乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-14: 细节已通知厂商并且等待厂商处理中 2016-01-19: 厂商已经主动忽略漏洞,细节向公众公开
**.**.**.**/pages/jsp/sys/login.jsp 浙江省湖州市机动车驾驶员培训系统,存在命令执行,通过写shell配置数据库发现几千万的信息,包括300个的驾校,近百万的个人信息,个人详细的身份信息以及照片,还有考试成绩信息和管理,数据过于庞大,截取部分作为证明。
<name>TC</name> <jdbc-driver-params> <url>jdbc:oracle:thin:@**.**.**.**:1521/dfo</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>dfo</value> </property> </properties> <password-encrypted>{AES}ynJBc1rGQmAxPQCo5lveUNkLBHWqLy6pzxcgCyLFUqGs9aXlyLGEf+51U1qD0R1R</password-encrypted> wellcom_hzdfo_yw
数据库配置
Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS descTABLE_NAMEVARCHAR2 NUM_ROWSNUMBERTMP_QUESTION GPS_CARCOORDINATE_CLOBTMP SYS_DEVICELOG 17311824WEBSER_OPERLOG 10073194PRO_TRAININFO 9106766STU_TRAININFO_12_10 8674868ACT_SUMMARIZE 6178515PRO_PHOTO 3685720GEN_STUDENTEXAMINFO 3325434GEN_PRO_STUDENTAPPLY 2136301GEN_MAKEPRICEINFO 1571264SYS_USERICWRITELOG 1424205GEN_BUYCLOCKINFO 1272972GEN_STUDENTEXAMSUMMARYINFO 1159816STU_TRAININFO_15_07 1089022STU_TRAININFO_15_08 1070771STU_TRAININFO_14_07 940939STU_TRAININFO_15_05 928601STU_TRAININFO_14_12 926271STU_TRAININFO_14_08 916410STU_TRAININFO_14_06 891777STU_TRAININFO_15_06 872232STU_TRAININFO_13_08 854182STU_TRAININFO_13_12 838554STU_TRAININFO_14_11 833071STU_TRAININFO_15_04 804343STU_TRAININFO_15_01 793456STU_TRAININFO_14_09 791918STU_TRAININFO_14_01 783345GEN_FINGERINFO 782854STU_TRAININFO_13_11 767463GEN_STUDENTEXAMINFO_TEST 759333STU_TRAININFO_13_06 753833STU_TRAININFO_13_10 752268STU_TRAININFO_14_05 751673STU_TRAININFO_13_07 748317STU_TRAININFO_13_09 714443STU_TRAININFO_15_02 700287STU_TRAININFO_15_03 696492STU_TRAININFO_14_10 658278STU_TRAININFO_14_04 658244STU_TRAININFO_14_03 650183GEN_STUDENTEXAMSCORE 621849GEN_STUDENTINFO 609966GEN_STUDENTEXTINFO 592873GEN_APPRAISALLINFO 582993PRO_COACHTEACH_15 567640STU_TRAININFO_13_05 535596PRO_COACHTEACH_14 501686GEN_STUDENTINFO_BAK_150123 494305STU_TRAININFO_14_02 486048PRO_COACHTEACH_13 476683EQU_ICCARDINFO 470322GEN_STUDENTEXTINFO_BAK_150123 462427STU_TRAININFO_12_12 431030PRO_TRAININFO_TMP_ORACLE 424929GEN_PAYMENTINFO 417395GEN_STUDENTCARDINFO 411985STU_TRAININFO_13_04 410248STU_TRAININFO_13_01 407798STU_TRAININFO_12_11 380941PRO_COACHTEACH_12 373958STU_TRAININFO_13_03 338048EQU_INCOMEINFO 320992GEN_PRINTMANAGE 307862SYS_USEROPERATELOG 243823STU_TRAININFO_15_09 209386STU_TRAININFO_13_02 201691GEN_CLASSAPPLYINFO 174772GEN_PRO_CHANGECOAAPPLY 118817TEMP_EQU_CARDINFO 101618GEN_STUDENT_SOURCEINFO 100585GPS_OFFSET 94823SCH_SCHOOLCARWARNINFO 61513PRO_WXTRAININFO 30854PRO_TRAININFO_HZ 24657OA_READLOG 24202SCH_COAFINGERINFO 24127PRO_LOCKCARD 24010STU_TRAININFO_12_09 23250PRO_ICMAKEUPINFO 22647PRO_WXTRAINRECORD 18036GEN_STANDBYSIGNININFO 16750PRO_COACHTEACH_16 14202PRO_COACHTEACH_10 13280PRO_COACHTEACH_11 13089PRO_TRAININFO_20140427 12234SYS_ROLEPOWER 11784TEMP_TRAININFO 10253GEN_PRO_RETIREAPPLY 9059EQU_DRAWDETAIL 8837TEMP_TRAININFO_MID 8774GEN_PRO_RETIRECHECK 8478OA_GPRSMESSAGEDETAIL 7592EQU_DRAWINFO 7445GEN_PRO_AMENDDETAIL 7383GEN_PRO_AMENDINFO 6941GEN_STUDENTSOURCE_CHANGELOG 