当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0166112

漏洞标题:黑龙江某市住房公积金漏洞(涉及全市居民个人信息/住房公积金详情/大量政府人员/缴费等信息)

相关厂商:center

漏洞作者: 路人甲

提交时间:2015-12-30 18:38

修复时间:2016-02-12 18:49

公开时间:2016-02-12 18:49

漏洞类型:命令执行

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-30: 细节已通知厂商并且等待厂商处理中
2015-12-31: 厂商已经确认,细节仅向厂商公开
2016-01-10: 细节向核心白帽子及相关领域专家公开
2016-01-20: 细节向普通白帽子公开
2016-01-30: 细节向实习白帽子公开
2016-02-12: 细节向公众公开

简要描述:

详细说明:

http://**.**.**.**/ 黑龙江双鸭市住房公积金,存在命令执行,
通过写shell配置数据库,得到大量数据,
全市的公积金情况,还有大量的政府人员信息,
个人的详细信息,
由于数据众多,只截取部分作为证明,

漏洞证明:

1111.png

xinxi1.png

xinxi3.png

xinxi4.png

xinxi5.png

xinxi6.png

xinxi7.png

xinxi8.png

xinxi9.png

xinxi10.png

xinxi11.png

xinxi14.png

xinxi17.png

xinxi18.png

xinxi19.png

xinxi20.png

xinxi21.png

<url>jdbc:oracle:thin:@**.**.**.**:1521:ORA11G</url>
    <driver-name>oracle.jdbc.OracleDriver</driver-name>
    <properties>
      <property>
        <name>user</name>
        <value>SYS_WEB</value>
      </property>
    </properties>
    <password-encrypted>{AES}o64aNwdV8ZesLEZafWbVsD/E+grDRgqMBfpHgEJ1xjM=</password-encrypted>  wasoft
  </jdbc-driver-params>
    <url>jdbc:oracle:thin:@**.**.**.**:1521:ORA11G</url>
    <driver-name>oracle.jdbc.OracleDriver</driver-name>
    <properties>
      <property>
        <name>user</name>
        <value>wasys3_sys</value>
      </property>
    </properties>
    <password-encrypted>{AES}3bN7UX03Ob39noD+TT1Ok48IzHq5H9p4RZOR9wZ6kVk=</password-encrypted> wasoft

