漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0142228
漏洞标题:华医网某站SQL注射漏洞(199库/1.6万表/影响百万用户信息/可导致整站数据沦陷)
相关厂商:91huayi.com
漏洞作者: 路人甲
提交时间:2015-09-20 10:03
修复时间:2015-11-05 08:44
公开时间:2015-11-05 08:44
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-09-20: 细节已通知厂商并且等待厂商处理中
2015-09-21: 厂商已经确认,细节仅向厂商公开
2015-10-01: 细节向核心白帽子及相关领域专家公开
2015-10-11: 细节向普通白帽子公开
2015-10-21: 细节向实习白帽子公开
2015-11-05: 细节向公众公开
简要描述:
网站用户量大, 危害不用我说
详细说明:
POST 注入
TxtUserID2 可注入
1.6万张表
<code>
Database: cme_shiyan3
[92 tables]
+-----------------------------------------------+
| DSJ_comp_dept |
| DSJ_kjpt_area_state |
| DSJ_kjpt_person |
| DSJ_kjpt_score |
| DSJ_kjpt_unit_state |
| DSJ_score_level |
| P1207 |
| V_studyDept |
| VhycomDept |
| 总人数$ |
| actionlist |
| admin_user |
| assign_type |
| bbs_forum |
| bbs_thread |
| bj_to_hys |
| card_detail |
| card_log |
| card_nobind |
| card_pay_type |
| card_type |
| card_type_course |
| card_type_organ |
| card_type_organ_allpay |
| cme_city |
| cme_province |
| course |
| course_dept |
| course_dept_editor |
| course_editor |
| course_extr |
| course_feedback |
| course_id |
| course_no |
| course_organ_assign |
| course_organ_assign_editor |
| course_related |
| course_related_editor |
| course_test |
| course_ware |
| course_ware_editor |
| course_ware_feedback |
| default_page_pic |
| dept_facade |
| dept_facade_related |
| dictionary |
| dictionary_kind |
| expert |
| expert_dept |
| gjj |
| hy_com_city |
| hy_com_county |
| hy_com_department |
| hy_com_dept |
| hy_com_dept_cme |
| hy_com_dictionary |
| hy_com_dictionary_kind |
| hy_com_hospital |
| hy_com_province |
| hy_com_user_register |
| item_leve |
| jiangyi |
| manager |
| manager_course |
| manager_group |
| manager_group_action |
| manager_log |
| menulist |
| nopasshys |
| organ |
| organ_district |
| p1130 |
| question |
| question_editor |
| question_option |
| question_option_editor |
| questiontmp |
| sns_dept |
| sp_manager |
| study_course |
| study_course_log |
| study_course_ware |
| sysdiagrams |
| tmp |
| ui_list |
| urseicno |
| user_organ_card |
| v_cme_studyInfo |
| v_cme_studyInfo_setHYS |
| v_studyArea |
| web_config |
| yk201026 |
+-----------------------------------------------+
Database: cme_shiyan2
[127 tables]
+-----------------------------------------------+
| 2014年十堰专家讲座课程 |
| 2015年十堰专家讲座课程 |
| DSJ_comp_dept |
| DSJ_kjpt_area_state |
| DSJ_kjpt_person |
| DSJ_kjpt_score |
| DSJ_kjpt_unit_state |
| DSJ_score_level |
| P1207 |
| V_studyDept |
| VhycomDept |
| 总人数$ |
| actionlist |
| admin_user |
| assign_type |
| bbs_forum |
| bbs_thread |
| bj_to_hys |
| card_detail |
| card_detail_temp_20110322 |
| card_log |
| card_nobind |
| card_pay_type |
| card_temp_20111025 |
| card_type |
| card_type_course |
| card_type_organ |
| card_type_organ_allpay |
| cme_city |
| cme_province |
| course |
| course_2013 |
| course_2014 |
| course_dept |
| course_dept2012 |
| course_dept_2013 |
| course_dept_2014 |
| course_dept_editor |
| course_editor |
| course_extr |
| course_feedback |
| course_id |
| course_no |
| course_organ_assign |
| course_organ_assign_2012 |
| course_organ_assign_2013 |
| course_organ_assign_2014 |
| course_organ_assign_editor |
| course_related |
| course_related_2014 |
| course_related_editor |
| course_test |
| course_ware |
| course_ware_2013 |
| course_ware_2014 |
| course_ware_editor |
| course_ware_feedback |
| course_ware_zhj |
| default_page_pic |