4945BASE_COURSE_SCHOOL 4892SCH_COACHCARDINFO 4568GEN_STUDENPRESIGN 4563EQU_POSUSEINFO 4313HZ_STUDENTINFO 3927SYS_ROLEPOWER_TMP 3856EQU_POSINFO 3517OA_MESSAGEOBJECT 3341TRAININFOTEMP 3308SCH_COACHEXTINFO 3110SCH_COACHINFO 3096THE_EXAMQUESTION 3075SCH_SCHOOLCARINFO 2945YW_PROJECTBILL 2548GEN_SHIFTSINFO 2318OA_GPRSMESSAGE 2182SCH_PRO_COACHAPPLY 1814SCH_COACHEVALUATION 1798SCH_TUITIONINFO 1649PRO_TRAININFO_TMP 1607GPS_TMP_INFO 1585PRO_TRAININFO_CHANGE_TMP 1446OA_MESSAGEINFO 1191SYS_FINGERCOUNT 1174GPS_CARCOORDINATE_TEMP11 1143OA_ATTACHMENTINFO 1000SCH_COATEACHCTL 763ZZ2 749SCH_STANDBYSIGNININFO 678SYS_FUNINFO 670GEN_STUDENT_SIMRESERVE 588EQU_STEPPEDUPINFO 573PRO_COACHTEACH_TMP 571SCH_SCHOOLCAREJWHINFO 555SYS_LOGINFO 518GPS_SCHOOLVERSION 457GEN_PRO_STACKINFO 457SYS_USERPORTAL 319SYS_USERROLE 318SYS_USERINFO 318GEN_STUDENTNUM 253STU_TRAININFO_15_10 236SYS_MENUINFO 221SCH_SCHOOLPLACEINFO 154SYS_DICTIONARY 152SYS_ROLEINFO 147SYS_FINGERINFO 145STU_TRAININFO_12_08 132ZZ1 123GPS_AREATRAININFO 107PRO_DELETETRAININFO_BAK 103SYS_KEYVALUE 99TEACH_EXAMPERIOD 96SYS_PARAMINFO 93SIGNINGBANK_LOG 79STU_TRAININFO_15_11 79SCH_COACHGROUP 77SCH_SCHOOLINFO 62SCH_SCHOOLEXTINFO 61STU_TRAININFO_15_12 59THE_ARCHIVEEXAMINFO 57TEACH_MAINEXAMPERIOD 48STU_TRAININFO_12_06 47SCH_TEACHCTL 41TEACH_TRAINLOG 39EQU_COMMANDBYGPRS 38SYS_YEARMONTH 36SCH_SCHOOLINFO_TMP 35OA_REWARDSINFO 33THE_EXAMANSWERDETAIL 28TEACH_COD_TEACHTYPE 25PBCATEDT 21PBCATFMT 20YW_FAULTMANAGER 20SCH_SCHENROLL 19SYS_PRINT_ZZDY 17TEACH_DRIVECARTYPE 16TEACH_TARIFF 16TEACH_DRIVECARPARAM 16SCH_COACHREPLACED 13GEN_KBGL 10THE_CHAPTERINFO 10THE_ARCHIVELOGININFO 10SCH_COAREEDUCATE 8GEN_PRO_AMENDPARA 8SYS_DEPTINFO 7SYS_AREACODE_REL 7EQU_MATERIELINFO 7TEACH_SUBEXAMSUBJECTINFO 6GEN_OPERATORINFO 6SCH_SCHOOLDEVICEINFO 6SCH_SCHOOLLICENCE 6SYS_AREAINFO 6EQU_STORAGEINFO 6THE_DRIVERCARTYPE 4EQU_PRO_POSAPPLY 4TEACH_PRICEPARAM 4EQU_POWERINFO 3SCH_COACHSECONDCARDINFO 3TEACH_EXAMSUBJECTINFO 3PRO_TRAININFO_ERROR 2GEN_STUSECONDCARDINFO 1GEN_CARDVALID_MODIFY 1EQU_UPDATEFILEINFO 1SCH_COACHHISTORYINFO 1SCH_DEDUCTINFO 1SYS_EQUPARAM 1EQU_KEYS 1BANKUSERINFO 1MSG_TRANSPORT 1GPS_CARWARNINFO 1INF_DBLINK 1EQU_DATACONTINFO 0EQU_DEVUPCONTINFO 0EQU_DEVUPCONTLOGINFO 0EQU_POSVERSIONINFO 0STU_TRAININFO_16_01 0GEN_STUDENTSIMRESERVE 0GEN_COACHSURVEY 0EQU_POSSPECIALINFO 0TEST_SCH_COACHCOMMENT 0TEST_SCH_COACHCOMMENTDETAIL 0ONLINE_LOGINFO 0PBCATCOL 0PBCATTBL 0PBCATVLD 0PRO_TRAINLOG 0SCH_CHECKMANINFO 0SCH_COACHDEDUCTINFO 0SCH_COACHTEACHCARTYPE 0SCH_SCHOOLCARPDINFO 0MYTABLE 0ACT_TRAININFO 0BILL_INVOICEINFO 0BILL_INVOICE_DETAIL 0BILL_INVOICE_MASTER 0BILL_JYZINFO 0BILL_PHGL_DETAIL 0BILL_PHGL_MASTER 0BILL_PXJLDINFO 0EQU_PARAMINFO 0EQU_POSONLINE 0EQU_POWERUSEINFO 0GEN_STUDENTINFO_SCHOOLCODE_8 0GPS_INFO 0GPS_OFFSET_TMP 0STU_TRAININFO_12_01 0STU_TRAININFO_12_03 0STU_TRAININFO_12_04 0STU_TRAININFO_12_05 0SYS_USEREXTINFO 0SYS_USERPORTALSET 0SYS_USERPOWER 0THE_CURRENTEXAMINFO 0THE_CURRENTLOGININFO 0THE_REL_DRIVERCARCHAP 0
数据库结构
**.**.**.**/1.jspx 9635789
危害等级:无影响厂商忽略
忽略时间:2016-01-19 15:00
漏洞Rank:15 (WooYun评价)
暂无