数据库配置

Query#0 : select table_name from user_tables
TABLE_NAME
VARCHAR2
GD_DB_YQCS
GD_DB_YQHS
GD_DB_YQHS_DEL
GD_DB_YQYJ_YQMX_CX
GD_DB_YQ_QC
GD_DB_ZCBZJ
GD_DB_ZCBZJ_DEL
GD_DB_ZCBZJ_FH
GD_DB_ZCBZJ_FH_DEL
GD_DB_ZJHB
GD_DB_ZJHB_SHYJ
GD_DB_ZYDB
GD_DB_ZYDB_BG
GD_DKYQ_TEL
GD_DK_BG
GD_DK_BG_SHYJ
GD_DK_BZJ_BG
GD_DK_BZJ_FH
GD_DK_BZJ_FH_SHYJ
GD_DK_BZJ_JX
GD_DK_BZJ_SZMX
GD_DK_BZJ_SZMX_DEL
GD_DK_BZJ_ZZ
GD_DK_FF_DEL
GD_DK_FZZ
GD_DK_HK
GD_DK_HK_DEL
GD_DK_HK_QC
GD_DK_HMD
GD_DK_HTFH
GD_DK_JQ_DEL
GD_DK_KKZHTZ
GD_DK_REPLOG
GD_DK_XXBG
GD_DK_YD_ZZ
GD_DK_YH
GD_DK_YHJETZ
GD_DK_YQ
GD_DK_YQCS
GD_DK_YWLC
GD_DK_ZZ
GD_FF_TMP
GD_FXLL
GD_GRDKLL
GD_HKJECHK
GD_HK_TMP
GD_KFS_DSHCY
GD_SFDW
GD_SFDW_SHYJ
GD_SH_YJ
GD_SQ_DB
GD_SQ_DBDW
GD_SQ_DB_SC
GD_SQ_DK
GD_SQ_GYCQR
GD_SQ_GZ
GD_SQ_GZLL
GD_SQ_JB
GD_SQ_JTCC
GD_SQ_JTFZ
GD_SQ_JTSR
GD_SQ_JTZC
GD_SQ_SC
GD_SQ_SH
GD_SQ_SQCL
GD_SQ_SQR
GD_SQ_SQR_BG
GD_SQ_SQR_DEL
GD_SQ_TB
GD_TX_DKHK_YHYEK
GD_TX_DK_FF
GD_TX_HK
GD_TX_HK_YH
GD_TX_TQHK
GD_TX_YHMX
GD_WD_DK_MRQK
GD_WD_DK_MRQK_NEXT
GD_WD_DK_MYQK
GD_WD_DK_QC
GD_WD_DK_QC_NEXT
GD_WD_YWRJ
GD_XM_BG
GD_XM_BG_SHYJ
GD_XM_FW
GD_XM_GYTDSYZ
GD_XM_JB
GD_XM_JHBMLXWJ
GD_XM_JSGCGHXKZ
GD_XM_JSYDGHXKZ
GD_XM_JZGCSGXKZ
GD_XM_LD
GD_XM_LP
GD_XM_QYYH
GD_XM_QYYH_TMP
GD_XM_SHYJ
GD_XM_SPWJ
GD_XM_WTYH
GD_XM_XKZ
GD_XM_XKZ_SHYJ
GD_XZDW_BXGS
GD_XZDW_CSDLJG
GD_XZDW_DBDW
GD_XZDW_DBGS
GD_XZDW_DYDLGS
GD_XZDW_FCPG
GD_XZDW_GZJG
GD_XZDW_LSSW
GD_XZDW_ZJGS
GZ_DWJC_TEL
GZ_DW_BG
GZ_DW_CZHJ
GZ_DW_FYQK
GZ_DW_HB
GZ_DW_HB_DEL
GZ_DW_JCBG
GZ_DW_JCBG_DEL
GZ_DW_JCRD
GZ_DW_JCRD_1024
GZ_DW_JCRD_DEL
GZ_DW_JCRD_DEPT
GZ_DW_JCRD_TMP
GZ_DW_JK
GZ_DW_JK_DEL
GZ_DW_JK_DZ_TMP
GZ_DW_JK_QC
GZ_DW_JZ
GZ_DW_JZ_LSND
GZ_DW_MYLX
GZ_DW_WYID_TMP
GZ_DW_YTLX
GZ_DW_ZCKTQ
GZ_DW_ZCKTQ_DEL
GZ_DW_ZZ
GZ_DW_ZZ_1120
GZ_DW_ZZ_LSND
GZ_DW_ZZ_ZCK
GZ_GJD_LSND
GZ_GJ_MRZZ
GZ_GJ_NZJC
GZ_GRCKLL
GZ_GR_FZ
GZ_GR_FZBG
GZ_GR_HB
GZ_GR_HBJ
