公共外交某新闻站点SQL注入(可拖走全网库)

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0150609

漏洞标题：公共外交某新闻站点SQL注入(可拖走全网库)

漏洞作者： peter_Q

提交时间：2015-10-31 21:13

修复时间：2015-12-19 14:56

公开时间：2015-12-19 14:56

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-10-31：细节已通知厂商并且等待厂商处理中
2015-11-04：厂商已经确认，细节仅向厂商公开
2015-11-14：细节向核心白帽子及相关领域专家公开
2015-11-24：细节向普通白帽子公开
2015-12-04：细节向实习白帽子公开
2015-12-19：细节向公众公开

简要描述：

站点注入(可拖走全网库)
不用getshell也危害相当大

详细说明：

http://**.**.**.**/#

**.**.**.**/comment/chatlist.aspx?id=1

关键字：id

current user

current database

tables

漏洞证明：

Database: ReportServerTempDB                                                                                                                         
[9 tables]
+-----------------------------------------------------+
| ChunkData                                           |
| ChunkSegmentMapping                                 |
| ExecutionCache                                      |
| PersistedStream                                     |
| SegmentedChunk                                      |
| SegmentedChunk                                      |
| SessionData                                         |
| SessionLock                                         |
| SnapshotData                                        |
+-----------------------------------------------------+
Database: tempdb
[15 tables]
+-----------------------------------------------------+
| #0519C6AF                                           |
| #09DE7BCC                                           |
| #0AD2A005                                           |
| #0BC6C43E                                           |
| #0CBAE877                                           |
| #3D29E0FF                                           |
| #3E1E0538                                           |
| #3F122971                                           |
| #4AC49E96                                           |
| #4BB8C2CF                                           |
| #4CACE708                                           |
| #507D77EC                                           |
| #51719C25                                           |
| #5265C05E                                           |
| #658C0CBD                                           |
+-----------------------------------------------------+
Database: msdb
[136 tables]
+-----------------------------------------------------+
| MSdatatype_mappings                                 |
| MSdbms_datatype_mapping                             |
| MSdbms_datatype_mapping                             |
| MSdbms_datatype_mapping                             |
| MSdbms_map                                          |
| backupfilegroup                                     |
| backupfilegroup                                     |
| backupmediafamily                                   |
| backupmediaset                                      |
| backupset                                           |
| log_shipping_monitor_alert                          |
| log_shipping_monitor_error_detail                   |
| log_shipping_monitor_history_detail                 |
| log_shipping_monitor_primary                        |
| log_shipping_monitor_secondary                      |
| log_shipping_primaries                              |
| log_shipping_primary_databases                      |
| log_shipping_primary_secondaries                    |
| log_shipping_secondaries                            |
| log_shipping_secondary_databases                    |
| log_shipping_secondary_databases                    |
| logmarkhistory                                      |
| restorefilegroup                                    |
| restorefilegroup                                    |
| restorehistory                                      |
| sqlagent_info                                       |
| suspect_pages                                       |
| sysalerts                                           |
| syscachedcredentials                                |
| syscategories                                       |
| syscollector_blobs_internal                         |
| syscollector_collection_items_internal              |
| syscollector_collection_items_internal              |
| syscollector_collection_sets_internal               |
| syscollector_collection_sets_internal               |
| syscollector_collector_types_internal               |
| syscollector_collector_types_internal               |
| syscollector_config_store_internal                  |
| syscollector_config_store_internal                  |
| syscollector_execution_log_full                     |
| syscollector_execution_log_full                     |
| syscollector_execution_log_internal                 |
| syscollector_execution_stats_internal               |
| syscollector_execution_stats_internal               |
| syscollector_tsql_query_collector                   |
| sysdatatypemappings                                 |
| sysdbmaintplan_databases                            |
| sysdbmaintplan_history                              |
| sysdbmaintplan_jobs                                 |
| sysdbmaintplans                                     |
| sysdownloadlist                                     |
| sysdtscategories                                    |
| sysdtspackagelog                                    |
| sysdtspackages                                      |
| sysdtssteplog                                       |
| sysdtstasklog                                       |
| sysjobactivity                                      |
| sysjobhistory                                       |
| sysjobs_view                                        |
| sysjobs_view                                        |
| sysjobschedules                                     |
| sysjobservers                                       |
| sysjobstepslogs                                     |
| sysjobstepslogs                                     |
| sysmail_account                                     |
| sysmail_allitems                                    |
| sysmail_attachments_transfer                        |
| sysmail_attachments_transfer                        |
| sysmail_configuration                               |
| sysmail_event_log                                   |
