当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0105639

漏洞标题:武汉大学梁子湖科学研究观测站大量数据泄漏(涉及银行卡账号,学号,科研数据等等)

相关厂商:武汉大学

漏洞作者: 路人甲

提交时间:2015-04-07 11:39

修复时间:2015-04-13 16:58

公开时间:2015-04-13 16:58

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-07: 细节已通知厂商并且等待厂商处理中
2015-04-13: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

科研数据,和生态环境有关的数据大量泄漏,研究生银行卡信息,官方邮箱密码等均泄漏,科研数据是和中科院有关的。

详细说明:

注入点:

mask 区域 
1.http://**.**.**/index.jspID_lanmu=1


部分数据表:(可方面数据都很详细)

web application technology: JSP
back-end DBMS: Microsoft SQL Server 2005
Database: ESApp
Table: lanmu_manage
[12 columns]
+-----------------+----------+
| Column          | Type     |
+-----------------+----------+
| CN              | int      |
| flag_name       | nvarchar |
| ID_lanmu        | nvarchar |
| lanmu           | nvarchar |
| leixing_zilanmu | nvarchar |
| lianjie         | nvarchar |
| RC1             | nvarchar |
| RCId            | nvarchar |
| RN              | int      |
| SheetNo         | nvarchar |
| zilanmu         | nvarchar |
| zilianjie       | nvarchar |
+-----------------+----------+
Database: ESApp
Table: S4观测场样地配置信息表_明细
[16 columns]
+-------------------+----------+
| Column            | Type     |
+-------------------+----------+
| CN                | int      |
| RC1               | nvarchar |
| RCId              | nvarchar |
| RN                | int      |
| SampSite_centerEL | decimal  |
| SampSite_centerNL | decimal  |
| SampSiteBeginTm   | nvarchar |
| SampSiteCode      | nvarchar |
| SampSiteEndTm     | nvarchar |
| SampSiteName      | nvarchar |
| SampSiteNote      | nvarchar |
| SampSiteShape     | nvarchar |
| SampSiteSize      | decimal  |
| SampSiteType      | nvarchar |
| SheetNo           | nvarchar |
| siteCode          | nvarchar |
+-------------------+----------+
Database: ESApp
Table: I1分类系统表_明细
[9 columns]
+--------------+----------+
| Column       | Type     |
+--------------+----------+
| ClassCode    | nvarchar |
| ClassName    | nvarchar |
| ClassRank    | nvarchar |
| ClassSysName | nvarchar |
| CN           | int      |
| RC1          | nvarchar |
| RCId         | nvarchar |
| RN           | int      |
| SheetNo      | nvarchar |
+--------------+----------+
Database: ESApp
Table: LA05湖泊微生物调查_明细
[21 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| HH0000  | nvarchar |
| LA0500  | nvarchar |
| LA0502  | int      |
| LA0504  | decimal  |
| LA0506  | decimal  |
| LA0508  | nvarchar |
| LA0510  | int      |
| LA0512  | int      |
| LA0514  | int      |
| LA0516  | int      |
| LA0518  | int      |
| LA0520  | int      |
| MM0000  | int      |
| Rc1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: LA01湖泊浮游植物调查_明细
[24 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| HH0000  | nvarchar |
| LA0100  | nvarchar |
| LA0102  | int      |
| LA0104  | decimal  |
| LA0106  | decimal  |
| LA0108  | nvarchar |
| LA0110  | decimal  |
| LA0112  | decimal  |
| LA0114  | decimal  |
| LA0116  | decimal  |
| LA0118  | decimal  |
| LA0120  | decimal  |
| LA0122  | decimal  |
| LA0124  | decimal  |
| LA0126  | decimal  |
| MM0000  | int      |
| Rc1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: ecoTypeCode_明细
[8 columns]
+-------------+----------+
| Column      | Type     |
+-------------+----------+
| CN          | int      |
| ecoType     | nvarchar |
| ecoTypeCode | nvarchar |
| ecoTypeDesc | nvarchar |
| RC1         | nvarchar |
| RCId        | nvarchar |
| RN          | int      |
| SheetNo     | nvarchar |
+-------------+----------+
Database: ESApp
Table: D33自动站逐月太阳辐射总量及其累计值_明细
[20 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| D3302   | decimal  |
| D3304   | decimal  |
| D3306   | decimal  |
| D3308   | decimal  |
| D3310   | decimal  |
| D3312   | decimal  |
| D3314   | nvarchar |
| D3316   | nvarchar |
| D3318   | nvarchar |
| D3320   | int      |
| D3322   | int      |
| MEM000  | nvarchar |