GZ_GR_HBJ_DEL
GZ_GR_HB_DEL
GZ_GR_JCHD
GZ_GR_TQ
GZ_GR_TQCL
GZ_GR_TQCL_BG
GZ_GR_TQCL_DEL
GZ_GR_TQCL_FZ
GZ_GR_TQ_DEL
GZ_GR_TZ
GZ_GR_WSZC
GZ_GR_ZCTQ
GZ_GR_ZR
GZ_GR_ZR_DEL
GZ_GR_ZZ
GZ_GR_ZZBG
GZ_GR_ZZBG_DEL
GZ_GR_ZZBG_QC
GZ_GR_ZZBG_QC_DEL
GZ_GR_ZZ_LSND
GZ_TX_LMK_ZKMX
GZ_TX_TQDZMX
GZ_TX_TQKHMX
GZ_WD_GJTQ_MYQK
GZ_WD_GJTQ_QC
GZ_WD_TQ_MYQK
GZ_WD_TQ_QC
GZ_WD_YWRJ
G_AUTHORS
G_BOOKS
G_BOOK_AUTHORS
G_CART
G_CUSTOMERS
G_ORDERS
G_LINE_ITEMS
HR_YG_BG
HR_YG_JB
HR_YG_SJQX
HR_YG_SJQX_BM
HR_YG_SJQX_CBWD
HR_YG_SJQX_DW
HR_YG_SJQX_GJD
HR_YG_SJQX_YH
IM_DKSXF
IM_DQCK
IM_DQCKDF
IM_DQCKYTMXB
IM_GJSXF
IM_GZDFK
IM_GZFXB
IM_GZK
IM_GZPZB
IM_GZYTMXB
IM_SYXXB
IM_SYXXB_DQ
IM_SYXXB_FF
IM_SYXXB_GZ
IM_SYXXB_SPYJ
IM_SYXXB_TBZJ
IM_YWPJ
IM_YWPJ_CX
IM_YWPJ_MX
IM_YWPJ_SQ
IM_YWPJ_YW
IM_YWPJ_ZF
PLSQL_PROFILER_RUNS
PLSQL_PROFILER_UNITS
PLSQL_PROFILER_DATA
SMS_DXDLB
SMS_DXGSB
SMS_DXNRXSZ
SMS_DXYWB
SMS_HMFZB
SMS_QYBGB
SMS_QYXXB
SMS_SDFSDLB
SMS_SJHMB
SMS_TMP_DXTJ
SMS_TMP_HMDRB
SMS_TMP_ZGSQ
TA
TMP_CW_LOADPZML
TMP_CW_LSPZXM
TMP_CW_TABLE
TMP_DB_TABLE
TMP_GD_TABLE
TMP_GZ_GR_ZZ
TMP_GZ_TABLE
TMP_LOGERR
TMP_SYS_PROCESSLOG
TMP_USERXX_TABLE
T_MK_APP_GD_SQ_SH
T_MK_APP_GZDWJCBGK
T_MK_SYS_DEPT
T_MK_SYS_DEPT_LEADER
T_MK_SYS_DEPT_USER
T_MK_SYS_DICTIONARY
T_MK_SYS_DICTIONARY_DATA
T_MK_SYS_MESSAGES
T_MK_SYS_PERSONNEL
T_MK_SYS_ROLE
T_MK_SYS_ROLE_USER
T_MK_SYS_SEQ
T_MK_SYS_USER
T_MK_SYS_USERSTATE
T_MK_SYS_WF_FLOWLOG
T_MK_SYS_WF_NODELOG
T_MK_SYS_WF_OPINIONLOG
T_MK_SYS_WF_PROCESSLOG
T_MK_SYS_WF_ROUTELOG
T_WA_SYS_BOCLOG
T_WA_SYS_CALLLOG
T_WA_SYS_CON_LOG
T_WA_SYS_DBTRACE
T_WA_SYS_HOLIDAY
T_WA_SYS_INFO
T_WA_SYS_LOG_ERR
T_WA_SYS_OPTLOG
T_WA_SYS_PROC_RET_CODE
T_WA_SYS_SIGN
T_WA_SYS_USER_SCOPE
T_WA_USERXXBG_LOG
WA_DICTIONARY
WA_TABLE1
WA_TABLE11
WA_TABLE12
WA_TABLE13
WA_TABLE14
WA_TABLE2
WA_TABLE3
WA_TABLE5
WA_TABLE6
WA_TABLE7
WA_TABLE8
LSBA079
LSBYHZH
LSBC