| sysmail_faileditems                                 |
| sysmail_log                                         |
| sysmail_mailattachments                             |
| sysmail_mailitems                                   |
| sysmail_principalprofile                            |
| sysmail_profileaccount                              |
| sysmail_profileaccount                              |
| sysmail_query_transfer                              |
| sysmail_send_retries                                |
| sysmail_sentitems                                   |
| sysmail_server                                      |
| sysmail_servertype                                  |
| sysmail_unsentitems                                 |
| sysmaintplan_logdetail                              |
| sysmaintplan_logdetail                              |
| sysmaintplan_plans                                  |
| sysmaintplan_subplans                               |
| sysmanagement_shared_registered_servers_internal    |
| sysmanagement_shared_registered_servers_internal    |
| sysmanagement_shared_server_groups_internal         |
| sysmanagement_shared_server_groups_internal         |
| sysnotifications                                    |
| sysoperators                                        |
| sysoriginatingservers_view                          |
| sysoriginatingservers_view                          |
| syspolicy_conditions_internal                       |
| syspolicy_conditions_internal                       |
| syspolicy_configuration_internal                    |
| syspolicy_configuration_internal                    |
| syspolicy_execution_internal                        |
| syspolicy_facet_events                              |
| syspolicy_management_facets                         |
| syspolicy_object_sets_internal                      |
| syspolicy_object_sets_internal                      |
| syspolicy_policies_internal                         |
| syspolicy_policies_internal                         |
| syspolicy_policy_categories_internal                |
| syspolicy_policy_categories_internal                |
| syspolicy_policy_category_subscriptions_internal    |
| syspolicy_policy_category_subscriptions_internal    |
| syspolicy_policy_execution_history_details_internal |
| syspolicy_policy_execution_history_details_internal |
| syspolicy_policy_execution_history_details_internal |
| syspolicy_policy_execution_history_internal         |
| syspolicy_system_health_state_internal              |
| syspolicy_system_health_state_internal              |
| syspolicy_target_set_levels_internal                |
| syspolicy_target_set_levels_internal                |
| syspolicy_target_sets_internal                      |
| syspolicy_target_sets_internal                      |
| sysproxies                                          |
| sysproxylogin                                       |
| sysproxyloginsubsystem_view                         |
| sysproxysubsystem                                   |
| sysschedules_localserver_view                       |
| sysschedules_localserver_view                       |
| syssessions                                         |
| sysssislog                                          |
| sysssispackagefolders                               |
| sysssispackages                                     |
| syssubsystems                                       |
| systargetservergroupmembers                         |
| systargetservergroups                               |
| systargetservers_view                               |
| systargetservers_view                               |
| systaskids                                          |
+-----------------------------------------------------+
Database: ReportServer
[33 tables]
+-----------------------------------------------------+
| ActiveSubscriptions                                 |
| Batch                                               |
| CachePolicy                                         |
| Catalog                                             |
| ChunkData                                           |
| ChunkSegmentMapping                                 |
| ConfigurationInfo                                   |
| DataSource                                          |
| Event                                               |
| ExecutionLog2                                       |
| ExecutionLog2                                       |
| ExecutionLogStorage                                 |
| History                                             |
| Keys                                                |
| ModelDrill                                          |
| ModelItemPolicy                                     |
| ModelPerspective                                    |
| Notifications                                       |
| Policies                                            |
| PolicyUserRole                                      |
| ReportSchedule                                      |
| Roles                                               |
| RunningJobs                                         |
| Schedule                                            |
| SecData                                             |
| SegmentedChunk                                      |
| SegmentedChunk                                      |
| ServerParametersInstance                            |
| SnapshotData                                        |
| SubscriptionsBeingDeleted                           |
| SubscriptionsBeingDeleted                           |
| UpgradeInfo                                         |
| Users                                               |
+-----------------------------------------------------+
Database: master
[360 tables]
+-----------------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS                |
| INFORMATION_SCHEMA.COLUMNS                          |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE              |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES                |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE          |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE           |
