南京航空航天大学某站注入漏洞，sa用户，dba权限

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0168167

漏洞标题：南京航空航天大学某站注入漏洞，sa用户，dba权限

漏洞作者：路人甲

提交时间：2016-01-08 11:07

修复时间：2016-02-20 15:48

公开时间：2016-02-20 15:48

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-01-08：细节已通知厂商并且等待厂商处理中
2016-01-08：厂商已经确认，细节仅向厂商公开
2016-01-18：细节向核心白帽子及相关领域专家公开
2016-01-28：细节向普通白帽子公开
2016-02-07：细节向实习白帽子公开
2016-02-20：细节向公众公开

简要描述：

南京航空航天大学（Nanjing University of Aeronautics and Astronautics）是中华人民共和国工业和信息化部直属的一所具有航空航天民航[1] 特色的理工类全国重点大学，是国家“211工程”、“985工程优势学科创新平台”重点建设高校之一，是“卓越工程师教育培养计划”、“111计划”入选高校之一，由工业和信息化部、中国民用航空局共同建设。

详细说明：

注入点：http://**.**.**.**/js/main.asp?lh=1

无聊跑了下表，表太多了，未深入

Database: MemberKQ                                                             
[4 tables]
+--------------------------------------------+
| CardRecord                                 |
| dtproperties                               |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: yyy
[4 tables]
+--------------------------------------------+
| dtproperties                               |
| lncjb                                      |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: Northwind
[32 tables]
+--------------------------------------------+
| Categories                                 |
| CustomerCustomerDemo                       |
| CustomerDemographics                       |
| Customers                                  |
| EmployeeTerritories                        |
| Employees                                  |
| Invoices                                   |
| Region                                     |
| Shippers                                   |
| Suppliers                                  |
| Territories                                |
| Alphabetical list of products              |
| Category Sales for 1997                    |
| Current Product List                       |
| Customer and Suppliers by City             |
| Order Details Extended                     |
| Order Details Extended                     |
| Order Subtotals                            |
| Orders Qry                                 |
| Orders Qry                                 |
| Product Sales for 1997                     |
| Products Above Average Price               |
| Products Above Average Price               |
| Products by Category                       |
| Quarterly Orders                           |
| Sales Totals by Amount                     |
| Sales by Category                          |
| Summary of Sales by Quarter                |
| Summary of Sales by Year                   |
| dtproperties                               |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: tempdb
[2 tables]
+--------------------------------------------+
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: needclass
[8 tables]
+--------------------------------------------+
| T_Cmd                                      |
| T_NeedClass                                |
| T_Unit                                     |
| T_Usage                                    |
| V_NeedClass                                |
| dtproperties                               |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: DBWorkAttendance
[68 tables]
+--------------------------------------------+
| Backup_TBMem                               |
| ClassList                                  |
| ImportMemFromExcel                         |
| Invigilate                                 |
| KQMember                                   |
| LoginUsers                                 |
| MeiFeng                                    |
| SID                                        |
| TBClass                                    |
| TBDep                                      |
| TBICCardNo                                 |
| TBInsert                                   |
| TBKQMD2                                    |
| TBMem2                                     |
| TBMem_Dowland                              |
| TBMem_Dowland                              |
| TBMembak                                   |
| TBMemlxy                                   |
| TBOriginRecord080119                       |
| TBOriginRecord080119                       |
| TBOriginRecord080408                       |
| TBOriginRecord1008                         |
| TBOriginRecord2                            |
| TBOriginRecord444                          |
| TBUserPower                                |
| TBUserPower                                |
| TB_Ket_Time                                |
| TB_MEMBER                                  |
| TB_PosInfo_List                            |
| TB_Send_List                               |
| TB_Soyal_Time_List                         |
| TB_XsInfo_List                             |
| VIEW1                                      |
| VIEW2                                      |
| VIEW3                                      |
| VWMem                                      |
| VWOriginRecord                             |
| VWUAUser                                   |
| Vacation                                   |
| bak_TBMem_Dowland                          |
| cl3                                        |
| ddd                                        |
| dtproperties                               |
| gzc2                                       |
| gzc2                                       |
| lxy2                                       |
| lxy2                                       |
| md                                         |
| qqqqq                                      |
| qqqqq                                      |
| sch3333                                    |
| sysconstraints                             |
| syssegments                                |
| temp2                                      |
| temp2                                      |
| x                                          |
| yh                                         |
| yyyy22                                     |
| yyyy3333                                   |
| yyyy3333                                   |
| yyyy55                                     |
| yyyy99                                     |
| yyyy_back                                  |
| yyyy_back                                  |
| zr                                         |
| 名单4444                                       |
| 名单4444                                       |
| kq2.BAK_YYYY                               |
+--------------------------------------------+
Database: nuaa
[31 tables]
+--------------------------------------------+
| bld2                                       |
| bld2                                       |
| book1                                      |
| book2                                      |
| box2                                       |
| box2                                       |
| btn2222                                    |
| btn2222                                    |
| btn2222                                    |
| ctt2222                                    |
| ctt2222                                    |
| ctt2222                                    |
| dtproperties                               |
| page_ad                                    |
| page_btn                                   |
| page_config                                |
| page_ctt_config                            |
| page_sch_box                               |
| page_sch_config                            |
| pic2                                       |
| pic2                                       |
| rlt                                        |
| sch2222                                    |
| sch2222                                    |
| sch2222                                    |
| sysconstraints                             |
| syssegments                                |
| users2                                     |
| users_power2                               |
| users_power2                               |
| users_power2                               |
+--------------------------------------------+
Database: master
[36 tables]
+--------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS       |
| INFORMATION_SCHEMA.COLUMNS                 |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES       |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE  |
| INFORMATION_SCHEMA.DOMAINS                 |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS      |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE        |
| INFORMATION_SCHEMA.PARAMETERS              |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS |
| INFORMATION_SCHEMA.ROUTINES                |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS         |
| INFORMATION_SCHEMA.SCHEMATA                |
| INFORMATION_SCHEMA.TABLES                  |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS       |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES        |
| INFORMATION_SCHEMA.VIEWS                   |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE       |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE        |
