当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0162411

漏洞标题:期货日报某分站SQL注入漏洞(威胁13个库)

相关厂商:期货日报网

漏洞作者: 路人甲

提交时间:2015-12-19 19:02

修复时间:2016-02-04 17:47

公开时间:2016-02-04 17:47

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-19: 细节已通知厂商并且等待厂商处理中
2015-12-23: 厂商已经确认,细节仅向厂商公开
2016-01-02: 细节向核心白帽子及相关领域专家公开
2016-01-12: 细节向普通白帽子公开
2016-01-22: 细节向实习白帽子公开
2016-02-04: 细节向公众公开

简要描述:

期货日报某分站SQL注入漏洞

详细说明:

注入连接:http://**.**.**.**/Article/Show.aspx?aid=433&id=7
Sa权限 威胁13个库
可 - -os-shell

漏洞证明:

<code>http://**.**.**.**/Article/Show.aspx?aid=433&id=7
期货日报
sa权限
Database: DiplayPlatform
[57 tables]
+-----------------------------------------------------+
| dt_Adbanner |
| dt_Administrator |
| dt_Advertising |
| dt_Article |
| dt_AutoTradeDate |
| dt_BasicData |
| dt_BeginMoney_M |
| dt_BeginMoney_W |
| dt_Breed |
| dt_BuildHtml |
| dt_Channel |
| dt_ChiCangDetail |
| dt_DRBreed |
| dt_DREmptyOrMore |
| dt_DayRanking |
| dt_DealDetail |
| dt_Fund |
| dt_FundNet |
| dt_ImportFailRecord |
| dt_InOrOut_Money_Details |
| dt_Links |
| dt_MRBreed |
| dt_MREmptyOrMore |
| dt_Master |
| dt_Menu |
| dt_MonthRanking |
| dt_Player |
| dt_ProcessDataRecord |
| dt_Role |
| dt_Role_Menu |
| dt_SystemLog |
| dt_TRBreed |
| dt_TREmptyOrMore |
| dt_TotalRanking |
| dt_TradeDate |
| dt_UnwindingDetail |
| dt_WRBreed |
| dt_WREmptyOrMore |
| dt_WeekRanking |
| vw_Article |
| vw_BasicData |
| vw_ChiCangDetail |
| vw_DRBreed |
| vw_DREmptyOrMore |
| vw_DayRanking |
| vw_FundNet |
| vw_MRBreed |
| vw_MREmptyOrMore |
| vw_MonthRanking |
| vw_ProcessDataRecord |
| vw_Role_Menu |
| vw_TRBreed |
| vw_TREmptyOrMore |
| vw_TotalRanking |
| vw_WRBreed |
| vw_WREmptyOrMore |
| vw_WeekRanking |
+-----------------------------------------------------+
Database: ShiPan8
[49 tables]
+-----------------------------------------------------+
| dt_BasicData1 |
| dt_BasicData2 |
| dt_Breed |
| dt_BreedTongJi |
| dt_ChiCangDetail |
| dt_DRBreed |
| dt_DRDayNight |
| dt_DREmptyOrMore |
| dt_DayRanking1 |
| dt_DayRanking2 |
| dt_DealDetail |
| dt_FutureCompany1 |
| dt_FutureCompany2 |
| dt_HoldData |
| dt_ImportFailRecord |
| dt_InOrOut_Money_Details |
| dt_MatchType |
| dt_Player1 |
| dt_Player2 |
| dt_Score1 |
| dt_Score2 |
| dt_Statistical1 |
| dt_Statistical2 |
| dt_TRBreed |
| dt_TRDayNight |
| dt_TREmptyOrMore |
| dt_TimesOpen |
| dt_TimesUnwinding |
| dt_TotalRanking1 |
| dt_TotalRanking2 |
| dt_TradeDate1 |
| dt_TradeDate2 |
| dt_TradeDateCheck |
| dt_UnwindingDetail |
| vw_BasicData1 |
| vw_BasicData2 |
| vw_BreedTongJi |
| vw_DealDetail |
| vw_HoldData |
| vw_Player1 |
| vw_Player2 |
| vw_TRBreed |
| vw_TRDayNight |
| vw_TREmptyOrMore |
| vw_TotalRanking1 |
| vw_TotalRanking11 |
| vw_TotalRanking111 |
| vw_TotalRanking2 |
| vw_TotalRanking22 |
+-----------------------------------------------------+
Database: ShiPan9
[70 tables]
+-----------------------------------------------------+
| dt_BaoMing |
| dt_BasicData1 |
| dt_BasicData2 |
| dt_Breed |
| dt_BreedOut |
| dt_BreedTongJi |
| dt_ChiCangDetail |
| dt_DRBreed |
| dt_DRDayNight |
| dt_DREmptyOrMore |
| dt_DayRanking1 |
| dt_DayRanking2 |
| dt_DealDataOut |
| dt_DealDetail |
| dt_ExchangeOut |
| dt_FutureCompany1 |
| dt_FutureCompany2 |
| dt_HoldData |
| dt_HoldDataOut |
| dt_ImportFailRecord |
| dt_InOrOut_Money_Details |
| dt_OptChiCangDetail |
| dt_OptDealDetail |
| dt_OptExerDetail |
| dt_OptHoldData |
| dt_OptUnwindingDetail |
| dt_Player1 |
| dt_Player2 |
| dt_ProductData |