| INFORMATION_SCHEMA.DOMAINS                          |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS               |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE                 |
| INFORMATION_SCHEMA.PARAMETERS                       |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS          |
| INFORMATION_SCHEMA.ROUTINES                         |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS                  |
| INFORMATION_SCHEMA.SCHEMATA                         |
| INFORMATION_SCHEMA.TABLES                           |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS                |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES                 |
| INFORMATION_SCHEMA.VIEWS                            |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE                |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE                 |
| MSreplication_options                               |
| spt_fallback_db                                     |
| spt_fallback_dev                                    |
| spt_fallback_usg                                    |
| spt_monitor                                         |
| spt_values                                          |
| sys.all_columns                                     |
| sys.all_objects                                     |
| sys.all_parameters                                  |
| sys.all_sql_modules                                 |
| sys.all_views                                       |
| sys.allocation_units                                |
| sys.assemblies                                      |
| sys.assembly_files                                  |
| sys.assembly_modules                                |
| sys.assembly_references                             |
| sys.assembly_types                                  |
| sys.asymmetric_keys                                 |
| sys.backup_devices                                  |
| sys.certificates                                    |
| sys.change_tracking_databases                       |
| sys.change_tracking_tables                          |
| sys.check_constraints                               |
| sys.column_type_usages                              |
| sys.column_xml_schema_collection_usages             |
| sys.columns                                         |
| **.**.**.**puted_columns                                |
| sys.configurations                                  |
| sys.conversation_endpoints                          |
| sys.conversation_groups                             |
| sys.conversation_priorities                         |
| sys.credentials                                     |
| sys.crypt_properties                                |
| sys.cryptographic_providers                         |
| sys.data_spaces                                     |
| sys.database_audit_specification_details            |
| sys.database_audit_specifications                   |
| sys.database_files                                  |
| sys.database_mirroring_endpoints                    |
| sys.database_mirroring_endpoints                    |
| sys.database_mirroring_witnesses                    |
| sys.database_permissions                            |
| sys.database_principal_aliases                      |
| sys.database_principals                             |
| sys.database_recovery_status                        |
| sys.database_role_members                           |
| sys.databases                                       |
| sys.default_constraints                             |
| sys.destination_data_spaces                         |
| sys.dm_audit_actions                                |
| sys.dm_audit_class_type_map                         |
| sys.dm_broker_activated_tasks                       |
| sys.dm_broker_connections                           |
| sys.dm_broker_forwarded_messages                    |
| sys.dm_broker_queue_monitors                        |
| sys.dm_cdc_errors                                   |
| sys.dm_cdc_log_scan_sessions                        |
| sys.dm_clr_appdomains                               |
| sys.dm_clr_loaded_assemblies                        |
| sys.dm_clr_properties                               |
| sys.dm_clr_tasks                                    |
| sys.dm_cryptographic_provider_properties            |
| sys.dm_database_encryption_keys                     |
| sys.dm_db_file_space_usage                          |
| sys.dm_db_index_usage_stats                         |
| sys.dm_db_mirroring_auto_page_repair                |
| sys.dm_db_mirroring_connections                     |
| sys.dm_db_mirroring_past_actions                    |
| sys.dm_db_missing_index_details                     |
| sys.dm_db_missing_index_group_stats                 |
| sys.dm_db_missing_index_groups                      |
| sys.dm_db_partition_stats                           |
| sys.dm_db_persisted_sku_features                    |
| sys.dm_db_script_level                              |
| sys.dm_db_session_space_usage                       |
| sys.dm_db_task_space_usage                          |
| sys.dm_exec_background_job_queue_stats              |
| sys.dm_exec_background_job_queue_stats              |
| sys.dm_exec_cached_plans                            |
| sys.dm_exec_connections                             |
| sys.dm_exec_procedure_stats                         |
| sys.dm_exec_query_memory_grants                     |
| sys.dm_exec_query_optimizer_info                    |
| sys.dm_exec_query_resource_semaphores               |
| sys.dm_exec_query_stats                             |
| sys.dm_exec_query_transformation_stats              |
| sys.dm_exec_requests                                |
| sys.dm_exec_sessions                                |
| sys.dm_exec_trigger_stats                           |
| sys.dm_filestream_file_io_handles                   |
| sys.dm_filestream_file_io_requests                  |
| sys.dm_fts_active_catalogs                          |
| sys.dm_fts_fdhosts                                  |
| sys.dm_fts_index_population                         |
| sys.dm_fts_memory_buffers                           |
| sys.dm_fts_memory_pools                             |
| sys.dm_fts_outstanding_batches                      |
| sys.dm_fts_population_ranges                        |