| MM0000  | int      |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: Tg01自动站每日逐时地表温度_明细
[34 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| MEM000  | nvarchar |
| MM0000  | int      |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| Tg0102  | decimal  |
| Tg0104  | decimal  |
| Tg0106  | decimal  |
| Tg0108  | decimal  |
| Tg0110  | decimal  |
| Tg0112  | decimal  |
| Tg0114  | decimal  |
| Tg0116  | decimal  |
| Tg0118  | decimal  |
| Tg0120  | decimal  |
| Tg0122  | decimal  |
| Tg0124  | decimal  |
| Tg0126  | decimal  |
| Tg0128  | decimal  |
| Tg0130  | decimal  |
| Tg0132  | decimal  |
| Tg0134  | decimal  |
| Tg0136  | decimal  |
| Tg0138  | decimal  |
| Tg0140  | decimal  |
| Tg0142  | decimal  |
| Tg0144  | decimal  |
| Tg0146  | decimal  |
| Tg0148  | decimal  |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: I2数据集分类表_明细
[10 columns]
+--------------+----------+
| Column       | Type     |
+--------------+----------+
| ClassCode    | nvarchar |
| ClassName    | nvarchar |
| ClassRank    | nvarchar |
| ClassSysName | nvarchar |
| CN           | int      |
| id           | nvarchar |
| RC1          | nvarchar |
| RCId         | nvarchar |
| RN           | int      |
| SheetNo      | nvarchar |
+--------------+----------+
Database: ESApp
Table: disClassCode_明细
[8 columns]
+--------------+----------+
| Column       | Type     |
+--------------+----------+
| CN           | int      |
| DisClass     | nvarchar |
| DisClassCode | nvarchar |
| DisClassDesc | nvarchar |
| RC1          | nvarchar |
| RCId         | nvarchar |
| RN           | int      |
| SheetNo      | nvarchar |
+--------------+----------+
Database: ESApp
Table: M6分析记录表_明细
[17 columns]
+-----------------+----------+
| Column          | Type     |
+-----------------+----------+
| anaCiteInfo     | nvarchar |
| anaInstr        | nvarchar |
| AnaItem         | nvarchar |
| anaMeth         | nvarchar |
| anaNote         | nvarchar |
| anaPerson       | nvarchar |
| anaRepeatNum    | int      |
| anaStand        | nvarchar |
| anaSubItem      | nvarchar |
| anaTempExtent   | nvarchar |
| CN              | int      |
| RC1             | nvarchar |
| RCId            | nvarchar |
| RN              | int      |
| SheetNo         | nvarchar |
| standSampleName | nvarchar |
| standSampleNo   | nvarchar |
+-----------------+----------+
Database: ESApp
Table: HB2自动站逐日水气压_明细
[12 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| MAX000  | decimal  |
| MEAN00  | decimal  |
| MIN000  | decimal  |
| MM0000  | int      |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: M8质控方法基本信息表_明细
[12 columns]
+-----------------+----------+
| Column          | Type     |
+-----------------+----------+
| CN              | int      |
| ErrDataNote     | nvarchar |
| id              | nvarchar |
| methQCStep1Desc | nvarchar |
| methQCStep2Desc | nvarchar |
| methQCStep3Desc | nvarchar |
| methQCStepNote  | nvarchar |
| NullDataNote    | nvarchar |
| RC1             | nvarchar |
| RCId            | nvarchar |
| RN              | int      |
| SheetNo         | nvarchar |
+-----------------+----------+
Database: ESApp
Table: TD1自动站每日逐时露点温度_明细
[34 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| MEM000  | nvarchar |
| MM0000  | int      |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| TD102   | decimal  |
| TD104   | decimal  |
| TD106   | decimal  |
| TD108   | decimal  |
| TD110   | decimal  |
| TD112   | decimal  |
| TD114   | decimal  |
| TD116   | decimal  |
| TD118   | decimal  |
| TD120   | decimal  |
| TD122   | decimal  |
| TD124   | decimal  |
| TD126   | decimal  |
| TD128   | decimal  |
| TD130   | decimal  |
| TD132   | decimal  |
| TD134   | decimal  |
| TD136   | decimal  |
| TD138   | decimal  |
| TD140   | decimal  |
| TD142   | decimal  |
| TD144   | decimal  |
| TD146   | decimal  |
| TD148   | decimal  |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: LA08湖泊浮游植物叶绿素_明细
[16 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| HH0000  | nvarchar |