| dept_facade |
| dept_facade_related |
| dictionary |
| dictionary_kind |
| expert |
| expert_dept |
| gjj |
| hy_com_city |
| hy_com_county |
| hy_com_department |
| hy_com_dept |
| hy_com_dept_cme |
| hy_com_dictionary |
| hy_com_dictionary_kind |
| hy_com_hospital |
| hy_com_province |
| hy_com_user_register |
| item_leve |
| jiangyi |
| manager |
| manager_course |
| manager_group |
| manager_group_action |
| manager_log |
| menulist |
| nopasshys |
| organ |
| organ_district |
| p1130 |
| question |
| question_2012 |
| question_2013 |
| question_2014 |
| question_editor |
| question_option |
| question_option_2012 |
| question_option_2013 |
| question_option_2014 |
| question_option_editor |
| questiontmp |
| sns_dept |
| sp_manager |
| study_course |
| study_course_2012 |
| study_course_2013 |
| study_course_2014 |
| study_course_bak20121029 |
| study_course_log |
| study_course_subdata_2010 |
| study_course_ware |
| study_course_ware_2012 |
| study_course_ware_2013 |
| study_course_ware_2014 |
| sysdiagrams |
| tempData |
| temp_yt_1 |
| temp_yt_no |
| temp_yt_no_1 |
| tmp |
| ui_list |
| urseicno |
| user_organ_card |
| v_cme_studyInfo |
| v_cme_studyInfo_setHYS |
| v_studyArea |
| web_config |
| yk201026 |
| 未对应专业 |
+-----------------------------------------------+
Database: qjwsw
[6 tables]
+-----------------------------------------------+
| AttachFile |
| DimConstant |
| News |
| Notice |
| UserInfo |
| ZCXX |
+-----------------------------------------------+
Database: ProjectSY
[32 tables]
+-----------------------------------------------+
| ProjecthDByUser.tempProject |
| Fieattr |
| FilAttr |
| FilType |
| delay |
| expiry |
| business_date |
| code_base |
| com_module |
| course |
| dtproperties |
| expert |
| expert_opinion |
| hold_mode |
| level |
| post |
| principal |
| project |
| project20101222 |
| project20110402 |
| tab_post |
| teacher |
| team |
| team_expert |
| team_project |
| temp |
| unit_info |
| unit_info20101222 |
| unit_opinion |
| v_fieattr |
| v_filattr |
| v_project |
+-----------------------------------------------+
Database: changchun_wsglw
[6 tables]
+-----------------------------------------------+
| AttachFile |
| DimConstant |
| News |
| Notice |
| UserInfo |
| ZCXX |
+-----------------------------------------------+
Database: cme_yanshi
[83 tables]
+-----------------------------------------------+
| DSJ_comp_dept |
| V_studyDept |
| VhycomDept |
| actionlist |
| admin_user |
| assign_type |
| bbs_forum |
| bbs_thread |
| bj_to_hys |
| card_detail |
| card_log |
| card_nobind |
| card_pay_type |
| card_type |
| card_type_course |
| card_type_organ |
| card_type_organ_allpay |
| cme_city |
| cme_province |
| course |
| course_dept |
| course_dept_editor |
| course_editor |
| course_extr |
| course_feedback |
| course_id |
| course_no |
| course_organ_assign |
| course_organ_assign_editor |
| course_related |
| course_related_editor |
| course_test |
| course_ware |
| course_ware_editor |
| course_ware_feedback |
| default_page_pic |
| dept_facade |
| dept_facade_related |
| dictionary |
| dictionary_kind |
| expert |
| expert_dept |
| gjj |
| hy_com_city |
| hy_com_county |
| hy_com_department |
| hy_com_dept |
| hy_com_dept_cme |
| hy_com_dictionary |
| hy_com_dictionary_kind |
| hy_com_hospital |
| hy_com_province |
| hy_com_user_register |
| item_leve |
| jiangyi |
| manager |
| manager_course |
| manager_group |