| MSreplication_options                      |
| spt_datatype_info_ext                      |
| spt_datatype_info_ext                      |
| spt_fallback_db                            |
| spt_fallback_dev                           |
| spt_fallback_usg                           |
| spt_monitor                                |
| spt_provider_types                         |
| spt_server_info                            |
| spt_values                                 |
| sysconstraints                             |
| syslogins                                  |
| sysoledbusers                              |
| sysopentapes                               |
| sysremotelogins                            |
| syssegments                                |
+--------------------------------------------+
Database: DBKQ
[61 tables]
+--------------------------------------------+
| FFF                                        |
| KQTEMP233                                  |
| KQTEMP233                                  |
| KQTEMP233                                  |
| KQTEMP33                                   |
| KqTemp4                                    |
| TBCCMSACCOUNT                              |
| TBClass                                    |
| TBDep                                      |
| TBInsert                                   |
| TBKQClass                                  |
| TBKQClass                                  |
| TBKQDep                                    |
| TBKQGL                                     |
| TBKQMD111                                  |
| TBKQMD111                                  |
| TBKQMD2                                    |
| TBKQMD333                                  |
| TBKQMD333                                  |
| TBKQMD333                                  |
| TBKQMDbak                                  |
| TBKQTEMPbak0107                            |
| TBKQTEMPbak0107                            |
| TBMem2                                     |
| TBMem2                                     |
| TBMembak                                   |
| TBOriginRecord1008                         |
| TBOriginRecord1008                         |
| TBOriginRecord2                            |
| TBOriginRecord444                          |
| TBUserPower                                |
| TBUserPower                                |
| TB_KQ_INPUT                                |
| TB_KQ_Temp                                 |
| TB_SYS_ACCOUNT                             |
| VIEW1                                      |
| VIEW2                                      |
| VWMem                                      |
| VWOriginRecord                             |
| VWUAUser                                   |
| VW_KqTemp                                  |
| cl3                                        |
| ddd                                        |
| dtproperties                               |
| ee                                         |
| gzc2                                       |
| gzc2                                       |
| kqkh                                       |
| kqtempff33                                 |
| kqtempff33                                 |
| md                                         |
| qqq                                        |
| sysconstraints                             |
| syssegments                                |
| temp2                                      |
| temp2                                      |
| templater2                                 |
| templater2                                 |
| templater33                                |
| yh                                         |
| yyyy                                       |
+--------------------------------------------+
Database: DEDEMSDB
[18 tables]
+--------------------------------------------+
| BuildingInfo                               |
| CourseList                                 |
| CourseUpdateLog                            |
| CourseUpdateLogView                        |
| FactoryInfo                                |
| GoodsBuy                                   |
| GoodsGive                                  |
| GoodsList                                  |
| GoodsUseLog                                |
| GoodsUserList                              |
| MachineList                                |
| MachineListVIEW                            |
| MachineType                                |
| RepairRecord                               |
| Users                                      |
| dtproperties                               |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: lumigent
[7 tables]
+--------------------------------------------+
| leAuditCollectAlerts                       |
| leAuditCollectConfigVars                   |
| leAuditCollectDatabases                    |
| leAuditCollectEventData                    |
| leAuditCollectNotification                 |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: OpenlabPower
[2 tables]
+--------------------------------------------+
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: msdb
[84 tables]
+--------------------------------------------+
| RTblClassDefs                              |
| RTblClassExtension                         |
| RTblDBMProps                               |
| RTblDBXProps                               |
| RTblDTMProps                               |
| RTblDTSProps                               |
| RTblDatabaseVersion                        |
| RTblEQMProps                               |
| RTblEnumerationDef                         |
| RTblEnumerationValueDef                    |
| RTblGENProps                               |
| RTblIfaceDefs                              |
| RTblIfaceHier                              |
| RTblIfaceMem                               |
| RTblMDSProps                               |
| RTblNamedObj                               |
| RTblOLPProps                               |
| RTblParameterDef                           |
| RTblPropDefs                               |
| RTblProps                                  |
| RTblRelColDefs                             |
| RTblRelshipDefs                            |
| RTblRelshipProps                           |
| RTblRelships                               |
| RTblSIMProps                               |
| RTblScriptDefs                             |
| RTblSites                                  |
| RTblSumInfo                                |
| RTblTFMProps                               |
| RTblTypeInfo                               |
| RTblTypeLibs                               |
| RTblUMLProps                               |
| RTblUMXProps                               |
| RTblVersionAdminInfo                       |
| RTblVersions                               |
| RTblWorkspaceItems                         |
| backupfile                                 |
| backupmediafamily                          |
| backupmediaset                             |
| backupset                                  |
| dtproperties                               |
| log_shipping_databases                     |
| log_shipping_monitor                       |
| log_shipping_plan_databases                |
| log_shipping_plan_history                  |
| log_shipping_plans                         |
| log_shipping_primaries                     |
| log_shipping_secondaries                   |
| logmarkhistory                             |
| mswebtasks                                 |
| restorefilegroup                           |
| restorefilegroup                           |
| restorehistory                             |
| sqlagent_info                              |
| sysalerts                                  |
| syscachedcredentials                       |
| syscategories                              |
| sysconstraints                             |
| sysdbmaintplan_databases                   |
| sysdbmaintplan_history                     |
| sysdbmaintplan_jobs                        |
| sysdbmaintplans                            |
| sysdownloadlist                            |
| sysdtscategories                           |
| sysdtspackagelog                           |
| sysdtspackages                             |
| sysdtssteplog                              |
| sysdtstasklog                              |
| sysjobhistory                              |
| sysjobs_view                               |
| sysjobs_view                               |
| sysjobschedules                            |
| sysjobservers                              |
| sysjobsteps                                |
| sysnotifications                           |
| sysoperators                               |
| syssegments                                |
| systargetservergroupmembers                |
| systargetservergroups                      |
| systargetservers_view                      |
| systargetservers_view                      |
| systaskids                                 |
| systasks_view                              |
| systasks_view                              |
