IHsyscolumns | MSarticles | MScached_peer_lsns | MSdistribution_agents | MSdistribution_history | MSdistribution_status | MSlogreader_agents | MSlogreader_history | MSmerge_agents | MSmerge_articlehistory | MSmerge_articleresolver | MSmerge_history | MSmerge_identity_range_allocations | MSmerge_sessions | MSmerge_subscriptions | MSpublication_access | MSpublications | MSpublicationthresholds | MSpublisher_databases | MSqreader_agents | MSqreader_history | MSrepl_backup_lsns | MSrepl_commands | MSrepl_errors | MSrepl_identity_range | MSrepl_originators | MSrepl_transactions | MSrepl_version | MSreplication_monitordata | MSsnapshot_agents | MSsnapshot_history | MSsubscriber_info | MSsubscriber_schedule | MSsubscriptions | MSsync_states | MStracer_history | MStracer_tokens | UIProperties | sysarticlecolumns | sysarticles | sysextendedarticlesview | syspublications | sysschemaarticles | syssubscriptions | -----------------------------------------------------------+ atabase: AMR 45 tables] -----------------------------------------------------------+ ASCLIST | CSO | CSOLOG | CSOPART | CSOPART_STATUS | CSOPART_USEDTYPE | CSO_CCC | CSO_SERVICETYPE | CSO_STATUS | CUSTOMER | CUSTOMER_CCC | GROUP_PART | ISSUE | MailList | Menu | MonitorQty_Biz | MonthStore_WEEKLY | ODM | PART | PART_DELIVERY | PART_ErrorCode | PART_GOODRMA
漏洞证明:
修复方案:
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2015-10-31 10:02
厂商回复:
漏洞Rank:4 (WooYun评价)
最新状态:
2015-11-18:http://alwayson.hp.com.cn/AAS - this site does not belong to HP.