| LA0800  | nvarchar |
| LA0802  | int      |
| LA0804  | decimal  |
| LA0806  | decimal  |
| LA0808  | nvarchar |
| LA0810  | decimal  |
| MM0000  | int      |
| Rc1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: A1属性信息表_明细
[14 columns]
+------------+----------+
| Column     | Type     |
+------------+----------+
| attrDec    | int      |
| attrDesc   | nvarchar |
| attrID     | nvarchar |
| attrLength | int      |
| attrName   | nvarchar |
| attrSeq    | int      |
| attrType   | nvarchar |
| attrUnit   | nvarchar |
| CN         | int      |
| entID      | nvarchar |
| RC1        | nvarchar |
| RCId       | nvarchar |
| RN         | int      |
| SheetNo    | nvarchar |
+------------+----------+
Database: ESApp
Table: S7外部链接文件信息表_明细
[11 columns]
+-------------+----------+
| Column      | Type     |
+-------------+----------+
| CN          | int      |
| formatName  | nvarchar |
| formatNote  | nvarchar |
| formatVer   | nvarchar |
| outFileName | nvarchar |
| RC1         | nvarchar |
| RCId        | nvarchar |
| relObjCode  | nvarchar |
| relObjType  | nvarchar |
| RN          | int      |
| SheetNo     | nvarchar |
+-------------+----------+
Database: ESApp
Table: D32自动站逐日太阳辐射总量及其累计值_明细
[21 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| D3202   | decimal  |
| D3204   | decimal  |
| D3206   | decimal  |
| D3208   | decimal  |
| D3210   | decimal  |
| D3212   | decimal  |
| D3214   | nvarchar |
| D3216   | nvarchar |
| D3218   | nvarchar |
| D3220   | int      |
| D3222   | int      |
| DD0000  | int      |
| MEM000  | nvarchar |
| MM0000  | int      |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: email
[8 columns]
+----------+----------+
| Column   | Type     |
+----------+----------+
| CN       | int      |
| name     | nvarchar |
| password | nvarchar |
| RC1      | nvarchar |
| RCId     | nvarchar |
| RN       | int      |
| SheetNo  | nvarchar |
| stmp     | nvarchar |
+----------+----------+
Database: ESApp
Table: S3观测场自然背景信息表_明细
[24 columns]
+------------------+----------+
| Column           | Type     |
+------------------+----------+
| CN               | int      |
| RC1              | nvarchar |
| RCId             | nvarchar |
| RN               | int      |
| SheetNo          | nvarchar |
| siteCode         | nvarchar |
| siteDrainCapa    | nvarchar |
| siteErosion      | nvarchar |
| siteGeomorph     | nvarchar |
| siteIfIrrigation | nvarchar |
| siteIrriCapa     | nvarchar |
| siteIrriType     | nvarchar |
| siteNonFrost     | nvarchar |
| siteNote         | nvarchar |
| siteOtherWea     | nvarchar |
| sitePreci        | nvarchar |
| siteRunoff       | nvarchar |
| siteSlope        | nvarchar |
| siteSoilParent   | nvarchar |
| siteSoilType     | nvarchar |
| siteSunhour      | nvarchar |
| siteTemp         | nvarchar |
| siteVegiType     | nvarchar |
| siteWaterTable   | nvarchar |
+------------------+----------+
Database: ESApp
Table: 生态分区代码_明细
[8 columns]
+-------------+----------+
| Column      | Type     |
+-------------+----------+
| CN          | int      |
| ecoType     | nvarchar |
| ecoTypeCode | nvarchar |
| ecoTypeDesc | nvarchar |
| RC1         | nvarchar |
| RCId        | nvarchar |
| RN          | int      |
| SheetNo     | nvarchar |
+-------------+----------+
Database: ESApp
Table: newsList
[9 columns]
+--------------+----------+
| Column       | Type     |
+--------------+----------+
| CN           | int      |
| newsFileName | nvarchar |
| newsID       | nvarchar |
| newsPubDate  | datetime |
| newsTitle    | nvarchar |
| RC1          | nvarchar |
| RCId         | nvarchar |
| RN           | int      |
| SheetNo      | nvarchar |
+--------------+----------+
Database: ESApp
Table: HB1自动站每日逐时水气压_明细
[34 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| HB102   | decimal  |
| HB104   | decimal  |
| HB106   | decimal  |
| HB108   | decimal  |
| HB110   | decimal  |
| HB112   | decimal  |