+--------------------------------------------+
Database: pubs
[14 tables]
+--------------------------------------------+
| authors                                    |
| discounts                                  |
| employee                                   |
| jobs                                       |
| pub_info                                   |
| publishers                                 |
| roysched                                   |
| sales                                      |
| stores                                     |
| sysconstraints                             |
| syssegments                                |
| titleauthor                                |
| titles                                     |
| titleview                                  |
+--------------------------------------------+
Database: YKT
[3 tables]
+--------------------------------------------+
| TB_Member                                  |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: DBJXFW
[32 tables]
+--------------------------------------------+
| dksq                                       |
| dtproperties                               |
| hf                                         |
| js1                                        |
| js1                                        |
| jsjy                                       |
| jssm                                       |
| jssq                                       |
| jszw                                       |
| kb                                         |
| kcb                                        |
| kj                                         |
| kjsq                                       |
| kjzj                                       |
| ksap                                       |
| kssq                                       |
| login                                      |
| lx                                         |
| ly                                         |
| news                                       |
| sb                                         |
| shebei                                     |
| sysconstraints                             |
| syssegments                                |
| tzks                                       |
| tzks                                       |
| tzqt                                       |
| tztk                                       |
| tztl                                       |
| user                                       |
| xw                                         |
| zj                                         |
+--------------------------------------------+
Database: BBS
[7 tables]
+--------------------------------------------+
| dtproperties                               |
| sysconstraints                             |
| syssegments                                |
| tb_Users                                   |
| tb_bk                                      |
| tb_hf                                      |
| tb_tie                                     |
+--------------------------------------------+
Database: kaoqin
[70 tables]
+--------------------------------------------+
| CardRecord                                 |
| CommLog                                    |
| LostBmRszl                                 |
| LostBmmc                                   |
| MaxPBBH                                    |
| TABLE1                                     |
| TBKQ                                       |
| VIEW1                                      |
| VIEW2                                      |
| VW_EMP1                                    |
| VW_EMP1                                    |
| allkqsj                                    |
| b7020                                      |
| bb7020                                     |
| bcbhremove                                 |
| bcbmremove                                 |
| bell                                       |
| bm                                         |
| bno7020                                    |
| card                                       |
| crjsj1                                     |
| crjsj1                                     |
| crjsjbak                                   |
| crjsjs1                                    |
| crjsjs1                                    |
| dtproperties                               |
| gly                                        |
| jbkqsj1                                    |
| jbkqsj1                                    |
| jqsz                                       |
| jqtj1                                      |
| jqtj1                                      |
| jr                                         |
| kh0md                                      |
| kh0md                                      |
| kqbc                                       |
| kqjsz                                      |
| kqsj1                                      |
| kqsj_temp                                  |
| kqsj_temp                                  |
| kqsj_tp                                    |
| kqsjre                                     |
| lever                                      |
| lscrjsj                                    |
| mama1                                      |
| mama1                                      |
| mama2                                      |
| parameter                                  |
| pb1                                        |
| pb1                                        |
| picture                                    |
| qjcc1                                      |
| qjcc1                                      |
| qjkqsj1                                    |
| qjkqsj1                                    |
| qjkqtj                                     |
| qjlb                                       |
| qjlscrjsj                                  |
| qjsj1                                      |
| qjsj1                                      |
| rszl                                       |
| rz                                         |
| sysconstraints                             |
| syssegments                                |
| xtcs                                       |
| xtszck                                     |
| xtszck                                     |
| 查询1                                          |
| 查询2                                          |
| 查询3                                          |
+--------------------------------------------+
Database: water
[6 tables]
+--------------------------------------------+
| act                                        |
| data                                       |
| dtproperties                               |
| info                                       |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: DBSF
[54 tables]
+--------------------------------------------+
| CJ_BKMDB                                   |
| SF_OUT_ALL                                 |
| SF_OUT_MD                                  |
| TBCET                                      |
| TBFEE_PRINT                                |
| TB_CET                                     |
| TB_Dep                                     |
| TB_Fail_Arrange                            |
| TB_Fail_Arrange                            |
| TB_In_Syn                                  |
| TB_In_Syn                                  |
| TB_Out_ALL                                 |
| TB_Out_Cet                                 |
| TB_Out_Computer                            |
| TB_Out_Fail                                |
| TB_Out_Minor                               |
| TB_Out_ReTry                               |
| TB_Out_Sel                                 |
| TB_Out_Syn                                 |
| TB_Self_ALL                                |
| TB_Self_Cet                                |
| TB_Self_Computer                           |
| TB_Self_Fail                               |
| TB_Self_Fx                                 |
| TB_Self_In1                                |
| TB_Self_In1                                |
| TB_Self_In2                                |
| TB_Self_In3                                |
| TB_Self_MD0913                             |
| TB_Self_MD0913                             |
| TB_Self_MD2222                             |
| TB_Self_Minor                              |
| TB_Self_ReTry                              |
| TB_Self_Sel                                |
| TB_Self_Syn1                               |
| TB_Self_Syn1                               |
| TB_Self_Syn2                               |
| TB_Sfxm                                    |
| c44                                        |
| c66                                        |
| cet42                                      |
| cet42                                      |
| cet62                                      |
| cet62                                      |
| dtproperties                               |
| mdmd                                       |
| member                                     |
| r6                                         |
| sf5                                        |