| dt_ProductPlayer |
| dt_Score1 |
| dt_Score2 |
| dt_SignUp1 |
| dt_SignUp2 |
| dt_Statistical1 |
| dt_Statistical2 |
| dt_TRBreed |
| dt_TRDayNight |
| dt_TREmptyOrMore |
| dt_TimesOpen |
| dt_TimesUnwinding |
| dt_TotalRanking1 |
| dt_TotalRanking2 |
| dt_TradeDate1 |
| dt_TradeDate2 |
| dt_TradeDateCheck |
| dt_UnwindingDetail |
| vw_BasicData1 |
| vw_BasicData2 |
| vw_BreedTongJi |
| vw_CMETotalRanking1 |
| vw_CMETotalRanking2 |
| vw_DealDataOut |
| vw_DealDetail |
| vw_ExchangeBreedOut |
| vw_HoldData |
| vw_HoldDataOut |
| vw_Player1 |
| vw_Player2 |
| vw_ProductData |
| vw_SignUp1 |
| vw_SignUp2 |
| vw_TRBreed |
| vw_TRDayNight |
| vw_TREmptyOrMore |
| vw_TotalRanking1 |
| vw_TotalRanking11 |
| vw_TotalRanking111 |
| vw_TotalRanking2 |
| vw_TotalRanking22 |
+-----------------------------------------------------+
Database: ShiPan6
[40 tables]
+-----------------------------------------------------+
| dt_BasicData |
| dt_Breed |
| dt_ChiCangDetail |
| dt_DRBreed |
| dt_DREmptyOrMore |
| dt_DayRanking |
| dt_DealDetail |
| dt_FutureCompany |
| dt_HoldData |
| dt_ImportFailRecord |
| dt_InOrOut_Money_Details |
| dt_MRBreed |
| dt_MREmptyOrMore |
| dt_MonthRanking |
| dt_Player |
| dt_ProfitRate |
| dt_TRBreed |
| dt_TREmptyOrMore |
| dt_TotalRanking |
| dt_TradeDate |
| dt_UnwindingDetail |
| dt_WRBreed |
| dt_WREmptyOrMore |
| dt_WeekRanking |
| vw_BasicData |
| vw_ChiCangDetail |
| vw_DRBreed |
| vw_DREmptyOrMore |
| vw_DayRanking |
| vw_DealDetail |
| vw_MRBreed |
| vw_MREmptyOrMore |
| vw_MonthRanking |
| vw_Player |
| vw_TRBreed |
| vw_TREmptyOrMore |
| vw_TotalRanking |
| vw_WRBreed |
| vw_WREmptyOrMore |
| vw_WeekRanking |
+-----------------------------------------------------+
Database: tempdb
[6 tables]
+-----------------------------------------------------+
| #7080FE81 |
| #717522BA |
| #726946F3 |
| #735D6B2C |
| #74518F65 |
| #7545B39E |
+-----------------------------------------------------+
Database: msdb
[153 tables]
+-----------------------------------------------------+
| DTA_input |
| DTA_output |
| DTA_progress |
| DTA_reports_column |
| DTA_reports_database |
| DTA_reports_index |
| DTA_reports_indexcolumn |
| DTA_reports_partitionfunction |
| DTA_reports_partitionscheme |
| DTA_reports_query |
| DTA_reports_querycolumn |
| DTA_reports_querydatabase |
| DTA_reports_queryindex |
| DTA_reports_querytable |
| DTA_reports_table |
| DTA_reports_tableview |
| DTA_tuninglog |
| MSdatatype_mappings |
| MSdbms |
| MSdbms_datatype |
| MSdbms_datatype_mapping |
| MSdbms_map |
| backupfile |
| backupfilegroup |
| backupmediafamily |
| backupmediaset |
| backupset |
| log_shipping_monitor_alert |
| log_shipping_monitor_error_detail |
| log_shipping_monitor_history_detail |
| log_shipping_monitor_primary |
| log_shipping_monitor_secondary |
| log_shipping_primaries |
| log_shipping_primary_databases |
| log_shipping_primary_secondaries |
| log_shipping_secondaries |
| log_shipping_secondary |
| log_shipping_secondary_databases |
| logmarkhistory |
| restorefile |
| restorefilegroup |
| restorehistory |
| sqlagent_info |
| suspect_pages |
| sysalerts |
| syscachedcredentials |
| syscategories |
| syscollector_blobs_internal |
| syscollector_collection_items |
| syscollector_collection_items_internal |
| syscollector_collection_sets |
| syscollector_collection_sets_internal |
| syscollector_collector_types |
| syscollector_collector_types_internal |
| syscollector_config_store |
| syscollector_config_store_internal |