LSBD
LSBE
LSB12
LSBA000
LSB0
DAIKOU
LSBQ
LSBW
LSBA
LSBB
LSB
TMP_123123
TMP_123124
TMP_123126
TMP_CW_PZ_LOAD123
TMP_123125
TMP1231237
GZ_WD_TQ_MYQK_BF
TMP_123130
TMP_123127
PARAMETER
GZ_WD_GJTQ_MYQK_BF
TMP_123131
GD_SQ_SQR_BF
GD_SQ_SH_BF
GD_SQ_JB_BF
GZ_DW_JCRD_BF
GZ_GR_JCHD_BF
TMP_GZ_GR_JCHD
TMP_TEST
TMP_TEST1
BTINFO
GR_TQINFO
DW_TQINFO
DK_TQINFO
GD_WD_DK_MYQKBUG
GZ_DW_ZCKTZ
GZ_DW_ZCKTZ_DEL
GD_WD_DK_MYQK1
GD_DK_FZZ_1
TMP_GD_TABLE17
GZ_WD_GJTQ_MYQKBF
GD_DK_HK_20131203
LSBHK
LSBNC
LSBTQ
LSBTQMYQK
GZ_WD_GJTQ_MYQK_1
GZ_GR_ZZBGBF
GZ_GR_ZZBGJS
CW_GR_PZBF
GZ_DW_ZZBF
GZ_DW_ZZBF1
CW_GR_PZBF1
CW_GR_PZ2
GZ_DW_ZZ2
GZ_GR_ZZBG1
GZ_GR_ZZBG2
CW_GR_PZ_NCYE_LSNDBF
GD_DK_FF_DEL_BQ
CW_KMYELSB
GD_DK_ZZ_1
GD_DK_ZZ_BF
GZ_DW_MYLX_BF
BF
HD
WE
WE_1
GZ_DW_CZHJ_BF
T_MK_APP_LSB
T_MK_APP_YXTS
T_MK_APP_ZJBF
T_MK_APP_ATTENDANCE
T_MK_APP_ATTENDANCE_KG
T_MK_APP_ATTENDANCE_RECORD
T_MK_APP_ATTENDANCE_WORKDAY
T_MK_APP_ATTENDANCE_WORKTIME
T_MK_APP_DAY_TO_DAY_BILL
T_MK_APP_EXPENSE
T_MK_APP_FINANCE_SUBJECT
T_MK_APP_FORUM
T_MK_APP_FORUM_CATEGORY
T_MK_APP_GDZC_RECORD
T_MK_APP_JTSHGX
T_MK_APP_KNOWLEDGE_TAG
T_MK_APP_KNOWLEDGE_TAG_BIND
T_MK_APP_KNOWLEDGE_VALUE
T_MK_APP_LOAN
T_MK_APP_MAIL
T_MK_APP_MAIL_MAPPING
T_MK_APP_MAIL_RULE
T_MK_APP_MAIL_RULE_DETAIL
T_MK_APP_MAIL_TAG_MAPPING
T_MK_APP_MEETING_ROOM
T_MK_APP_MEETING_PLAN
T_MK_APP_METTING_BUDGET
T_MK_APP_MEETING_FEEDBACK
T_MK_APP_MOBILE_MSG
T_MK_APP_POLLVOTE
T_MK_APP_STUDY_EXPERIENCE
T_MK_APP_TASKCB
T_MK_APP_TASKFK
T_MK_APP_TRAIN_BUDGET
T_MK_APP_TRAIN_MUTUAL
T_MK_APP_TRAVEL_BILL
T_MK_APP_VEHICLE_APPLICATION
T_MK_APP_VEHICLE_COUNT
T_MK_APP_VEHICLE_GIVE_BACK
T_MK_APP_VEHICLE_INFORMATION
T_MK_APP_VEHICLE_MAINTENANCE
T_MK_APP_VOTE
T_MK_APP_WORKLOG_BASIC
T_MK_APP_WORKLOG_NEXT
T_MK_APP_WORK_EXPERIENCE
T_MK_APP_WORK_OVER_COUNT
T_MK_USER_OFFICEVENDOR
T_MK_APP_EXPENSE_PEOPLE
TMP_RECORD_BYMONTH