| sysconstraints                             |
| syssegments                                |
| temp                                       |
| y9                                         |
| 结果                                         |
+--------------------------------------------+
Database: LD2THLELDB4INFO
[17 tables]
+--------------------------------------------+
| QQQQ                                       |
| TBSYSACCOUNTS                              |
| TB_DAXIN_ICK_ISSUE                         |
| TB_GEN_STREAM                              |
| TB_LOSS_INFO_LIST                          |
| TB_RECEIVE_BALANCE_FROM_WATER              |
| TB_RECEIVE_INFO_FROM_CONSUME               |
| TB_RECEIVE_TRADE_FROM_CONSUME              |
| TB_RECEIVE_TRADE_TO_CONSUME                |
| TB_SUB_SYSTEM_INFO                         |
| TB_TRADE_LIST                              |
| TB_WINDPOS_INFO                            |
| TB_WORK_TABLE                              |
| dtproperties                               |
| icreader                                   |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: ggzls
[7 tables]
+--------------------------------------------+
| Permission                                 |
| dtproperties                               |
| labels                                     |
| objects                                    |
| sysconstraints                             |
| syssegments                                |
| users                                      |
+--------------------------------------------+
Database: jxfw
[31 tables]
+--------------------------------------------+
| dksq                                       |
| hf                                         |
| js1                                        |
| js1                                        |
| jsjy                                       |
| jssm                                       |
| jssq                                       |
| jszw                                       |
| kb                                         |
| kcb                                        |
| kj                                         |
| kjsq                                       |
| kjzj                                       |
| ksap                                       |
| kssq                                       |
| login                                      |
| lx                                         |
| ly                                         |
| news                                       |
| sb                                         |
| shebei                                     |
| sysconstraints                             |
| syssegments                                |
| tzks                                       |
| tzks                                       |
| tzqt                                       |
| tztk                                       |
| tztl                                       |
| user                                       |
| xw                                         |
| zj                                         |
+--------------------------------------------+
Database: dyglNew
[13 tables]
+--------------------------------------------+
| Dfxxb                                      |
| Dyjbxxb                                    |
| Jcb                                        |
| Rzb                                        |
| SysUser                                    |
| Xxqkb                                      |
| Ybdysqb                                    |
| Zzhyb                                      |
| Zzjcb                                      |
| Zzjcxxb                                    |
| dtproperties                               |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: model
[2 tables]
+--------------------------------------------+
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: ele_info
[7 tables]
+--------------------------------------------+
| dtproperties                               |
| errant_subject                             |
| single_subject                             |
| student                                    |
| sysconstraints                             |
| syssegments                                |
| teacher                                    |
+--------------------------------------------+
Database: MJSQLDB
[90 tables]
+--------------------------------------------+
| ALARM_DISTRIBUTE                           |
| ALARM_ICON                                 |
| AlarmCondition                             |
| AlarmEvents                                |
| AlarmPoints                                |
| AllName                                    |
| AmmeterPrice                               |
| AmmeterTypeInfo                            |
| AmmeterTypeInfo                            |
| BankBursePersonCheckInfo                   |
| CardLogAnalysis                            |
| CardLogAnalysis                            |
| Config_WorkStation_INT                     |
| Config_WorkStation_STRING                  |
| Container                                  |
| CustomAlarmClass                           |
| DEVICE_ICON                                |
| DOORCAPTURE                                |
| DOWNLOADQUEUE                              |
| DeviceAct                                  |
| DeviceCaptureSetting                       |
| DeviceChannel                              |
| DeviceEvent                                |
| DeviceName                                 |
| DevicePoint                                |
| DispatchCardNO                             |
| Fingerprint                                |
| InherentAlarmClass                         |
| LOG_VIEW                                   |
| LOG_VIEW                                   |
| LinkageAct                                 |
| LinkageCondition                           |
| LinkageEvent                               |
| MAP_INFO                                   |
| MeetingInfo                                |
| MeetingPersonelInfo                        |
| MeetingRoom                                |
| MeetingSign                                |
| NameObject                                 |
| NeedRepairEvent                            |
| ObjectType                                 |
| OpenDoorRcd                                |
| Operator                                   |
| PICTURE_SNAP                               |
| PatrolAnalyzeResult                        |
| PersonelAreaScheme                         |
| Personnel                                  |
| PersonnelSquadArrangeDetail_View           |
| PersonnelSquadArrange_His                  |
| PersonnelSquadArrange_His                  |
| PersonnelSquadArrange_View                 |
| PointValue                                 |
| PrivilegeClass                             |
| PrivilegeClass                             |
| RecordOfDeposit                            |
| RecordOfDeposit                            |
| SPLAN_VIEW                                 |
| SPLAN_VIEW                                 |
| SecurityObjectBind                         |
| SecurityObjectBind                         |
| SecurityType                               |
| Sign                                       |
| SocialSecurity                             |
| SquadArrangeObject_His                     |
| SquadArrangeObject_His                     |
| SquadArrangeObject_View                    |
| SquadSchedule_His                          |
| SquadSchedule_His                          |
| SquadSchedule_View                         |
| Squad_His                                  |
| Squad_His                                  |
| Squad_View                                 |
| TSG2_View                                  |
| TSG_His                                    |
| TSG_His                                    |
| TSG_View                                   |
| TemplateData                               |
| UNSQUAD                                    |
| VERSION                                    |
| WriteLogTypeDefine                         |
| alarm_confirm                              |
| alarm_confirm                              |
| alarm_station_param                        |
| attendance_reader                          |
| custom_alarm_tab                           |
| defend_device                              |
| dtproperties                               |
| relief                                     |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: aspnet
[11 tables]
+--------------------------------------------+
| User                                       |
| apply                                      |
| classrooms                                 |
| dtproperties                               |
| duomeiti                                   |
| kaoqin                                     |
| status                                     |
| stuCard                                    |
| students                                   |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+