| HB114   | decimal  |
| HB116   | decimal  |
| HB118   | decimal  |
| HB120   | decimal  |
| HB122   | decimal  |
| HB124   | decimal  |
| HB126   | decimal  |
| HB128   | decimal  |
| HB130   | decimal  |
| HB132   | decimal  |
| HB134   | decimal  |
| HB136   | decimal  |
| HB138   | decimal  |
| HB140   | decimal  |
| HB142   | decimal  |
| HB144   | decimal  |
| HB146   | decimal  |
| HB148   | decimal  |
| MEM000  | nvarchar |
| MM0000  | decimal  |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: M11仪器信息表_明细
[11 columns]
+---------------+----------+
| Column        | Type     |
+---------------+----------+
| CN            | int      |
| instrCodeName | nvarchar |
| instrNote     | nvarchar |
| instrPara     | nvarchar |
| instrProd     | nvarchar |
| instrProdDate | nvarchar |
| instrType     | nvarchar |
| RC1           | nvarchar |
| RCId          | nvarchar |
| RN            | int      |
| SheetNo       | nvarchar |
+---------------+----------+
Database: ESApp
Table: M10仪器标定记录表_明细
[12 columns]
+---------------+----------+
| Column        | Type     |
+---------------+----------+
| CaliDate      | nvarchar |
| CaliMeth      | nvarchar |
| CaliOrg       | nvarchar |
| CaliPerson    | nvarchar |
| CN            | int      |
| InstrCodeName | nvarchar |
| Note          | nvarchar |
| RC1           | nvarchar |
| RCId          | nvarchar |
| RN            | int      |
| SheetNo       | nvarchar |
| ValidPeriod   | nvarchar |
+---------------+----------+
Database: ESApp
Table: lanmu_old
[12 columns]
+-----------------+----------+
| Column          | Type     |
+-----------------+----------+
| CN              | int      |
| flag_name       | nvarchar |
| ID_lanmu        | nvarchar |
| lanmu           | nvarchar |
| leixing_zilanmu | nvarchar |
| lianjie         | nvarchar |
| RC1             | nvarchar |
| RCId            | nvarchar |
| RN              | int      |
| SheetNo         | nvarchar |
| zilanmu         | nvarchar |
| zilianjie       | nvarchar |
+-----------------+----------+
Database: ESApp
Table: LC02湖泊水化学要素_明细
[42 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| HH0000  | nvarchar |
| LC0200  | nvarchar |
| LC0202  | int      |
| LC0204  | decimal  |
| LC0206  | decimal  |
| LC0208  | nvarchar |
| LC0210  | decimal  |
| LC0212  | decimal  |
| LC0214  | decimal  |
| LC0216  | decimal  |
| LC0218  | decimal  |
| LC0220  | decimal  |
| LC0222  | decimal  |
| LC0224  | decimal  |
| LC0226  | decimal  |
| LC0228  | decimal  |
| LC0230  | decimal  |
| LC0232  | decimal  |
| LC0234  | decimal  |
| LC0236  | decimal  |
| LC0238  | decimal  |
| LC0240  | decimal  |
| LC0242  | decimal  |
| LC0244  | decimal  |
| LC0246  | decimal  |
| LC0248  | decimal  |
| LC0250  | decimal  |
| LC0252  | nvarchar |
| LC0254  | decimal  |
| LC0256  | decimal  |
| LC0258  | decimal  |
| LC0260  | decimal  |
| LC0262  | decimal  |
| MM0000  | int      |
| Rc1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: down_application
[14 columns]
+---------------+----------+
| Column        | Type     |
+---------------+----------+
| attr          | nvarchar |
| CN            | int      |
| date1         | nvarchar |
| deal          | nvarchar |
| entID         | nvarchar |
| id            | int      |
| length        | nvarchar |
| RC1           | nvarchar |
| RCId          | nvarchar |
| RN            | int      |
| SheetNo       | nvarchar |
| sql1          | nvarchar |
| tablename     | nvarchar |
| userloginName | nvarchar |
+---------------+----------+
Database: ESApp
Table: roleapply用户角色申请表_明细
[7 columns]
+---------------+---------+
| Column        | Type    |
+---------------+---------+
| affiDeptName  | varchar |
| applyTime     | varchar |
| dealState     | varchar |
| dealTime      | varchar |
| deptName      | varchar |
| id            | bigint  |
| userloginName | varchar |
+---------------+---------+
Database: ESApp
Table: RH1自动站每日逐时相对湿度_明细