T_WA_APP_ATTENDANCE_ND_COUNT
T_WA_APP_ATTENDANCE_COUNT
HR_PERSONNEL_CHANGE
HR_JTSHGX
T_WA_APP_COUNT
HR_WORK_EXPERIENCE
HR_STUDY_EXPERIENCE
HR_COMPACT
LSB_P018
CDS
CDS1
HK
HK1
GD_DK_ZZ_CS
A
W
WO
WO1
GZ_GR_FZ_BF
GZ_GR_ZZ_BF
GZ_CZDW_BZXX
GZ_DW_CZHJ_NEW
CW_BBDATAFILE
CW_BBML
T_MK_SYS_MENU
T_MK_SYS_MODULE_ROLE
T_MK_SYS_UPDATED
T_MK_SYS_USERCONFIG
T_WA_SYS_REPORT
WA_TABLE10
WA_TABLE4
WA_TABLE9
SYS_EXPORT_SCHEMA_01
SYS_EXPORT_SCHEMA_02
SYS_EXPORT_SCHEMA_03
T_MK_APP_CALENDAR
T_MK_APP_CALENDAR_TAG
T_MK_APP_COMPACT
T_MK_APP_DOCUMENT_ACCEPT
T_MK_APP_DOCUMENT_SEND
T_QL_APP_SENDDOC_WORDTEMPLATE
T_MK_APP_FAVORITE
T_MK_APP_FAVORITE_TAG
T_MK_APP_FOLDER
T_MK_APP_FORUM_SUBJECT
T_MK_APP_HASTEN
T_MK_APP_KNOWLEDGE
T_MK_APP_KNOWLEDGE_COMMENT
T_MK_APP_MAIL_ACCOUNT
T_MK_APP_MAIL_SIGNATURE
T_MK_APP_MAIL_TAG
T_MK_APP_MEETING_SUMMARY
T_MK_APP_NAMECARD
T_MK_APP_NAMECARD_PUBLIC
T_MK_APP_NAMECARD_TAG
T_MK_APP_NOTIFY
T_MK_APP_OFFICEUSE_DIC
T_MK_APP_REGULATIONS
T_MK_APP_REIMBURSE_APPLY
T_MK_APP_TASK
T_MK_APP_TASKMANAGE
T_MK_APP_TASKMANAGE_ONE
T_MK_APP_TASKRECORD
T_MK_APP_TRAIN
T_MK_APP_TRAIN_ACHIEVEMENT
T_MK_APP_TRAVEL_EXPENSE
T_MK_APP_WORKLOG
T_MK_APP_WORKREPORT
T_MK_APP_WORKREPORT_COMMENT
T_MK_APP_WORKREPORT_SCOPE
T_MK_APP_WORKREQUEST
T_MK_APP_WORK_OVER
HR_PERSONNEL
T_MK_SYS_FILES
BM_A003
BM_A003_NDSH
BM_A015
BM_A071
BM_A073
BM_A075
BM_A093
BM_A095
BM_A097
BM_B012_DW
BM_B012_DW_JCBG
BM_B012_GR
BM_B031
BM_BGCL
BM_C006
BM_CKLX_IM
BM_CON_CHG_CLASS
BM_CSDQ
BM_CW_JSLX
BM_CXLX
BM_D006
BM_D014
BM_DBFS
BM_DBSFXM
BM_DB_YWLB
BM_DJYY
BM_DKBGLB
BM_DKDA
BM_DKLX
BM_DKSPJB
BM_DKSPSC
BM_DKTJ
BM_DKXMXZ
BM_DKXTBMDY
BM_DKXX
BM_DKYWLC
BM_DKZGTJ
BM_DKZT
BM_DQLL_IM
BM_DWZT
BM_DYLX
BM_FCLB_DW
BM_FCYY
BM_FWJG
BM_FWTX
BM_FWXZ
BM_FZXM
BM_G071
BM_G094
BM_G095
BM_GD_CODETYPE
BM_GD_TWLC
BM_GZGMFS
BM_GZLX_IM
BM_GZ_CODETYPE
BM_HKFS
BM_HKLX_IM
BM_HKZT