漏洞证明：

注入点：http://**.**.**.**/js/main.asp?lh=1

无聊跑了下表，表太多了，未深入

Database: MemberKQ                                                             
[4 tables]
+--------------------------------------------+
| CardRecord                                 |
| dtproperties                               |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: yyy
[4 tables]
+--------------------------------------------+
| dtproperties                               |
| lncjb                                      |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: Northwind
[32 tables]
+--------------------------------------------+
| Categories                                 |
| CustomerCustomerDemo                       |
| CustomerDemographics                       |
| Customers                                  |
| EmployeeTerritories                        |
| Employees                                  |
| Invoices                                   |
| Region                                     |
| Shippers                                   |
| Suppliers                                  |
| Territories                                |
| Alphabetical list of products              |
| Category Sales for 1997                    |
| Current Product List                       |
| Customer and Suppliers by City             |
| Order Details Extended                     |
| Order Details Extended                     |
| Order Subtotals                            |
| Orders Qry                                 |
| Orders Qry                                 |
| Product Sales for 1997                     |
| Products Above Average Price               |
| Products Above Average Price               |
| Products by Category                       |
| Quarterly Orders                           |
| Sales Totals by Amount                     |
| Sales by Category                          |
| Summary of Sales by Quarter                |
| Summary of Sales by Year                   |
| dtproperties                               |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: tempdb
[2 tables]
+--------------------------------------------+
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: needclass
[8 tables]
+--------------------------------------------+
| T_Cmd                                      |
| T_NeedClass                                |
| T_Unit                                     |
| T_Usage                                    |
| V_NeedClass                                |
| dtproperties                               |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: DBWorkAttendance
[68 tables]
+--------------------------------------------+
| Backup_TBMem                               |
| ClassList                                  |
| ImportMemFromExcel                         |
| Invigilate                                 |
| KQMember                                   |
| LoginUsers                                 |
| MeiFeng                                    |
| SID                                        |
| TBClass                                    |
| TBDep                                      |
| TBICCardNo                                 |
| TBInsert                                   |
| TBKQMD2                                    |
| TBMem2                                     |
| TBMem_Dowland                              |
| TBMem_Dowland                              |
| TBMembak                                   |
| TBMemlxy                                   |
| TBOriginRecord080119                       |
| TBOriginRecord080119                       |
| TBOriginRecord080408                       |
| TBOriginRecord1008                         |
| TBOriginRecord2                            |
| TBOriginRecord444                          |
| TBUserPower                                |
| TBUserPower                                |
| TB_Ket_Time                                |
| TB_MEMBER                                  |
| TB_PosInfo_List                            |
| TB_Send_List                               |
| TB_Soyal_Time_List                         |
| TB_XsInfo_List                             |
| VIEW1                                      |
| VIEW2                                      |
| VIEW3                                      |
| VWMem                                      |
| VWOriginRecord                             |
| VWUAUser                                   |
| Vacation                                   |
| bak_TBMem_Dowland                          |
| cl3                                        |
| ddd                                        |
| dtproperties                               |
| gzc2                                       |
| gzc2                                       |
| lxy2                                       |
| lxy2                                       |
| md                                         |
| qqqqq                                      |
| qqqqq                                      |
| sch3333                                    |
| sysconstraints                             |
| syssegments                                |
| temp2                                      |
| temp2                                      |
| x                                          |
| yh                                         |
| yyyy22                                     |
| yyyy3333                                   |
| yyyy3333                                   |
| yyyy55                                     |
| yyyy99                                     |
| yyyy_back                                  |
| yyyy_back                                  |
| zr                                         |
| 名单4444                                       |
| 名单4444                                       |
| kq2.BAK_YYYY                               |
+--------------------------------------------+
Database: nuaa
[31 tables]
+--------------------------------------------+
| bld2                                       |
| bld2                                       |
| book1                                      |
| book2                                      |
| box2                                       |
| box2                                       |
| btn2222                                    |
| btn2222                                    |
| btn2222                                    |
| ctt2222                                    |
| ctt2222                                    |
| ctt2222                                    |
| dtproperties                               |
| page_ad                                    |
| page_btn                                   |
| page_config                                |
| page_ctt_config                            |
| page_sch_box                               |
| page_sch_config                            |
| pic2                                       |
| pic2                                       |
| rlt                                        |
| sch2222                                    |
| sch2222                                    |
| sch2222                                    |
| sysconstraints                             |
| syssegments                                |
| users2                                     |
| users_power2                               |
| users_power2                               |
| users_power2                               |
+--------------------------------------------+
Database: master
[36 tables]
+--------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS       |