| sys.dm_io_backup_tapes                              |
| sys.dm_io_cluster_shared_drives                     |
| sys.dm_io_pending_io_requests                       |
| sys.dm_os_buffer_descriptors                        |
| sys.dm_os_child_instances                           |
| sys.dm_os_cluster_nodes                             |
| sys.dm_os_dispatcher_pools                          |
| sys.dm_os_dispatchers                               |
| sys.dm_os_hosts                                     |
| sys.dm_os_latch_stats                               |
| sys.dm_os_loaded_modules                            |
| sys.dm_os_memory_allocations                        |
| sys.dm_os_memory_brokers                            |
| sys.dm_os_memory_cache_clock_hands                  |
| sys.dm_os_memory_cache_counters                     |
| sys.dm_os_memory_cache_entries                      |
| sys.dm_os_memory_cache_hash_tables                  |
| sys.dm_os_memory_clerks                             |
| sys.dm_os_memory_node_access_stats                  |
| sys.dm_os_memory_nodes                              |
| sys.dm_os_memory_objects                            |
| sys.dm_os_memory_pools                              |
| sys.dm_os_nodes                                     |
| sys.dm_os_performance_counters                      |
| sys.dm_os_process_memory                            |
| sys.dm_os_ring_buffers                              |
| sys.dm_os_schedulers                                |
| sys.dm_os_spinlock_stats                            |
| sys.dm_os_stacks                                    |
| sys.dm_os_sublatches                                |
| sys.dm_os_sys_info                                  |
| sys.dm_os_sys_memory                                |
| sys.dm_os_tasks                                     |
| sys.dm_os_threads                                   |
| sys.dm_os_virtual_address_dump                      |
| sys.dm_os_wait_stats                                |
| sys.dm_os_waiting_tasks                             |
| sys.dm_os_worker_local_storage                      |
| sys.dm_os_workers                                   |
| sys.dm_qn_subscriptions                             |
| sys.dm_repl_articles                                |
| sys.dm_repl_schemas                                 |
| sys.dm_repl_tranhash                                |
| sys.dm_repl_traninfo                                |
| sys.dm_resource_governor_configuration              |
| sys.dm_resource_governor_resource_pools             |
| sys.dm_resource_governor_workload_groups            |
| sys.dm_server_audit_status                          |
| sys.dm_tran_active_snapshot_database_transactions   |
| sys.dm_tran_active_transactions                     |
| sys.dm_tran_commit_table                            |
| sys.dm_tran_current_snapshot                        |
| sys.dm_tran_current_transaction                     |
| sys.dm_tran_database_transactions                   |
| sys.dm_tran_locks                                   |
| sys.dm_tran_session_transactions                    |
| sys.dm_tran_top_version_generators                  |
| sys.dm_tran_transactions_snapshot                   |
| sys.dm_tran_version_store                           |
| sys.dm_xe_map_values                                |
| sys.dm_xe_object_columns                            |
| sys.dm_xe_objects                                   |
| sys.dm_xe_packages                                  |
| sys.dm_xe_session_event_actions                     |
| sys.dm_xe_session_events                            |
| sys.dm_xe_session_object_columns                    |
| sys.dm_xe_session_targets                           |
| sys.dm_xe_sessions                                  |
| sys.endpoint_webmethods                             |
| sys.endpoints                                       |
| sys.event_notification_event_types                  |
| sys.event_notifications                             |
| sys.events                                          |
| sys.extended_procedures                             |
| sys.extended_properties                             |
| sys.filegroups                                      |
| sys.foreign_key_columns                             |
| sys.foreign_keys                                    |
| sys.fulltext_catalogs                               |
| sys.fulltext_document_types                         |
| sys.fulltext_index_catalog_usages                   |
| sys.fulltext_index_columns                          |
| sys.fulltext_index_fragments                        |
| sys.fulltext_indexes                                |
| sys.fulltext_languages                              |
| sys.fulltext_stoplists                              |
| sys.fulltext_stopwords                              |
| sys.fulltext_system_stopwords                       |
| sys.function_order_columns                          |
| sys.http_endpoints                                  |
| sys.identity_columns                                |
| sys.index_columns                                   |
| sys.indexes                                         |
| sys.internal_tables                                 |
| sys.key_constraints                                 |
| sys.key_encryptions                                 |
| sys.linked_logins                                   |
| sys.login_token                                     |
| sys.master_files                                    |
| sys.master_key_passwords                            |
| sys.message_type_xml_schema_collection_usages       |
| sys.messages                                        |
| sys.module_assembly_usages                          |
| sys.numbered_procedure_parameters                   |
| sys.numbered_procedures                             |
| sys.objects                                         |
| sys.openkeys                                        |
| sys.parameter_type_usages                           |
| sys.parameter_xml_schema_collection_usages          |
| sys.parameters                                      |
| sys.partition_functions                             |
| sys.partition_parameters                            |