| manager_group_action |
| manager_log |
| menulist |
| nopasshys |
| organ |
| organ_district |
| question |
| question_editor |
| question_option |
| question_option_editor |
| questiontmp |
| sns_dept |
| sp_manager |
| study_course |
| study_course_log |
| study_course_ware |
| sysdiagrams |
| tmp |
| ui_list |
| urseicno |
| user_organ_card |
| v_cme_studyInfo |
| v_cme_studyInfo_setHYS |
| v_studyArea |
| web_config |
+-----------------------------------------------+
Database: hpexam_sz
[64 tables]
+-----------------------------------------------+
| bureau |
| checknotpassreason |
| dimconstant |
| exam21papertype |
| exam21result |
| exam21scoreline |
| examcert |
| examresult |
| examroom |
| examsign21 |
| examspeciality |
| hospital |
| hospital2organ |
| hpexammodify |
| jobtitle |
| learnlist |
| nation |
| notice |
| noticeattach |
| noticeread |
| organ |
| roomassign |
| sendmail |
| setdelivertime |
| setdelivertimeext |
| speciality |
| specialitylearn |
| studtexamcode |
| studtinfo |
| studtspecial |
| trainbase |
| v_exam21_sign_result_bytrainunit |
| v_exam21_sign_result_bytrainunit2 |
| v_exam21papertype |
| v_exam21papertype2 |
| v_exam21result |
| v_exam21scoreline |
| v_examcert |
| v_examcert_forrpt |
| v_examcertmng |
| v_examroom |
| v_examsign21 |
| v_examsign21_sumbytrainunit |
| v_examsign21_sumbytrainunit2 |
| v_examspeciality |
| v_hospital |
| v_learnlist |
| v_notice |
| v_roomassign |
| v_setdelivertime |
| v_setdelivertimeext |
| v_studt2organ |
| v_studtexamcode |
| v_studtexamcode21 |
| v_studtexamcodetemp |
| v_studtinfo |
| v_studtinfotemp |
| v_trainunit |
| v_trainunit2organ |
| v_userinfo |
| v_userinfotemp |
| v_worklist |
| worklist |
| year |
+-----------------------------------------------+
Database: zkys_nm
[120 tables]
+-----------------------------------------------+
| Unit_BaseAll_tongji_View |
| baseUnit_baoming_View |
| baseUnit_benyuan_View |
| baseUnit_luqu_View |
| baseUnit_tongji_View |
| com_basePrincipals |
| com_basePrincipalsTeaching |
| com_basePrincipalsWork |
| com_baseTeachers |
| com_baseTrainNow |
| com_baseTrainYear |
| com_baseUnit |
| com_baseUnit_View |
| com_bureau |
| com_city |
| com_config |
| com_county |
| com_dept |
| com_dictionary |
| com_dictionary_kind |
| com_knowledge |
| com_list_order |
| com_menu |
| com_menuFunction |
| com_news |
| com_operate_log |
| com_permissionsType |
| com_person |
| com_person2 |
| com_person_log |
| com_person_study |
| com_person_view |
| com_person_view_new |
| com_person_wish |
| com_person_wish_view |
| com_person_wish_view_back |
| com_person_work |
| com_province |
| com_registerSet |
| com_role |
| com_roleFunction |
| com_seniorDoctor |
| com_standard_kind |
| com_title |
| com_unit |
| com_unit_recruitplan |
| com_user |
| com_user_back |
| com_wish_year |
| com_year |
| lz_check_notpass_reason |
| lz_check_rpt01_data |
| lz_check_rpt01_data_item |
| lz_check_rpt01_item |
| lz_check_rpt_mng |
| lz_check_rptcheck_data |
| lz_check_rptcheck_data_item |
| lz_check_rptcheck_item |
| lz_check_rptcheck_sum_data |
| lz_check_rptcheck_sum_data_item |
| lz_check_rptcheck_sum_item |
| lz_check_rptcheck_sum_mng |
| lz_com_illness |
| lz_com_operative |
| lz_com_skill |
| lz_illness_demand |
| lz_illness_demand_list |
| lz_illness_model |
| lz_knowledge_dept |
| lz_knowledge_dept_cycle |
| lz_knowledge_dept_illness |
| lz_knowledge_dept_operative |