BM_HZDW
BM_JDYY
BM_JSLX
BM_KHCL
BM_KKYH
BM_KMDY_DB
BM_KMDY_GD
BM_KMDY_GZ
BM_KMDY_IM
BM_LSDA
BM_P012
BM_P015
BM_PJYH
BM_PJZL
BM_PJZL_IM
BM_PJZT
BM_QFYY
BM_SFXM
BM_SFYH
BM_SFYH_YHZH
BM_SPWJ
BM_SPZT_GZ
BM_SQDKZT
BM_SRXM
BM_SSGX
BM_SSQX
BM_SSZH
BM_SYS_CODETYPE
BM_TQCL
BM_TQFW
BM_TQSBYY
BM_TXJY
BM_WLDW_IM
BM_WTDW
BM_XGCL
BM_XHCL
BM_XHYY
BM_XHZM
BM_XTCS_CW
BM_XTCS_DB
BM_XTCS_GD
BM_XTCS_GZ
BM_XTCS_IM
BM_XTCS_TEL
BM_YH_IM
BM_YQFL
BM_YWZL_CW
BM_ZCXM
BM_ZFLX
BM_ZGBM
BM_ZGHY
BM_ZGXL
BM_ZGZC
BM_ZGZT
BM_ZGZW
BM_ZGZY
BM_ZHLX_IM
BM_ZHSZ_IM
BM_ZJHB_KXXZ
BM_ZJHB_SPZT
BM_ZJLX
BM_ZJSYLX_IM
BM_ZQGS_IM
BM_ZXDJ
BM_ZXZB
BM_ZXZBBZ
BM_ZYDY_GD
BM_ZYDY_GZ
BM_ZYZG
BM_ZZXM
CL_CLIENT_BASIC
CL_CLIENT_BASIC_TRACE
CW_BBDATA
CW_DB_PZ
CW_DB_PZ_DEL
CW_DW_PZ
CW_DW_PZ_DEL
CW_DW_PZ_NCYE
CW_DW_YWRJ
CW_FZHS_LB
CW_FZHS_LSQCJE
CW_FZHS_MX
CW_FZHS_QCJE
CW_GR_PZ
CW_GR_PZ_DEL
CW_GR_PZ_DK_BAK
CW_GR_PZ_NCYE
CW_JZPZ_SZ
CW_JZRQ
CW_KMBM
CW_KMJB
CW_KMYE
CW_LOAD_PZ_FL
CW_LOAD_PZ_MX
CW_MXZ_ML
CW_MXZ_NR
CW_ND
CW_PZ_FL
CW_PZ_FL_DEL
CW_PZ_LB
CW_PZ_ML
CW_PZ_YW
CW_PZ_YW_DEL
CW_PZ_ZY
CW_RP_INFO
CW_TEST
CW_USER_QX
CW_XMYE
CW_YD_JZ
CW_YHDZD
CW_YHDZD_LOAD
CW_YHDZ_INIT
CW_YHDZ_LOAD_DZD
CW_YHDZ_LOAD_RJZ
CW_YHLL
CW_YHRJZ
CW_YWKM
CW_YWPJ
CW_YWPJ_CX
CW_YWPJ_DY
CW_YWPJ_MX
CW_YWPJ_SQ
CW_YWPJ_ZF
CW_ZTML
GD_BZJLL
GD_DB_BZJ_YQ
GD_DB_BZJ_YQ_DEL
GD_DB_BZJ_ZZ
GD_DB_DBFWF
GD_DB_DBFWF_DEL
GD_DB_DESXF
GD_DB_DESXF_DEL
GD_DB_DYDB
GD_DB_DYDB_BG
GD_DB_DYDJF
GD_DB_DYDJF_DEL
GD_DB_DZF
GD_DB_DZF_DEL
GD_DB_DZWDF
GD_DB_DZWDF_DEL
GD_DB_FCPG
GD_DB_FF
GD_DB_FF_DEL
GD_DB_FKXX
GD_DB_FXLL
GD_DB_FXTZ
GD_DB_GRBZJ
GD_DB_GRBZJ_DEL
GD_DB_GRBZJ_FH
GD_DB_GRBZJ_FH_DEL
GD_DB_GRDB
GD_DB_GRDB_BG
GD_DB_HK
GD_DB_HK_DEL
GD_DB_KFSBZJ
GD_DB_KFSBZJ_DEL
GD_DB_KFSBZJ_FH
GD_DB_KFSBZJ_FH_DEL
GD_DB_PGF
GD_DB_PGF_DEL
GD_DB_SF_FH
GD_DB_SF_FH_DEL
GD_DB_SF_ZZ
GD_DB_SKXX
GD_DB_TX_DBSF
GD_DB_TX_YQHK
GD_DB_XMZLF