| INFORMATION_SCHEMA.COLUMNS                 |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES       |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE  |
| INFORMATION_SCHEMA.DOMAINS                 |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS      |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE        |
| INFORMATION_SCHEMA.PARAMETERS              |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS |
| INFORMATION_SCHEMA.ROUTINES                |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS         |
| INFORMATION_SCHEMA.SCHEMATA                |
| INFORMATION_SCHEMA.TABLES                  |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS       |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES        |
| INFORMATION_SCHEMA.VIEWS                   |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE       |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE        |
| MSreplication_options                      |
| spt_datatype_info_ext                      |
| spt_datatype_info_ext                      |
| spt_fallback_db                            |
| spt_fallback_dev                           |
| spt_fallback_usg                           |
| spt_monitor                                |
| spt_provider_types                         |
| spt_server_info                            |
| spt_values                                 |
| sysconstraints                             |
| syslogins                                  |
| sysoledbusers                              |
| sysopentapes                               |
| sysremotelogins                            |
| syssegments                                |
+--------------------------------------------+
Database: DBKQ
[61 tables]
+--------------------------------------------+
| FFF                                        |
| KQTEMP233                                  |
| KQTEMP233                                  |
| KQTEMP233                                  |
| KQTEMP33                                   |
| KqTemp4                                    |
| TBCCMSACCOUNT                              |
| TBClass                                    |
| TBDep                                      |
| TBInsert                                   |
| TBKQClass                                  |
| TBKQClass                                  |
| TBKQDep                                    |
| TBKQGL                                     |
| TBKQMD111                                  |
| TBKQMD111                                  |
| TBKQMD2                                    |
| TBKQMD333                                  |
| TBKQMD333                                  |
| TBKQMD333                                  |
| TBKQMDbak                                  |
| TBKQTEMPbak0107                            |
| TBKQTEMPbak0107                            |
| TBMem2                                     |
| TBMem2                                     |
| TBMembak                                   |
| TBOriginRecord1008                         |
| TBOriginRecord1008                         |
| TBOriginRecord2                            |
| TBOriginRecord444                          |
| TBUserPower                                |
| TBUserPower                                |
| TB_KQ_INPUT                                |
| TB_KQ_Temp                                 |
| TB_SYS_ACCOUNT                             |
| VIEW1                                      |
| VIEW2                                      |
| VWMem                                      |
| VWOriginRecord                             |
| VWUAUser                                   |
| VW_KqTemp                                  |
| cl3                                        |
| ddd                                        |
| dtproperties                               |
| ee                                         |
| gzc2                                       |
| gzc2                                       |
| kqkh                                       |
| kqtempff33                                 |
| kqtempff33                                 |
| md                                         |
| qqq                                        |
| sysconstraints                             |
| syssegments                                |
| temp2                                      |
| temp2                                      |
| templater2                                 |
| templater2                                 |
| templater33                                |
| yh                                         |
| yyyy                                       |
+--------------------------------------------+
Database: DEDEMSDB
[18 tables]
+--------------------------------------------+
| BuildingInfo                               |
| CourseList                                 |
| CourseUpdateLog                            |
| CourseUpdateLogView                        |
| FactoryInfo                                |
| GoodsBuy                                   |
| GoodsGive                                  |
| GoodsList                                  |
| GoodsUseLog                                |
| GoodsUserList                              |
| MachineList                                |
| MachineListVIEW                            |
| MachineType                                |
| RepairRecord                               |
| Users                                      |
| dtproperties                               |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: lumigent
[7 tables]
+--------------------------------------------+
| leAuditCollectAlerts                       |
| leAuditCollectConfigVars                   |
| leAuditCollectDatabases                    |
| leAuditCollectEventData                    |
| leAuditCollectNotification                 |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: OpenlabPower
[2 tables]
+--------------------------------------------+
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: msdb
[84 tables]
+--------------------------------------------+
| RTblClassDefs                              |
| RTblClassExtension                         |
| RTblDBMProps                               |
| RTblDBXProps                               |
| RTblDTMProps                               |
| RTblDTSProps                               |
| RTblDatabaseVersion                        |
| RTblEQMProps                               |
| RTblEnumerationDef                         |
| RTblEnumerationValueDef                    |
| RTblGENProps                               |
| RTblIfaceDefs                              |
| RTblIfaceHier                              |
| RTblIfaceMem                               |
| RTblMDSProps                               |
| RTblNamedObj                               |
| RTblOLPProps                               |
| RTblParameterDef                           |
| RTblPropDefs                               |
| RTblProps                                  |
| RTblRelColDefs                             |
| RTblRelshipDefs                            |
| RTblRelshipProps                           |
| RTblRelships                               |
| RTblSIMProps                               |
| RTblScriptDefs                             |
| RTblSites                                  |
| RTblSumInfo                                |
| RTblTFMProps                               |
| RTblTypeInfo                               |