| sys.partition_range_values                          |
| sys.partition_schemes                               |
| sys.partitions                                      |
| sys.plan_guides                                     |
| sys.procedures                                      |
| sys.remote_logins                                   |
| sys.remote_service_bindings                         |
| sys.resource_governor_configuration                 |
| sys.resource_governor_resource_pools                |
| sys.resource_governor_workload_groups               |
| sys.routes                                          |
| sys.schemas                                         |
| sys.securable_classes                               |
| sys.server_assembly_modules                         |
| sys.server_audit_specification_details              |
| sys.server_audit_specifications                     |
| sys.server_audits                                   |
| sys.server_event_notifications                      |
| sys.server_event_session_actions                    |
| sys.server_event_session_events                     |
| sys.server_event_session_fields                     |
| sys.server_event_session_targets                    |
| sys.server_event_sessions                           |
| sys.server_events                                   |
| sys.server_file_audits                              |
| sys.server_permissions                              |
| sys.server_principal_credentials                    |
| sys.server_principals                               |
| sys.server_role_members                             |
| sys.server_sql_modules                              |
| sys.server_trigger_events                           |
| sys.server_triggers                                 |
| sys.servers                                         |
| sys.service_broker_endpoints                        |
| sys.service_contract_message_usages                 |
| sys.service_contract_usages                         |
| sys.service_contracts                               |
| sys.service_message_types                           |
| sys.service_queue_usages                            |
| sys.service_queues                                  |
| sys.services                                        |
| sys.soap_endpoints                                  |
| sys.spatial_index_tessellations                     |
| sys.spatial_indexes                                 |
| sys.spatial_reference_systems                       |
| sys.sql_dependencies                                |
| sys.sql_expression_dependencies                     |
| sys.sql_logins                                      |
| sys.sql_modules                                     |
| sys.stats_columns                                   |
| sys.stats_columns                                   |
| sys.symmetric_keys                                  |
| sys.synonyms                                        |
| sys.sysaltfiles                                     |
| sys.syscacheobjects                                 |
| sys.syscharsets                                     |
| sys.syscolumns                                      |
| sys.syscomments                                     |
| sys.sysconfigures                                   |
| sys.sysconstraints                                  |
| sys.syscurconfigs                                   |
| sys.syscursorcolumns                                |
| sys.syscursorrefs                                   |
| sys.syscursors                                      |
| sys.syscursortables                                 |
| sys.sysdatabases                                    |
| sys.sysdepends                                      |
| sys.sysdevices                                      |
| sys.sysfilegroups                                   |
| sys.sysfiles                                        |
| sys.sysforeignkeys                                  |
| sys.sysfulltextcatalogs                             |
| sys.sysindexes                                      |
| sys.sysindexkeys                                    |
| sys.syslanguages                                    |
| sys.syslockinfo                                     |
| sys.syslogins                                       |
| sys.sysmembers                                      |
| sys.sysmessages                                     |
| sys.sysobjects                                      |
| sys.sysoledbusers                                   |
| sys.sysopentapes                                    |
| sys.sysperfinfo                                     |
| sys.syspermissions                                  |
| sys.sysprocesses                                    |
| sys.sysprotects                                     |
| sys.sysreferences                                   |
| sys.sysremotelogins                                 |
| sys.sysservers                                      |
| sys.system_columns                                  |
| sys.system_components_surface_area_configuration    |
| sys.system_internals_allocation_units               |
| sys.system_internals_partition_columns              |
| sys.system_internals_partitions                     |
| sys.system_objects                                  |
| sys.system_parameters                               |
| sys.system_sql_modules                              |
| sys.system_views                                    |
| sys.systypes                                        |
| sys.sysusers                                        |
| sys.table_types                                     |
| sys.tables                                          |
| sys.tcp_endpoints                                   |
| sys.trace_categories                                |
| sys.trace_columns                                   |
| sys.trace_event_bindings                            |
| sys.trace_events                                    |
| sys.trace_subclass_values                           |
| sys.traces                                          |
| sys.transmission_queue                              |
| sys.trigger_event_types                             |
| sys.trigger_events                                  |
| sys.triggers                                        |