GD_DB_XMZLF_DEL
GD_DB_XXBG
TMP_GD_DB_YQDC_YQMX_CX
TMP_GD_DB_TX_YQHS_CHK
TMP_GD_DB_TX_DBSF_CHK
TMP_GD_DB_SFXX_CX
TMP_GD_DB_FDBJ_ZPDY_CX1
TMP_GD_DB_FDBJ_ZPDY_CX
TMP_GD_DB_FDBJ_PJDY_CX1
TMP_GD_DB_FDBJ_PJDY_CX
TMP_GD_DB_FDBJ_MX_CX
TMP_GD_DB_FDBJ_HZ_CX
TMP_GD_DB_DKFF_ZPDY_CX1
TMP_GD_DB_DKFF_ZPDY_CX
TMP_GD_DB_DKFF_MX_CX
TMP_GD_DB_DBSF_CX
TMP_GD_DB_DBSFMX_CX1
TMP_GD_DB_DBSFMX_CX
TMP_GD_DB_DBSFHZ_CX
TMP_GD_DB_DATACHK
TMP_GD_DATACHK
TMP_GD_BZJ_TJCX
TMP_GD_BZJ_MXCX
TMP_GD_BZJAJJ_TJCX
TMP_DWDJ_CX
TMP_DKHKMXCX
TMP_CW_YDGZBG
TMP_CW_SSPH
TMP_CW_RJMX
TMP_CW_RJCX
TMP_CW_PZ_LOAD
TMP_CW_PZML_DOWNLOAD
TMP_CW_PZLBCX
TMP_CW_PZHZ_ML
TMP_CW_PZHZ
TMP_CW_PZFJ
TMP_CW_PZBM_ADJUST_INFO
TMP_CW_NJ
TMP_CW_MXZ
TMP_CW_MAXPZBM
TMP_CW_LOAD_PZ_YS
TMP_CW_LOAD_PZ_HZ2
TMP_CW_LOAD_PZ_HZ1
TMP_CW_KMDZ_CALC1
TMP_CW_KMDZ_CALC
TMP_CW_KMCX
TMP_CW_JZPZ_CALC
TMP_CW_JZKM
TMP_CW_JZCX1
TMP_CW_JZCX
TMP_CW_GR_PZ
TMP_CW_GRZZ_CALC
TMP_CW_GRMXZ_CALC
TMP_CW_FZJELOAD
TMP_CW_FZHSZZ_CALC
TMP_CW_FSEYE
TMP_CW_DW_PZ
TMP_CW_DWZZ_CALC
TMP_CW_DWMXZ_CALC
TMP_CL_CLIENT_QUERY_CONTRAST
GD_DB_DKFF_MX_CX
TMP_GZ_GR_JSBG_CHG_DR
TMP_GZ_GR_INFOCHG_CX
TMP_GZ_GR_GRTS_CZDY
TMP_GZ_GR_GRCX
TMP_GZ_GR_FCBLQC_ADD_PLDR
TMP_GZ_GR_DZMX_CX_LSND
TMP_GZ_GR_DZMX_CX_2
TMP_GZ_GR_DZMX_CX_1
TMP_GZ_GR_DZMX_CX
TMP_GZ_GR_BJQC_ADD_DR
TMP_GZ_GRCKLL
TMP_GZ_GJ_YTLX_CX
TMP_GZ_GJ_MRZZ_ZJL
TMP_GZ_GJD_DATA_CHK
TMP_GZ_DW_ZYTSCX
TMP_GZ_DW_ZCYE_CALC
TMP_GZ_DW_ZCKMXZ_CX
TMP_GZ_DW_YWLS_CX_1
TMP_GZ_DW_YWLS_CX
TMP_GZ_DW_YWFLTJ_CX_BM
TMP_GZ_DW_YWFLTJ_CX
TMP_GZ_DW_YTLX_CX
TMP_GZ_DW_YTLX_CHK
TMP_GZ_DW_WFHYW_CX
TMP_GZ_DW_TSCX
TMP_GZ_DW_TQJE_CX
TMP_GZ_DW_SFZH_CHK
TMP_GZ_DW_QJCX1
TMP_GZ_DW_QJCX
TMP_GZ_DW_NDJX_CHK
TMP_GZ_DW_MXZ_CX
TMP_GZ_DW_JCTJ_CHK
TMP_GZ_DW_JCTJ
TMP_GZ_DW_HJQC_CX_PL_1
TMP_GZ_DW_DATA_CHK
TMP_GZ_DW_CZHJ_CHK
TMP_GZ_DW_CZHJ
TMP_GZ_DW_BGMX_CX_DY
TMP_GZ_DW_BGMX_CX_2
TMP_GZ_DW_BGMX_CX_1