| RTblTypeLibs                               |
| RTblUMLProps                               |
| RTblUMXProps                               |
| RTblVersionAdminInfo                       |
| RTblVersions                               |
| RTblWorkspaceItems                         |
| backupfile                                 |
| backupmediafamily                          |
| backupmediaset                             |
| backupset                                  |
| dtproperties                               |
| log_shipping_databases                     |
| log_shipping_monitor                       |
| log_shipping_plan_databases                |
| log_shipping_plan_history                  |
| log_shipping_plans                         |
| log_shipping_primaries                     |
| log_shipping_secondaries                   |
| logmarkhistory                             |
| mswebtasks                                 |
| restorefilegroup                           |
| restorefilegroup                           |
| restorehistory                             |
| sqlagent_info                              |
| sysalerts                                  |
| syscachedcredentials                       |
| syscategories                              |
| sysconstraints                             |
| sysdbmaintplan_databases                   |
| sysdbmaintplan_history                     |
| sysdbmaintplan_jobs                        |
| sysdbmaintplans                            |
| sysdownloadlist                            |
| sysdtscategories                           |
| sysdtspackagelog                           |
| sysdtspackages                             |
| sysdtssteplog                              |
| sysdtstasklog                              |
| sysjobhistory                              |
| sysjobs_view                               |
| sysjobs_view                               |
| sysjobschedules                            |
| sysjobservers                              |
| sysjobsteps                                |
| sysnotifications                           |
| sysoperators                               |
| syssegments                                |
| systargetservergroupmembers                |
| systargetservergroups                      |
| systargetservers_view                      |
| systargetservers_view                      |
| systaskids                                 |
| systasks_view                              |
| systasks_view                              |
+--------------------------------------------+
Database: pubs
[14 tables]
+--------------------------------------------+
| authors                                    |
| discounts                                  |
| employee                                   |
| jobs                                       |
| pub_info                                   |
| publishers                                 |
| roysched                                   |
| sales                                      |
| stores                                     |
| sysconstraints                             |
| syssegments                                |
| titleauthor                                |
| titles                                     |
| titleview                                  |
+--------------------------------------------+
Database: YKT
[3 tables]
+--------------------------------------------+
| TB_Member                                  |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: DBJXFW
[32 tables]
+--------------------------------------------+
| dksq                                       |
| dtproperties                               |
| hf                                         |
| js1                                        |
| js1                                        |
| jsjy                                       |
| jssm                                       |
| jssq                                       |
| jszw                                       |
| kb                                         |
| kcb                                        |
| kj                                         |
| kjsq                                       |
| kjzj                                       |
| ksap                                       |
| kssq                                       |
| login                                      |
| lx                                         |
| ly                                         |
| news                                       |
| sb                                         |
| shebei                                     |
| sysconstraints                             |
| syssegments                                |
| tzks                                       |
| tzks                                       |
| tzqt                                       |
| tztk                                       |
| tztl                                       |
| user                                       |
| xw                                         |
| zj                                         |
+--------------------------------------------+
Database: BBS
[7 tables]
+--------------------------------------------+
| dtproperties                               |
| sysconstraints                             |
| syssegments                                |
| tb_Users                                   |
| tb_bk                                      |
| tb_hf                                      |
| tb_tie                                     |
+--------------------------------------------+
Database: kaoqin
[70 tables]
+--------------------------------------------+
| CardRecord                                 |
| CommLog                                    |
| LostBmRszl                                 |
| LostBmmc                                   |
| MaxPBBH                                    |
| TABLE1                                     |
| TBKQ                                       |
| VIEW1                                      |
| VIEW2                                      |
| VW_EMP1                                    |
| VW_EMP1                                    |
| allkqsj                                    |
| b7020                                      |
| bb7020                                     |
| bcbhremove                                 |
| bcbmremove                                 |
| bell                                       |
| bm                                         |
| bno7020                                    |
| card                                       |
| crjsj1                                     |
| crjsj1                                     |
| crjsjbak                                   |
| crjsjs1                                    |
| crjsjs1                                    |
| dtproperties                               |
| gly                                        |
| jbkqsj1                                    |
| jbkqsj1                                    |
| jqsz                                       |
| jqtj1                                      |
| jqtj1                                      |
| jr                                         |
| kh0md                                      |
| kh0md                                      |
| kqbc                                       |
| kqjsz                                      |
| kqsj1                                      |
| kqsj_temp                                  |
| kqsj_temp                                  |