| sys.type_assembly_usages                            |
| sys.types                                           |
| sys.user_token                                      |
| sys.via_endpoints                                   |
| sys.views                                           |
| sys.xml_indexes                                     |
| sys.xml_schema_attributes                           |
| sys.xml_schema_collections                          |
| sys.xml_schema_component_placements                 |
| sys.xml_schema_components                           |
| sys.xml_schema_elements                             |
| sys.xml_schema_facets                               |
| sys.xml_schema_model_groups                         |
| sys.xml_schema_namespaces                           |
| sys.xml_schema_types                                |
| sys.xml_schema_wildcard_namespaces                  |
| sys.xml_schema_wildcards                            |
+-----------------------------------------------------+
Database: wccmDemo
[73 tables]
+-----------------------------------------------------+
| AllUserExtendFields                                 |
| ChannelExtends                                      |
| ChannelExtends                                      |
| DataProvider                                        |
| DataSource                                          |
| DataSourceSynStrategy                               |
| DocPercent                                          |
| DocumentAffixes                                     |
| DocumentAffixes                                     |
| DocumentComment                                     |
| DocumentExtends                                     |
| DocumentPictures                                    |
| DocumentSecurityLevel                               |
| DocumentSource                                      |
| DocumentStatus                                      |
| ExtendFieldType                                     |
| ExtendModule                                        |
| ExtendPopedom                                       |
| FinalUserPopedom                                    |
| FormData                                            |
| FormData                                            |
| FormField                                           |
| FormItem                                            |
| FormTemplate                                        |
| HyperLinkWords                                      |
| Info_Public_Applyer                                 |
| Info_Public_Code                                    |
| Info_Public_Common                                  |
| Info_Public_Corporation                             |
| Info_Public_Question                                |
| Info_Public_State                                   |
| IssueApplication                                    |
| IssueQueue                                          |
| IssueTemplate                                       |
| LinkAffixes                                         |
| LogAction                                           |
| LogAction                                           |
| LogObject                                           |
| LogType                                             |
| LogView                                             |
| Manage_Extend_Field                                 |
| ModulePopedom                                       |
| ObjectExtends                                       |
| Organization                                        |
| ReceiveMessage                                      |
| RelativeDocuments                                   |
| ReplaceContent                                      |
| Role                                                |
| Rss                                                 |
| SCIOPopedomItem                                     |
| SecurityOrganization                                |
| SecurityPopedom                                     |
| SecurityPortlet                                     |
| SecurityRole                                        |
| SecurityUser                                        |
| SendMessage                                         |
| Site                                                |
| SiteStatis                                          |
| SoleForm                                            |
| SolePopedom                                         |
| SystemParameter                                     |
| SystemPopedom                                       |
| TempContinueIssue                                   |
| TimeIssuePlan                                       |
| TmpSiteStatis                                       |
| UserCustomHyperLinkWords                            |
| UserCustomHyperLinkWords                            |
| UserCustomIssueStrategy                             |
| UserCustomTemplate                                  |
| WorkFlowInfo                                        |
| _EX_Hits                                            |
| dtproperties                                        |
| py                                                  |
+-----------------------------------------------------+
Database: ASPState
[2 tables]
+-----------------------------------------------------+
| ASPStateTempApplications                            |
| ASPStateTempSessions                                |
+-----------------------------------------------------+

修复方案：

版权声明：转载请注明来源 peter_Q@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：10

确认时间：2015-11-04 14:55

厂商回复：

CNVD确认所述情况，已经转由CNCERT下发给赛尔教育，由其后续协调网站管理单位处置。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0150609

漏洞标题：公共外交某新闻站点SQL注入(可拖走全网库)

相关厂商：cncert国家互联网应急中心

漏洞作者： peter_Q

提交时间：2015-10-31 21:13

修复时间：2015-12-19 14:56

公开时间：2015-12-19 14:56

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 peter_Q@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0150609

漏洞标题：公共外交某新闻站点SQL注入(可拖走全网库)

相关厂商：cncert国家互联网应急中心

漏洞作者： peter_Q

提交时间：2015-10-31 21:13

修复时间：2015-12-19 14:56

公开时间：2015-12-19 14:56

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0150609"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 peter_Q@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：