| syscollector_execution_log |
| syscollector_execution_log_full |
| syscollector_execution_log_internal |
| syscollector_execution_stats |
| syscollector_execution_stats_internal |
| syscollector_tsql_query_collector |
| sysdatatypemappings |
| sysdbmaintplan_databases |
| sysdbmaintplan_history |
| sysdbmaintplan_jobs |
| sysdbmaintplans |
| sysdownloadlist |
| sysdtscategories |
| sysdtspackagelog |
| sysdtspackages |
| sysdtssteplog |
| sysdtstasklog |
| sysjobactivity |
| sysjobhistory |
| sysjobs |
| sysjobs_view |
| sysjobschedules |
| sysjobservers |
| sysjobsteps |
| sysjobstepslogs |
| sysmail_account |
| sysmail_allitems |
| sysmail_attachments |
| sysmail_attachments_transfer |
| sysmail_configuration |
| sysmail_event_log |
| sysmail_faileditems |
| sysmail_log |
| sysmail_mailattachments |
| sysmail_mailitems |
| sysmail_principalprofile |
| sysmail_profile |
| sysmail_profileaccount |
| sysmail_query_transfer |
| sysmail_send_retries |
| sysmail_sentitems |
| sysmail_server |
| sysmail_servertype |
| sysmail_unsentitems |
| sysmaintplan_log |
| sysmaintplan_logdetail |
| sysmaintplan_plans |
| sysmaintplan_subplans |
| sysmanagement_shared_registered_servers |
| sysmanagement_shared_registered_servers_internal |
| sysmanagement_shared_server_groups |
| sysmanagement_shared_server_groups_internal |
| sysnotifications |
| sysoperators |
| sysoriginatingservers |
| sysoriginatingservers_view |
| syspolicy_conditions |
| syspolicy_conditions_internal |
| syspolicy_configuration |
| syspolicy_configuration_internal |
| syspolicy_execution_internal |
| syspolicy_facet_events |
| syspolicy_management_facets |
| syspolicy_object_sets |
| syspolicy_object_sets_internal |
| syspolicy_policies |
| syspolicy_policies_internal |
| syspolicy_policy_categories |
| syspolicy_policy_categories_internal |
| syspolicy_policy_category_subscriptions |
| syspolicy_policy_category_subscriptions_internal |
| syspolicy_policy_execution_history |
| syspolicy_policy_execution_history_details |
| syspolicy_policy_execution_history_details_internal |
| syspolicy_policy_execution_history_internal |
| syspolicy_system_health_state |
| syspolicy_system_health_state_internal |
| syspolicy_target_set_levels |
| syspolicy_target_set_levels_internal |
| syspolicy_target_sets |
| syspolicy_target_sets_internal |
| sysproxies |
| sysproxylogin |
| sysproxyloginsubsystem_view |
| sysproxysubsystem |
| sysschedules |
| sysschedules_localserver_view |
| syssessions |
| sysssislog |
| sysssispackagefolders |
| sysssispackages |
| syssubsystems |
| systargetservergroupmembers |
| systargetservergroups |
| systargetservers |
| systargetservers_view |
| systaskids |
+-----------------------------------------------------+
Database: ShiPan7
[37 tables]
+-----------------------------------------------------+
| dt_BasicData |
| dt_Breed |
| dt_ChiCangDetail |
| dt_DRBreed |
| dt_DREmptyOrMore |
| dt_DayRanking |
| dt_DealDetail |
| dt_FutureCompany |
| dt_HoldData |
| dt_ImportFailRecord |
| dt_InOrOut_Money_Details |
| dt_Judge |
| dt_JudgeScore |
| dt_MRBreed |
| dt_MREmptyOrMore |
| dt_MonthRanking |
| dt_Player |
| dt_ProfitRate |
| dt_Score |
| dt_Statistical |
| dt_Statistical2 |
| dt_TRBreed |
| dt_TREmptyOrMore |
| dt_TotalRanking |
| dt_TradeDate |
| dt_UnwindingDetail |
| dt_WRBreed |
| dt_WREmptyOrMore |
| dt_WeekRanking |
| vw_BasicData |
| vw_DealDetail |
| vw_HoldData |
| vw_Player |
| vw_Statistical2 |
| vw_TRBreed |