TMP_GZ_DW_BGMX_CX
TMP_GZ_DW_BGHZ_CX_1
TMP_GZ_DW_BGHZ_CX
TMP_GZ_DPTXXBG_CX
TMP_GZ_DESKTOP_COLUMN_QUERY
TMP_GJD_WD_DATA_CHK
TMP_GD_ZQHKRZ2
TMP_GD_ZQHKRZ1
TMP_GD_ZQHKRZ
TMP_GD_YQTJ_CX
TMP_GD_YQMX_CX_2
TMP_GD_YQMX_CX_1
TMP_GD_YQMX_CX
TMP_GD_WD_RJMX_CX
TMP_GD_WD_MJZZ_CX
TMP_GD_WD_JZQK_CX
TMP_GD_HKMX
TMP_GD_DK_DKYW_TJCX
TMP_GD_DK_DKQK_TJCX
TMP_GD_DK_DKHS_TJCX
TMP_GD_DK_DKFF_TJCX
TMP_GD_DK_DCTQ_MXCX1
TMP_GD_DK_DCTQ_MXCX
TMP_GD_DKXXBGNRCX
TMP_GD_DKHTYWLCCX
TMP_GD_DKHKMXCX
TMP_GD_DKHKJSCX
TMP_GD_DKHKJHCX
TMP_GD_DKEDNXCALC
TMP_GD_DKBGSQXXCX
TMP_GD_DB_YQ_MXCX
TMP_GD_DB_YQ_CX
TMP_GD_DB_YQYJ_YQMX_CX
TMP_GD_DB_YQQK_HZCX5
TMP_GD_DB_YQQK_HZCX4
TMP_GD_DB_YQQK_HZCX3
TMP_GD_DB_YQQK_HZCX2
TMP_GD_DB_YQQK_HZCX1
TMP_GD_DB_YQQK_HZCX
TMP_GD_DB_YQHS_HZCX1
TMP_GD_DB_YQHS_HZCX
TMP_GD_DB_YQHS_CX
TMP_GD_DK_YWQK_CX1
TMP_GD_DK_YWQK_CX
TMP_GZ_GJYE_CALC
TMP_GZ_DW_BG_CX
TMP_GZ_WD_JCQKB
TMP_GZ_DW_HJQC_CX_PL
TMP_ZX_GRDKQKTJCX_YH
TMP_ZX_DWQKTJCX
TMP_ZX_GRQKTJCX_DW
TMP_GZ_GR_SFZDR
TMP_GZ_DW_CZHJCX
TMP_GZ_GJD_DATA_CHK_GR
TMP_ZGKH_CX
TMP_USER_INFO
TMP_TABLE_ZZ
TMP_SSPH_CALC
TMP_P_GD_DB_DBSF_CX
TMP_LXJS_ZR
TMP_LXJS_ZQ
TMP_LXJS_SC
TMP_LXJS_BJ
TMP_KM_INFO
TMP_IM_YHYE_CX
TMP_IM_TXJC
TMP_GZ_WD_RJMX_CX
TMP_GZ_WD_MJZZ_CX_GJ_JC
TMP_GZ_WD_MJZZ_CX_GJ
TMP_GZ_WD_JZQK_CX
TMP_GZ_WD_GJQKB_CX
TMP_GZ_WD_DATA_CHK
TMP_GZ_TYCX
TMP_GZ_TX_YHZK_CX
TMP_GZ_GR_ZMHBQC_ADD_PL
TMP_GZ_GR_XZKH_ADD_PLDR
TMP_GZ_GR_XHZQQC_ADD_PL
TMP_GZ_GR_WBZCQC_ADD_PLGX
TMP_GZ_GR_WBZCQC_ADD_PL
TMP_GZ_GR_TQRKMX_CX
TMP_GZ_GR_QFBLQC_ADD_PLDR
TMP_GZ_GR_NBZYQC_ADD_PL
TMP_GZ_GR_MX_CX_PL
TMP_GZ_GR_MX_CX_LSND
TMP_GZ_GR_MX_CX
TMP_GZ_GR_ZGZ_CX
TMP_GZ_GR_ZGZ_CX1
TMP_GZ_LJGJTJB_CX

数据库表结构

http://**.**.**.**/syswscx/css/2.jsp

7

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:9

确认时间:2015-12-31 18:06

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给黑龙江分中心,由其后续协调网站管理单位处置。

最新状态:

暂无