[34 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| MEM000  | nvarchar |
| MM0000  | int      |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RH102   | decimal  |
| RH104   | decimal  |
| RH106   | decimal  |
| RH108   | decimal  |
| RH110   | decimal  |
| RH112   | decimal  |
| RH114   | decimal  |
| RH116   | decimal  |
| RH118   | decimal  |
| RH120   | decimal  |
| RH122   | decimal  |
| RH124   | decimal  |
| RH126   | decimal  |
| RH128   | decimal  |
| RH130   | decimal  |
| RH132   | decimal  |
| RH134   | decimal  |
| RH136   | decimal  |
| RH138   | decimal  |
| RH140   | decimal  |
| RH142   | decimal  |
| RH144   | decimal  |
| RH146   | decimal  |
| RH148   | decimal  |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | decimal  |
+---------+----------+
Database: ESApp
Table: Q1数据质量信息表_明细
[18 columns]
+--------------+----------+
| Column       | Type     |
+--------------+----------+
| AttribName   | nvarchar |
| CN           | int      |
| DimName      | nvarchar |
| DQBeginTm    | nvarchar |
| DQCode       | nvarchar |
| DQEndTm      | nvarchar |
| DQName       | nvarchar |
| DQScopeCode  | nvarchar |
| entName      | nvarchar |
| evalDate     | nvarchar |
| evalMethDesc | nvarchar |
| evalPerson   | nvarchar |
| evalResult   | nvarchar |
| id           | nvarchar |
| RC1          | nvarchar |
| RCId         | nvarchar |
| RN           | int      |
| SheetNo      | nvarchar |
+--------------+----------+
Database: ESApp
Table: 资金来源代码_明细
[8 columns]
+----------+----------+
| Column   | Type     |
+----------+----------+
| CN       | int      |
| FundCode | nvarchar |
| FundDesc | nvarchar |
| FundName | nvarchar |
| RC1      | nvarchar |
| RCId     | nvarchar |
| RN       | int      |
| SheetNo  | nvarchar |
+----------+----------+
Database: ESApp
Table: M1方法基本信息表_明细
[14 columns]
+----------------+----------+
| Column         | Type     |
+----------------+----------+
| CN             | int      |
| methBeginTm    | nvarchar |
| methCode       | nvarchar |
| methDesignDesc | nvarchar |
| methEndTm      | nvarchar |
| methName       | nvarchar |
| methSeq1       | int      |
| methType       | nvarchar |
| RC1            | nvarchar |
| RCId           | nvarchar |
| RN             | int      |
| SampSiteCode   | nvarchar |
| SampSiteName   | nvarchar |
| SheetNo        | nvarchar |
+----------------+----------+
Database: ESApp
Table: Tg02自动站逐日地表温度_明细
[12 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| MAX000  | decimal  |
| MEAN00  | decimal  |
| MIN000  | decimal  |
| MM0000  | int      |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | decimal  |
+---------+----------+
Database: ESApp
Table: RH2自动站逐日相对湿度_明细
[12 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| MEAN00  | decimal  |
| MIN000  | decimal  |
| MM0000  | int      |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| TIME20  | nvarchar |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: D42自动站逐日太阳辐射极值及其出现时间_明细
[28 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| D4202   | decimal  |
| D4204   | nvarchar |
| D4206   | decimal  |
| D4208   | nvarchar |
| D4210   | decimal  |
| D4212   | nvarchar |
| D4214   | decimal  |
| D4216   | nvarchar |
| D4218   | decimal  |
| D4220   | nvarchar |
| D4222   | decimal  |
| D4224   | nvarchar |
| D4226   | decimal  |
| D4228   | nvarchar |
| D4230   | decimal  |
| D4232   | nvarchar |
| D4234   | decimal  |
| D4236   | nvarchar |
| DD0000  | int      |
| MEM000  | nvarchar |
| MM0000  | int      |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: VertDatumCode_明细
[8 columns]
+--------------+----------+
| Column       | Type     |
+--------------+----------+
| CN           | int      |
| RC1          | nvarchar |
| RCId         | nvarchar |
| RN           | int      |
| SheetNo      | nvarchar |
| VertDatum    | nvarchar |
| VertDatumCd  | int      |
| VertDatumDes | nvarchar |
+--------------+----------+
Database: ESApp
Table: Proj1项目信息表_明细