| vw_TotalRanking |
| vw_TotalRanking2 |
+-----------------------------------------------------+
Database: ReportServer$SQL2008
[33 tables]
+-----------------------------------------------------+
| ActiveSubscriptions |
| Batch |
| CachePolicy |
| Catalog |
| ChunkData |
| ChunkSegmentMapping |
| ConfigurationInfo |
| DataSource |
| Event |
| ExecutionLog |
| ExecutionLog2 |
| ExecutionLogStorage |
| History |
| Keys |
| ModelDrill |
| ModelItemPolicy |
| ModelPerspective |
| Notifications |
| Policies |
| PolicyUserRole |
| ReportSchedule |
| Roles |
| RunningJobs |
| Schedule |
| SecData |
| Segment |
| SegmentedChunk |
| ServerParametersInstance |
| SnapshotData |
| Subscriptions |
| SubscriptionsBeingDeleted |
| UpgradeInfo |
| Users |
+-----------------------------------------------------+
Database: master
[360 tables]
+-----------------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS |
| INFORMATION_SCHEMA.COLUMNS |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE |
| INFORMATION_SCHEMA.DOMAINS |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE |
| INFORMATION_SCHEMA.PARAMETERS |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS |
| INFORMATION_SCHEMA.ROUTINES |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS |
| INFORMATION_SCHEMA.SCHEMATA |
| INFORMATION_SCHEMA.TABLES |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES |
| INFORMATION_SCHEMA.VIEWS |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE |
| MSreplication_options |
| spt_fallback_db |
| spt_fallback_dev |
| spt_fallback_usg |
| spt_monitor |
| spt_values |
| sys.all_columns |
| sys.all_objects |
| sys.all_parameters |
| sys.all_sql_modules |
| sys.all_views |
| sys.allocation_units |
| sys.assemblies |
| sys.assembly_files |
| sys.assembly_modules |
| sys.assembly_references |
| sys.assembly_types |
| sys.asymmetric_keys |
| sys.backup_devices |
| sys.certificates |
| sys.change_tracking_databases |
| sys.change_tracking_tables |
| sys.check_constraints |
| sys.column_type_usages |
| sys.column_xml_schema_collection_usages |
| sys.columns |
| **.**.**.**puted_columns |
| sys.configurations |
| sys.conversation_endpoints |
| sys.conversation_groups |
| sys.conversation_priorities |
| sys.credentials |
| sys.crypt_properties |
| sys.cryptographic_providers |
| sys.data_spaces |
| sys.database_audit_specification_details |
| sys.database_audit_specifications |
| sys.database_files |
| sys.database_mirroring |
| sys.database_mirroring_endpoints |
| sys.database_mirroring_witnesses |
| sys.database_permissions |
| sys.database_principal_aliases |
| sys.database_principals |
| sys.database_recovery_status |
| sys.database_role_members |
| sys.databases |
| sys.default_constraints |
| sys.destination_data_spaces |
| sys.dm_audit_actions |
| sys.dm_audit_class_type_map |
| sys.dm_broker_activated_tasks |
| sys.dm_broker_connections |
| sys.dm_broker_forwarded_messages |
| sys.dm_broker_queue_monitors |
| sys.dm_cdc_errors |
| sys.dm_cdc_log_scan_sessions |
| sys.dm_clr_appdomains |
| sys.dm_clr_loaded_assemblies |
| sys.dm_clr_properties |
| sys.dm_clr_tasks |
| sys.dm_cryptographic_provider_properties |
| sys.dm_database_encryption_keys |
| sys.dm_db_file_space_usage |
| sys.dm_db_index_usage_stats |
| sys.dm_db_mirroring_auto_page_repair |
| sys.dm_db_mirroring_connections |
| sys.dm_db_mirroring_past_actions |
| sys.dm_db_missing_index_details |
| sys.dm_db_missing_index_group_stats |
| sys.dm_db_missing_index_groups |