| lz_knowledge_dept_skill |
| lz_knowledge_dept_standard |
| lz_knowledge_standard |
| lz_lzdept_plan |
| lz_lzdept_plan_person |
| lz_lzdept_plan_person_dept |
| lz_model_Emergency |
| lz_model_MedDiscuss |
| lz_model_awards |
| lz_model_largeMediRecord |
| lz_model_mediStudy |
| lz_model_meeting |
| lz_model_outcall |
| lz_model_publishedArticles |
| lz_model_referenceBooks |
| lz_model_researchRecord |
| lz_model_teachingRecord |
| lz_model_theoreticalStudy |
| lz_operation_model |
| lz_operative_demand |
| lz_operative_demand_list |
| lz_person_seniorDoctor |
| lz_skill_demand |
| lz_skill_demand_list |
| lz_skill_model |
| lz_table_config |
| lz_table_info |
| lz_table_instance |
| lz_train_checktime |
| lz_train_checktime_maternity |
| lz_unitBaseDept_KnowledgeDept |
| lz_unit_dept |
| lz_unitdept_BaseUnit |
| p_get_doctor_info |
| sysdiagrams |
| v_base_unit_info |
| v_com_menu_view |
| v_com_role_view |
| v_com_user_view |
| v_get_doctor_info |
| v_lz_knowledge_dept_cycle_view |
| v_lz_knowledge_dept_view |
| v_lz_lzdept_plan |
| v_lz_unitdept_BaseUnit_View |
| v_person_wish |
| v_standard_current_info |
| v_unit_base_doctor |
| 表名称对照表 |
+-----------------------------------------------+
Database: ZYYS_HN_Turn
[166 tables]
+-----------------------------------------------+
| Unit_BaseAll_tongji_View |
| baseUnit_baoming_View |
| baseUnit_benyuan_View |
| baseUnit_luqu_View |
| baseUnit_tongji_View |
| com_basePrincipals |
| com_basePrincipalsTeaching |
| com_basePrincipalsWork |
| com_baseRecruitPlan |
| com_baseTeachers |
| com_baseTrainNow |
| com_baseTrainYear |
| com_baseUnit |
| com_baseUnit_View |
| com_base_skillTrain |
| com_base_skillTrainBuild_data |
| com_base_skillTrainBuild_equipment |
| com_base_skillTrainBuild_equipment_data |
| com_base_skillTrain_build |
| com_check_base_unit |
| com_check_base_unit_data |
| com_check_base_unit_data_item |
| com_config |
| com_dept |
| com_dictionary |
| com_dictionary_kind |
| com_dimconstant |
| com_fund |
| com_knowledge |
| com_knowledge_equipment |
| com_knowledge_equipment_data |
| com_list_order |
| com_menu |
| com_menuFunction |
| com_news |
| com_notice |
| com_noticeattach |
| com_noticeread |
| com_operate_log |
| com_permissionsType |
| com_person |
| com_person_log |
| com_person_study |
| com_person_traincert |
| com_person_view |
| com_person_view_new |
| com_person_wish |
| com_person_wish_recommend |
| com_person_wish_recommend_unit |
| com_person_wish_view |
| com_person_wish_view_back |
| com_person_work |
| com_recommend_year |
| com_registerSet |
| com_role |
| com_roleFunction |
| com_seniorDoctor |
| com_standard_kind |
| com_stay_management |
| com_stay_subsidy |
| com_stay_subsidy_detail |
| com_title |
| com_unit |
| com_unit_community |
| com_unit_organ |
| com_unit_publichealth |
| com_unit_school |
| com_unit_systembuild |
| com_user |
| com_user_back |
| com_wish_year |
| com_year |
| lz_check_notpass_reason |
| lz_check_rpt01_data |
| lz_check_rpt01_data_item |
| lz_check_rpt01_item |
| lz_check_rpt_mng |
| lz_check_rptcheck_data |
| lz_check_rptcheck_data_item |
| lz_check_rptcheck_item |
| lz_check_rptcheck_sum_data |
| lz_check_rptcheck_sum_data_item |
| lz_check_rptcheck_sum_item |
| lz_check_rptcheck_sum_mng |
| lz_com_illness |
| lz_com_operative |
| lz_com_skill |
| lz_illness_demand |
| lz_illness_demand_list |
| lz_illness_model |
| lz_knowledge_dept |
| lz_knowledge_dept_cycle |