[14 columns]
+-------------+----------+
| Column      | Type     |
+-------------+----------+
| CN          | int      |
| parentProj  | nvarchar |
| projAbs     | nvarchar |
| projBeginTm | datetime |
| projCode    | nvarchar |
| projEndTm   | datetime |
| projFund    | nvarchar |
| projName    | nvarchar |
| projPersons | nvarchar |
| projPurp    | nvarchar |
| Rc1         | nvarchar |
| RCId        | nvarchar |
| RN          | int      |
| SheetNo     | nvarchar |
+-------------+----------+
Database: ESApp
Table: D43自动站逐月太阳辐射极值及其出现时间_明细
[23 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| D4302   | decimal  |
| D4304   | int      |
| D4306   | nvarchar |
| D4308   | decimal  |
| D4310   | int      |
| D4312   | nvarchar |
| D4314   | decimal  |
| D4316   | int      |
| D4318   | nvarchar |
| D4320   | decimal  |
| D4322   | int      |
| D4324   | nvarchar |
| D4326   | decimal  |
| D4328   | int      |
| D4330   | nvarchar |
| MM0000  | int      |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | int      |
+---------+----------+
Database: ESApp
Table: TD2自动站逐日露点温度_明细
[12 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| MAX000  | decimal  |
| MEAN00  | decimal  |
| MIN000  | decimal  |
| MM0000  | int      |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |
| SSS000  | nvarchar |
| YYYY00  | decimal  |
+---------+----------+
Database: ESApp
Table: noticeList
[9 columns]
+----------------+----------+
| Column         | Type     |
+----------------+----------+
| CN             | int      |
| noticeFileName | nvarchar |
| noticeID       | nvarchar |
| noticePubDate  | datetime |
| noticeTitle    | nvarchar |
| RC1            | nvarchar |
| RCId           | nvarchar |
| RN             | int      |
| SheetNo        | nvarchar |
+----------------+----------+
Database: ESApp
Table: S1观测场基本信息表_明细
[18 columns]
+-----------------+-------------+
| Column          | Type        |
+-----------------+-------------+
|                |
| C               | 0           |
| CN              | int         |
| RC1             | 0x6e0076006 |
| RCId            | nvarchar    |
| site_centerNL   | decimal     |
| siteAfterMana   | nvarchar    |
| siteBeforeMana  | nvarchar    |
| sitebeginTm     | datetime    |
| SiteCode        | nvarchar    |
| siteEcoType     | nvarchar    |
| siteEndTm       | datetime    |
| SiteName        | nvarchar    |
| sitesamSiteConf | nvarchar    |
| siteShape       | nvarchar    |
| siteSize        | decimal     |
| typiAreaName    | nvarchar    |
| x               | 4           |
+-----------------+-------------+
Database: ESApp
Table: R1自动站每日逐时降水_明细
[34 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| CN      | int      |
| DD0000  | int      |
| MEM000  | nvarchar |
| MM0000  | int      |
| R102    | decimal  |
| R104    | decimal  |
| R106    | decimal  |
| R108    | decimal  |
| R110    | decimal  |
| R112    | decimal  |
| R114    | decimal  |
| R116    | decimal  |
| R118    | decimal  |
| R120    | decimal  |
| R122    | decimal  |
| R124    | decimal  |
| R126    | decimal  |
| R128    | decimal  |
| R130    | decimal  |
| R132    | decimal  |
| R134    | decimal  |
| R136    | decimal  |
| R138    | decimal  |
| R140    | decimal  |
| R142    | decimal  |
| R144    | decimal  |
| R146    | decimal  |
| R148    | decimal  |
| RC1     | nvarchar |
| RCId    | nvarchar |
| RN      | int      |
| SheetNo | nvarchar |


官方邮箱泄漏,密码可进入搜狐邮箱:

web application technology: JSP
back-end DBMS: Microsoft SQL Server 2005
Database: ESApp
Table: email
[1 entry]
+-----------------+----------+---------------+----+
| name            | password | stmp          | CN |
+-----------------+----------+---------------+----+
| lzlake@sohu.com | 68756834 | mail.sohu.com | NULL |
+-----------------+----------+---------------+----+


搜狐邮箱截图:





漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-04-13 16:58

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无