| sys.dm_db_partition_stats |
| sys.dm_db_persisted_sku_features |
| sys.dm_db_script_level |
| sys.dm_db_session_space_usage |
| sys.dm_db_task_space_usage |
| sys.dm_exec_background_job_queue |
| sys.dm_exec_background_job_queue_stats |
| sys.dm_exec_cached_plans |
| sys.dm_exec_connections |
| sys.dm_exec_procedure_stats |
| sys.dm_exec_query_memory_grants |
| sys.dm_exec_query_optimizer_info |
| sys.dm_exec_query_resource_semaphores |
| sys.dm_exec_query_stats |
| sys.dm_exec_query_transformation_stats |
| sys.dm_exec_requests |
| sys.dm_exec_sessions |
| sys.dm_exec_trigger_stats |
| sys.dm_filestream_file_io_handles |
| sys.dm_filestream_file_io_requests |
| sys.dm_fts_active_catalogs |
| sys.dm_fts_fdhosts |
| sys.dm_fts_index_population |
| sys.dm_fts_memory_buffers |
| sys.dm_fts_memory_pools |
| sys.dm_fts_outstanding_batches |
| sys.dm_fts_population_ranges |
| sys.dm_io_backup_tapes |
| sys.dm_io_cluster_shared_drives |
| sys.dm_io_pending_io_requests |
| sys.dm_os_buffer_descriptors |
| sys.dm_os_child_instances |
| sys.dm_os_cluster_nodes |
| sys.dm_os_dispatcher_pools |
| sys.dm_os_dispatchers |
| sys.dm_os_hosts |
| sys.dm_os_latch_stats |
| sys.dm_os_loaded_modules |
| sys.dm_os_memory_allocations |
| sys.dm_os_memory_brokers |
| sys.dm_os_memory_cache_clock_hands |
| sys.dm_os_memory_cache_counters |
| sys.dm_os_memory_cache_entries |
| sys.dm_os_memory_cache_hash_tables |
| sys.dm_os_memory_clerks |
| sys.dm_os_memory_node_access_stats |
| sys.dm_os_memory_nodes |
| sys.dm_os_memory_objects |
| sys.dm_os_memory_pools |
| sys.dm_os_nodes |
| sys.dm_os_performance_counters |
| sys.dm_os_process_memory |
| sys.dm_os_ring_buffers |
| sys.dm_os_schedulers |
| sys.dm_os_spinlock_stats |
| sys.dm_os_stacks |
| sys.dm_os_sublatches |
| sys.dm_os_sys_info |
| sys.dm_os_sys_memory |
| sys.dm_os_tasks |
| sys.dm_os_threads |
| sys.dm_os_virtual_address_dump |
| sys.dm_os_wait_stats |
| sys.dm_os_waiting_tasks |
| sys.dm_os_worker_local_storage |
| sys.dm_os_workers |
| sys.dm_qn_subscriptions |
| sys.dm_repl_articles |
| sys.dm_repl_schemas |
| sys.dm_repl_tranhash |
| sys.dm_repl_traninfo |
| sys.dm_resource_governor_configuration |
| sys.dm_resource_governor_resource_pools |
| sys.dm_resource_governor_workload_groups |
| sys.dm_server_audit_status |
| sys.dm_tran_active_snapshot_database_transactions |
| sys.dm_tran_active_transactions |
| sys.dm_tran_commit_table |
| sys.dm_tran_current_snapshot |
| sys.dm_tran_current_transaction |
| sys.dm_tran_database_transactions |
| sys.dm_tran_locks |
| sys.dm_tran_session_transactions |
| sys.dm_tran_top_version_generators |
| sys.dm_tran_transactions_snapshot |
| sys.dm_tran_version_store |
| sys.dm_xe_map_values |
| sys.dm_xe_object_columns |
| sys.dm_xe_objects |
| sys.dm_xe_packages |
| sys.dm_xe_session_event_actions |
| sys.dm_xe_session_events |
| sys.dm_xe_session_object_columns |
| sys.dm_xe_session_targets |
| sys.dm_xe_sessions |
| sys.endpoint_webmethods |
| sys.endpoints |
| sys.event_notification_event_types |
| sys.event_notifications |
| sys.events |
| sys.extended_procedures |
| sys.extended_properties |
| sys.filegroups |
| sys.foreign_key_columns |
| sys.foreign_keys |
| sys.fulltext_catalogs |
| sys.fulltext_document_types |
| sys.fulltext_index_catalog_usages |
| sys.fulltext_index_columns |
| sys.fulltext_index_fragments |
| sys.fulltext_indexes |
| sys.fulltext_languages |
| sys.fulltext_stoplists |
| sys.fulltext_stopwords |