| lz_knowledge_dept_illness |
| lz_knowledge_dept_operative |
| lz_knowledge_dept_skill |
| lz_knowledge_dept_standard |
| lz_knowledge_standard |
| lz_lzdept_plan |
| lz_lzdept_plan_knowledge |
| lz_lzdept_plan_person |
| lz_lzdept_plan_person_dept |
| lz_lzdept_plan_view |
| lz_model_Emergency |
| lz_model_MedDiscuss |
| lz_model_awards |
| lz_model_largeMediRecord |
| lz_model_mediStudy |
| lz_model_meeting |
| lz_model_outcall |
| lz_model_publishedArticles |
| lz_model_referenceBooks |
| lz_model_researchRecord |
| lz_model_teachingRecord |
| lz_model_theoreticalStudy |
| lz_operation_model |
| lz_operative_demand |
| lz_operative_demand_list |
| lz_person_pause |
| lz_person_seniorDoctor |
| lz_personpause_check_notpassreason |
| lz_report_IllnessSkill |
| lz_report_IllnessSkill_illness |
| lz_report_IllnessSkill_operation |
| lz_report_IllnessSkill_skill |
| lz_skill_demand |
| lz_skill_demand_list |
| lz_skill_model |
| lz_table_config |
| lz_table_info |
| lz_table_instance |
| lz_train_checktime |
| lz_train_checktime_maternity |
| lz_unitBaseDept_KnowledgeDept |
| lz_unit_dept |
| lz_unitdept_BaseUnit |
| p_get_doctor_info |
| person_train |
| person_train_import |
| sysdiagrams |
| teachers_train |
| teachers_train_import |
| v_SeniorDoctor_Person_LZ |
| v_base_unit_info |
| v_com_baseRecruitPlan |
| v_com_menu_view |
| v_com_news |
| v_com_role_view |
| v_com_user_view |
| v_get_doctor_info |
| v_lz_check_rpt_mng |
| v_lz_check_rpt_mng_lz_check_rptcheck_item |
| v_lz_check_rptcheck_item |
| v_lz_knowledge_dept_cycle_view |
| v_lz_knowledge_dept_view |
| v_lz_lzdept_plan |
| v_lz_person_pause |
| v_lz_unitBaseDept_KnowledgeDept_createplan |
| v_lz_unitdept_BaseUnit_View_create_plan |
| v_notice |
| v_noticeread |
| v_person_wish |
| v_standard_current_info |
| v_unit_base_doctor |
| 已删除v_lz_unitBaseDept_KnowledgeDept |
| 已删除v_lz_unitdept_BaseUnit_View |
| 表名称对照表 |
+-----------------------------------------------+
Database: wuhanma.org.cn
[18 tables]
+-----------------------------------------------+
| AttachFile |
| CourseWare |
| DimConstant |
| JXJY |
| KYGL |
| LeaveWord |
| News |
| Notice |
| QKZZ |
| Sheet |
| UserInfo |
| V_JXJY |
| V_KYGL |
| V_Search |
| V_XHHD2 |
| V_XLJY |
| XHHD |
| XLJY |
+-----------------------------------------------+
Database: zyys_jd_Exam
[94 tables]
+-----------------------------------------------+
| 20131024examcode |
| checknotpassreason |
| dimconstant |
| exam01papertype |
| exam01result |
| exam01result20131125 |
| exam01scoreline |
| exam02result |
| exam02result20131125 |
| exam02scoreline |
| exam03paper |
| exam03papertype |
| exam03result |
| exam03scoreline |
| exam20131125 |
| exambureauorder |
| examcert |
| examinfo20130925 |
| examroom |
| examsign |
| examsigncheck |
| examsigncheck20130917001 |
| jobtitle |
| nation |
| research01 |
| research01answer |
| research01question |
| roomassign |
| setdelivertime |
| setdelivertimeext |
| studtexam0102code |
| studtexam0102code_row |
| studtexamcode |
| studtexamcode201203 |
| v_bureau |
| v_com_unit |
| v_com_unit_All |
| v_com_unit_school |
| v_com_unit_school_all |
| v_exam01result |
| v_exam01result_rpt2 |
| v_exam01result_rpt3 |
| v_exam01result_rpt4 |
| v_exam01scoreline |
| v_exam02result |
| v_exam03result |
| v_exam03result_rpt2 |
| v_exam03result_rpt3 |
| v_exam03result_rpt4 |
| v_exam03scoreline |
| v_exambureauorder |
| v_examcert |
| v_examcertmng |
| v_examcode0103_result |
| v_examcode04_result |
| v_examcodeid0103 |
| v_examcodeid04 |
| v_examroom |
| v_examsign |
| v_examsign01 |
| v_examsign0103 |
| v_examsign0103_1 |
| v_examsign01_sumbytrainunit |
| v_examsign01_sumbytrainunit2 |
| v_examsign03 |
| v_examsign03_sumbytrainunit |
| v_examsign03_sumbytrainunit2 |
| v_examsign04 |
| v_examsign04_sumbytrainunit |
| v_examsign04_sumbytrainunit2 |
| v_examsigncheck |
| v_examspeciality |
| v_hospital |
| v_learnlist |
| v_notice |
| v_noticeattach |
| v_noticeread |
| v_organ |
| v_research01 |
| v_research01itemall |
| v_research01itemgroupby |
| v_research01specialattendpsns |
| v_research01stat |
| v_roomassign |
| v_setdelivertime |
| v_setdelivertimeext |
| v_studtexam0102code |
| v_studtexamcode |
| v_studtinfo |
| v_studtinfo_new |
| v_trainbase |
| v_userinfo |
| v_worklist |
| year |
+-----------------------------------------------+
Database: cme_haikou
[83 tables]
+-----------------------------------------------+
| DSJ_comp_dept |
| V_studyDept |
| VhycomDept |
| actionlist |
| admin_user |
| assign_type |
| bbs_forum |
| bbs_thread |
| bj_to_hys |
| card_detail |
| card_log |
| card_nobind |
| card_pay_type |
| card_type |
| card_type_course |
| card_type_organ |
| card_type_organ_allpay |
| cme_city |
| cme_province |
| course |
| course_dept |
| course_dept_editor |
| course_editor |
| course_extr |
| course_feedback |
| course_id |
| course_no |
| course_organ_assign |
| course_organ_assign_editor |
| course_related |
| course_related_editor |
| course_test |
| course_ware |
| course_ware_editor |
| course_ware_feedback |
| default_page_pic |
| dept_facade |
| dept_facade_related |
| dictionary |
| dictionary_kind |
| expert |
| expert_dept |
| gjj |
| hy_com_city |
| hy_com_county |
| hy_com_department |
| hy_com_dept |
| hy_com_dept_cme |
| hy_com_dictionary |
| hy_com_dictionary_kind |
| hy_com_hospital |
| hy_com_province |
| hy_com_user_register |
| item_leve |
| jiangyi |
| manager |
| manager_course |
| manager_group |
| manager_group_action |
| manager_log |
| menulist |
| nopasshys |
| organ |
| organ_district |
| question |
| question_editor |
| question_option |
| question_option_editor |
| questiontmp |
| sns_dept |
| sp_manager |
| study_course |
| study_course_log |
| study_course_ware |
| sysdiagrams |
| tmp |
| ui_list |
| urseicno |
| user_organ_card |
| v_cme_studyInfo |
| v_cme_studyInfo_setHYS |
| v_studyArea |
| web_config |
+-----------------------------------------------+
Database: ZJ_ZYYS_Train
[70 tables]
+-----------------------------------------------+
| baseunit |
| bureau |
| cme_unit_pos_reg |
| cme_unit_pos_reg_list |
| courseinfo |
| courselearn |
| coursetrain |
| dimconstant |
| jobtitle |
| mbox_version_contrast |
| mbox_version_info |
| mbox_version_unitlimit |
| mbox_version_upprecord |
| nation |
| notice |
| noticeattach |
| noticeread |
| organ |
| orgpos |
| project |
| sendmail |
| setdelivertime |
| speciality |
| st_evaluateyear |
| st_workexperience |
| studtcourse |
| studtinfo |
| studtunit |
| systemlog |
| trainbase |
| traincheck |
| traincheck_bak |
| trainsign |
| unit_pda |
| v_course_credittype |
| v_course_year_credittype |
| v_courseinfo |
| v_courselearn |
| v_coursetrain |
| v_educationdegree |
| v_notice |
| v_setdelivertime |
| v_studt_allscore |
| v_studt_score |
| v_studt_score_info |
| v_studt_score_list |