| sys.fulltext_system_stopwords |
| sys.function_order_columns |
| sys.http_endpoints |
| sys.identity_columns |
| sys.index_columns |
| sys.indexes |
| sys.internal_tables |
| sys.key_constraints |
| sys.key_encryptions |
| sys.linked_logins |
| sys.login_token |
| sys.master_files |
| sys.master_key_passwords |
| sys.message_type_xml_schema_collection_usages |
| sys.messages |
| sys.module_assembly_usages |
| sys.numbered_procedure_parameters |
| sys.numbered_procedures |
| sys.objects |
| sys.openkeys |
| sys.parameter_type_usages |
| sys.parameter_xml_schema_collection_usages |
| sys.parameters |
| sys.partition_functions |
| sys.partition_parameters |
| sys.partition_range_values |
| sys.partition_schemes |
| sys.partitions |
| sys.plan_guides |
| sys.procedures |
| sys.remote_logins |
| sys.remote_service_bindings |
| sys.resource_governor_configuration |
| sys.resource_governor_resource_pools |
| sys.resource_governor_workload_groups |
| sys.routes |
| sys.schemas |
| sys.securable_classes |
| sys.server_assembly_modules |
| sys.server_audit_specification_details |
| sys.server_audit_specifications |
| sys.server_audits |
| sys.server_event_notifications |
| sys.server_event_session_actions |
| sys.server_event_session_events |
| sys.server_event_session_fields |
| sys.server_event_session_targets |
| sys.server_event_sessions |
| sys.server_events |
| sys.server_file_audits |
| sys.server_permissions |
| sys.server_principal_credentials |
| sys.server_principals |
| sys.server_role_members |
| sys.server_sql_modules |
| sys.server_trigger_events |
| sys.server_triggers |
| sys.servers |
| sys.service_broker_endpoints |
| sys.service_contract_message_usages |
| sys.service_contract_usages |
| sys.service_contracts |
| sys.service_message_types |
| sys.service_queue_usages |
| sys.service_queues |
| sys.services |
| sys.soap_endpoints |
| sys.spatial_index_tessellations |
| sys.spatial_indexes |
| sys.spatial_reference_systems |
| sys.sql_dependencies |
| sys.sql_expression_dependencies |
| sys.sql_logins |
| sys.sql_modules |
| sys.stats |
| sys.stats_columns |
| sys.symmetric_keys |
| sys.synonyms |
| sys.sysaltfiles |
| sys.syscacheobjects |
| sys.syscharsets |
| sys.syscolumns |
| sys.syscomments |
| sys.sysconfigures |
| sys.sysconstraints |
| sys.syscurconfigs |
| sys.syscursorcolumns |
| sys.syscursorrefs |
| sys.syscursors |
| sys.syscursortables |
| sys.sysdatabases |
| sys.sysdepends |
| sys.sysdevices |
| sys.sysfilegroups |
| sys.sysfiles |
| sys.sysforeignkeys |
| sys.sysfulltextcatalogs |
| sys.sysindexes |
| sys.sysindexkeys |
| sys.syslanguages |
| sys.syslockinfo |
| sys.syslogins |
| sys.sysmembers |
| sys.sysmessages |
| sys.sysobjects |
| sys.sysoledbusers |
| sys.sysopentapes |
| sys.sysperfinfo |
| sys.syspermissions |
| sys.sysprocesses |
| sys.sysprotects |
| sys.sysreferences |
| sys.sysremotelogins |
| sys.sysservers |
| sys.system_columns |
| sys.system_components_surface_area_configuration |
| sys.system_internals_allocation_units |
| sys.system_internals_partition_columns |
| sys.system_internals_partitions |
| sys.system_objects |
| sys.system_parameters |
| sys.system_sql_modules |
| sys.system_views |
| sys.systypes |
| sys.sysusers |
| sys.table_types |
| sys.tables |
| sys.tcp_endpoints |
| sys.trace_categories |
| sys.trace_columns |
| sys.trace_event_bindings |
| sys.trace_events |
| sys.trace_subclass_values |
| sys.traces |
| sys.transmission_queue |
| sys.trigger_event_types |
| sys.trigger_events |
| sys.triggers |
| sys.type_assembly_usages |
| sys.types |
| sys.user_token |
| sys.via_endpoints |
| sys.views |
| sys.xml_indexes |
| sys.xml_schema_attributes |
| sys.xml_schema_collections |
| sys.xml_schema_component_placements |
| sys.xml_schema_components |
| sys.xml_schema_elements |
| sys.xml_schema_facets |
| sys.xml_schema_model_groups |
| sys.xml_schema_namespaces |
| sys.xml_schema_types |
| sys.xml_schema_wildcard_namespaces |
| sys.xml_schema_wildcards |
+-----------------------------------------------------+
Database: DP
[99 tables]
+-----------------------------------------------------+
| dt_Adbanner |
| dt_Administrator |
| dt_Advertising |
| dt_Article |
| dt_AutoTradeDate |
| dt_BasicData |
| dt_Breed |
| dt_BuildHtml |
| dt_ChCStatistics |
| dt_Channel |
| dt_ChiCangDetail |
| dt_Comment |
| dt_Comment_Filter |
| dt_DRBreed |
| dt_DRDayNight |
| dt_DREmptyOrMore |
| dt_DayRanking |
| dt_DayStatistics |
| dt_DealDetail |
| dt_DealStatistics |
| dt_Funds |
| dt_InOrOut_Money_Details |
| dt_InvestCEO |
| dt_InvestCEOBackground |
| dt_InvestOrg |
| dt_InvestStrategy |
| dt_IsStop |
| dt_Links |
| dt_MRBreed |
| dt_MRDayNight |
| dt_MREmptyOrMore |
| dt_Menu |
| dt_MonthRanking |
| dt_OrgNature |
| dt_OrgPerson |
| dt_PCStatistics |
| dt_PTArea |
| dt_PTBasicData |
| dt_PTData |
| dt_PTInOrOut_Money_Details |
| dt_PTInvestCEO |
| dt_PTNature |
| dt_PTOther |
| dt_PTPassage |
| dt_PTRecommendMan |
| dt_PTTradeDate |
| dt_Player |
| dt_ProductOrders |
| dt_Products |
| dt_Role |
| dt_Role_Menu |
| dt_Section |
| dt_Section_Article |
| dt_SystemLog |
| dt_TRBreed |
| dt_TRDayNight |
| dt_TREmptyOrMore |
| dt_TimesOpen |
| dt_TimesUnwinding |
| dt_TotalRanking |
| dt_TradeDate |
| dt_UnwindingDetail |
| dt_WRBreed |
| dt_WRDayNight |
| dt_WREmptyOrMore |
| dt_WeekRanking |
| dt_YRBreed |
| dt_YRDayNight |
| dt_YREmptyOrMore |
| dt_YearRanking |
| vw_Article |
| vw_BasicData |
| vw_ChiCangDetail |
| vw_Comment |
| vw_DRBreed |
| vw_DRDayNight |
| vw_DREmptyOrMore |
| vw_DayRanking |
| vw_InvestCEO |
| vw_MRBreed |
| vw_MRDayNight |
| vw_MREmptyOrMore |
| vw_MonthRanking |
| vw_Product |
| vw_Product2 |
| vw_ProductOrders |
| vw_Role_Menu |
| vw_TRBreed |
| vw_TRDayNight |
| vw_TREmptyOrMore |
| vw_TotalRanking |
| vw_WRBreed |
| vw_WRDayNight |
| vw_WREmptyOrMore |
| vw_WeekRanking |
| vw_YRBreed |
| vw_YRDayNight |
| vw_YREmptyOrMore |
| vw_YearRanking |
+-----------------------------------------------------+
Database: APP_DBQIHUO
[213 tables]
+-----------------------------------------------------+
| Advertisement |
| Answers |
| Area |
| ArtCombineType |
| ArtHotWord |
| ArtImg |
| ArtInformationType |
| ArtKeyWord |
| ArtMenuDetail |
| ArtReviewDetail |
| ArtTopic |
| ArtTopicDetail |
| ArtTopicTemplate |
| Article |
| ArticlePrice |
| Author |
| AuthorInfo |
| BlogArtComment |
| BlogArticles |
| BlogArticlesImg |
| BlogLabels |
| BlogSettings |
| BookBasket |
| BookInfo |
| BookOfFind |
| BookOrderList |
| BookOrders |
| BookReview |
| BooksClassed |
| BooksInfo |
| Calendar |
| Class |
| ClientVisit |
| CollectBook |
| Company |
| CompanyManager |
| DataCenter |
| EmailGroup |
| EmailHeadImg |
| EmailManList |
| ErrorLogs |
| ForeignExchange |
| FriendLink |
| FriendLinkClassed |
| FutureHall |
| FutureHall_Man |
| FuturePDF |
| InfoCombineType |
| InfoMaster |
| InfoReplyDetail |
| Lecture_Comment |
| Lecture_Issue |
| LightTradeInfo |
| Masters |