| v_studt_score_list_foryear |
| v_studt_signlog |
| v_studt_train |
| v_studt_train20091025 |
| v_studt_train_resultscore |
| v_studt_train_resultscore1 |
| v_studt_train_resultscore2 |
| v_studt_trainproject1 |
| v_studt_trainproject2 |
| v_studt_trainproject3 |
| v_studt_trainproject4 |
| v_studt_trainprojectpassstate |
| v_studt_trainsign |
| v_studt_trainsign20091025 |
| v_studt_yearscore |
| v_studtinfo |
| v_studtinfo_forhpexam |
| v_trainbase |
| v_traincheck |
| v_trainsign |
| v_trainsign_weblearn |
| v_userinfo |
| v_userinfotemp |
| year |
+-----------------------------------------------+
Database: mmmadb
[23 tables]
+-----------------------------------------------+
| AttachFile |
| CourseWare |
| DimConstant |
| HospitalInfo |
| HospitalType |
| ImgText |
| JXJY |
| KYGL |
| LeaveWord |
| MediaFile |
| News |
| Notice |
| QKZZ |
| Sheet |
| UserInfo |
| V_JXJY |
| V_KYGL |
| V_Search |
| V_XHHD2 |
| V_XLJY |
| XHHD |
| XLJY |
| XnhLink |
+-----------------------------------------------+
Database: haoyisheng_shenzhen
[81 tables]
+-----------------------------------------------+
| 修改单位表$ |
| cme_project |
| cme_unit |
| dtproperties |
| ketibak |
| s1102 |
| xh_childunit |
| xh_personnel |
| xh_pos |
| xh_pos_type |
| xh_project |
| xh_reg |
| xh_reg_person |
| xh_skb |
| xh_subject |
| xh_tmpskb |
| xh_unit |
| 上课表 |
| 临时人员表070531 |
| 临时单位达标统计表 |
| 临时活动表 |
| 人员专业总表 |
| 人员变动表 |
| 人员密码表 |
| 人员状态表 |
| 人员表 |
| 刊物级别表 |
| 刊物表 |
| 刊物语言表 |
| 刊物频率表 |
| 医院类别表 |
| 医院级别 |
| 升级指令表 |
| 升级记录表 |
| 单位关系表 |
| 单位级别表 |
| 单位表 |
| 单位表_temp0416 |
| 学位表 |
| 学分汇总表 |
| 学历表 |
| 审批项目表 |
| 审核记录表 |
| 密码表 |
| 年度时间表 |
| 总类表 |
| 授分标准表 |
| 排除单位表 |
| 数据源配置表 |
| 更新时间表 |
| 活动形式表 |
| 活动表 |
| 活动表list |
| 活动表list_chongfu |
| 深圳升级单位表 |
| 科室密码表 |
| 科室表 |
| 考核方式表 |
| 职称总表 |
| 职称表 |
| 自动升级表 |
| 行政级别表 |
| 行政职务表 |
| 访问数据库记录表 |
| 课题表 |
| 达标明细表 |
| 达标标准表 |
| 达标标准表_temp0424 |
| 达标称呼表 |
| 适用单位表 |
| 配置表 |
| 院内职务表 |
| 项目专业表 |
| 项目二级专业表 |
| 项目审批表 |
| 项目级别控制表 |
| 项目级别表 |
| 项目表 |
| 项目课题表 |
| 默认主页表 |
| 默认审核通过表 |
+-----------------------------------------------+
Database: project_xj
[42 tables]
+-----------------------------------------------+
| ProjecthDByUser.tempProject |
| 2 |
| Fieattr |
| FilAttr |
| FilType |
| ProjecthDByUser.改批次200972 |
| delay |
| expiry |
| business_date |
| code_base |
| com_module |
| course |
| course_log |
| dimconstant |
| dtproperties |
| expert |
| expert_opinion |
| hold_mode |
| level |
| notice |
| noticeattach |
| noticeread |
| post |
| principal |
| project |
| project_log |
| projs |
| relunitexpert |
| tab_post |
| teacher |
| team |
| team_expert |
| team_project |
| temp |
| unit_info |
| unit_opinion |
| v_fieattr |
| v_filattr |
| v_unitproject |
| v_unitsubject |
| yhw_project_处理编号之前备份 |
| yhw_project_备份_2013428 |
+-----------------------------------------------+
Database: prjapply_gx
[51 tables]
+-----------------------------------------------+
| ProjecthDByUser.tempProject |
| Fieattr |
| FilAttr |
| FilType |
| delay |
| expiry |
| business_date |
| code_base |
| com_module |
| course |
| dtproperties |
| expert |
| expert_opinion |
| hold_mode |
| level |
| one_project_temp |
| oneproject |
| pec_course_teacher |
| pec_student_address |
| pec_textbook |
| post |
| principal |
| proj_exec_collect |
| proj_hold_reg |
| proj_supervise
漏洞证明:
敏感信息太多了, 不贴出来了
3Q
修复方案:
不脱裤, 望20
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:10
确认时间:2015-09-21 08:43
厂商回复:
感谢关注!正修复中!
最新状态:
暂无