| Member |
| MemberArtBlogImg |
| MemberCode |
| MemberFee |
| MemberFriend |
| MemberIP |
| MemberLoginInfo |
| MemberOnLine |
| MemberOrderService |
| MemberPoints |
| MemberVisitUrl |
| MenuOperation |
| MenuTree |
| MessageBoard |
| MyFavorite |
| NewsPaper |
| NewspaperData |
| NewspaperDataImg |
| OrderAddressInfo |
| PI_BeginMoney_M |
| Picture |
| Place |
| PlayerInfo |
| PlayerStatus |
| PointsRule |
| PowerOperation |
| ProgramTrading |
| Questions |
| SeniorManager |
| ShortMessage |
| SupplyService |
| SystemLogs |
| TableModule |
| TopicData |
| TopicDataImg |
| TopicImg |
| TopicMenu |
| TopicModule |
| TraderInfo |
| TreeCode |
| TypeAreaArtDetail |
| TypeAreaClassed |
| TypeAreaNewsPaper |
| Vote |
| VoteIPList |
| VoteType |
| WeightTradeInfo |
| WorkGroup |
| Worker |
| WorkerPopedom |
| dt_Register |
| meet_InterviewState |
| meet_Interviewer |
| meet_Message |
| meet_Problem |
| meet_SaloonIssue |
| meet_SchemeProject |
| sysdiagrams |
| tb_TouGao |
| tmpTable |
| tmpTable1 |
| vote_ClassType |
| vote_Judge |
| vote_NetPoint |
| vote_NetPoint5 |
| vote_OscarClass |
| vote_PlayerData |
| vote_PlayerRelateOscar |
| vote_PlayerRelateReport |
| vote_PointWord |
| vote_ReportClass |
| vw_AllArticleInfo |
| vw_ArtImg |
| vw_ArtKeyWord |
| vw_ArtMailList |
| vw_ArtReviewList |
| vw_ArtTopic |
| vw_ArtTopic2 |
| vw_ArtTopicByTop_LGY |
| vw_Article |
| vw_ArticleByTop_LGY |
| vw_ArticleImg_QueryTopone |
| vw_ArticleInfoUp |
| vw_ArticleMenuInfo |
| vw_ArticlePrice |
| vw_ArticleTopicInfo |
| vw_ArticleTopicMenu |
| vw_Articletop1000 |
| vw_AuthorInfo |
| vw_BlogArtComment |
| vw_BlogArticles |
| vw_BlogArticlesList |
| vw_BlogSettingsInfo |
| vw_BolgFriendInfo |
| vw_BookAdvertise |
| vw_BookBasketInfo |
| vw_BookOrders |
| vw_BookReview |
| vw_BooksInfo |
| vw_Calendar |
| vw_ClientVisit |
| vw_CompanyCombine |
| vw_DataCenterInfo |
| vw_FriendLinkClassed |
| vw_FutureHall |
| vw_FutureHall_Man |
| vw_GetMemberCode |
| vw_GetMemberFeeList |
| vw_GetMemberIP |
| vw_InfoCombineType |
| vw_InfoMaster |
| vw_InfoReplyDetail |
| vw_Lecture |
| vw_LectureArticles |
| vw_LectureComment |
| vw_LightTradeInfo |
| vw_LightTradeInfo_M |
| vw_MemberBuyBooksOrder |
| vw_MemberCollectBooks |
| vw_MemberInfo |
| vw_MemberLoginInfo |
| vw_MemberOnLine |
| vw_MemberOrdersInfo |
| vw_MemberPoints |
| vw_MemberStatsitics |
| vw_MemberVisitUrl |
| vw_MemberVisitbyBreed |
| vw_NameplateList |
| vw_NewMember |
| vw_NewsPaperArtDetail |
| vw_OscarPoint |
| vw_ProgramTrading |
| vw_QiHuoJiGouInfo |
| vw_SendMailList |
| vw_SeniorManagerInfo |
| vw_ShortMessage |
| vw_TableTopicInfo |
| vw_TopicArticleImg |
| vw_TopicArticle_AllImg |
| vw_TopicArticles |
| vw_TopicData |
| vw_TopicModuleInfo |
| vw_TopicPicReport |
| vw_VoteList |
| vw_Vote_AllPlayerRelateOscar |
| vw_Vote_PlayerRelateOscar |
| vw_Vote_PlayerRelateOscar5 |
| vw_Vote_PlayerRelateOscar6 |
| vw_Vote_PlayerRelateReport |
| vw_WeightTradeInfo |
| vw_WeightTradeInfo_M |
| vw_blogLink |
| vw_meet_InterviewProject |
| vw_meet_Interviewer |
| vw_meet_LeaveMessage |
| vw_meet_SaloonArticles |
| vw_meet_SaloonList |
| vw_meet_SaloonMenu |
| vw_memberOrderService |
+-----------------------------------------------------+
Database: WenHua
[19 tables]
+-----------------------------------------------------+
| dt_AutoTradeDate

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-12-23 19:54

厂商回复:

CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。

最新状态:

暂无