| kqsj_tp                                    |
| kqsjre                                     |
| lever                                      |
| lscrjsj                                    |
| mama1                                      |
| mama1                                      |
| mama2                                      |
| parameter                                  |
| pb1                                        |
| pb1                                        |
| picture                                    |
| qjcc1                                      |
| qjcc1                                      |
| qjkqsj1                                    |
| qjkqsj1                                    |
| qjkqtj                                     |
| qjlb                                       |
| qjlscrjsj                                  |
| qjsj1                                      |
| qjsj1                                      |
| rszl                                       |
| rz                                         |
| sysconstraints                             |
| syssegments                                |
| xtcs                                       |
| xtszck                                     |
| xtszck                                     |
| 查询1                                          |
| 查询2                                          |
| 查询3                                          |
+--------------------------------------------+
Database: water
[6 tables]
+--------------------------------------------+
| act                                        |
| data                                       |
| dtproperties                               |
| info                                       |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: DBSF
[54 tables]
+--------------------------------------------+
| CJ_BKMDB                                   |
| SF_OUT_ALL                                 |
| SF_OUT_MD                                  |
| TBCET                                      |
| TBFEE_PRINT                                |
| TB_CET                                     |
| TB_Dep                                     |
| TB_Fail_Arrange                            |
| TB_Fail_Arrange                            |
| TB_In_Syn                                  |
| TB_In_Syn                                  |
| TB_Out_ALL                                 |
| TB_Out_Cet                                 |
| TB_Out_Computer                            |
| TB_Out_Fail                                |
| TB_Out_Minor                               |
| TB_Out_ReTry                               |
| TB_Out_Sel                                 |
| TB_Out_Syn                                 |
| TB_Self_ALL                                |
| TB_Self_Cet                                |
| TB_Self_Computer                           |
| TB_Self_Fail                               |
| TB_Self_Fx                                 |
| TB_Self_In1                                |
| TB_Self_In1                                |
| TB_Self_In2                                |
| TB_Self_In3                                |
| TB_Self_MD0913                             |
| TB_Self_MD0913                             |
| TB_Self_MD2222                             |
| TB_Self_Minor                              |
| TB_Self_ReTry                              |
| TB_Self_Sel                                |
| TB_Self_Syn1                               |
| TB_Self_Syn1                               |
| TB_Self_Syn2                               |
| TB_Sfxm                                    |
| c44                                        |
| c66                                        |
| cet42                                      |
| cet42                                      |
| cet62                                      |
| cet62                                      |
| dtproperties                               |
| mdmd                                       |
| member                                     |
| r6                                         |
| sf5                                        |
| sysconstraints                             |
| syssegments                                |
| temp                                       |
| y9                                         |
| 结果                                         |
+--------------------------------------------+
Database: LD2THLELDB4INFO
[17 tables]
+--------------------------------------------+
| QQQQ                                       |
| TBSYSACCOUNTS                              |
| TB_DAXIN_ICK_ISSUE                         |
| TB_GEN_STREAM                              |
| TB_LOSS_INFO_LIST                          |
| TB_RECEIVE_BALANCE_FROM_WATER              |
| TB_RECEIVE_INFO_FROM_CONSUME               |
| TB_RECEIVE_TRADE_FROM_CONSUME              |
| TB_RECEIVE_TRADE_TO_CONSUME                |
| TB_SUB_SYSTEM_INFO                         |
| TB_TRADE_LIST                              |
| TB_WINDPOS_INFO                            |
| TB_WORK_TABLE                              |
| dtproperties                               |
| icreader                                   |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: ggzls
[7 tables]
+--------------------------------------------+
| Permission                                 |
| dtproperties                               |
| labels                                     |
| objects                                    |
| sysconstraints                             |
| syssegments                                |
| users                                      |
+--------------------------------------------+
Database: jxfw
[31 tables]
+--------------------------------------------+
| dksq                                       |
| hf                                         |
| js1                                        |
| js1                                        |
| jsjy                                       |
| jssm                                       |
| jssq                                       |
| jszw                                       |
| kb                                         |
| kcb                                        |
| kj                                         |
| kjsq                                       |
| kjzj                                       |
| ksap                                       |
| kssq                                       |
| login                                      |
| lx                                         |
| ly                                         |
| news                                       |
| sb                                         |
| shebei                                     |
| sysconstraints                             |
| syssegments                                |
| tzks                                       |
| tzks                                       |
| tzqt                                       |
| tztk                                       |
| tztl                                       |
| user                                       |
| xw                                         |
| zj                                         |
+--------------------------------------------+
Database: dyglNew
[13 tables]
+--------------------------------------------+
| Dfxxb                                      |
| Dyjbxxb                                    |
| Jcb                                        |
| Rzb                                        |
| SysUser                                    |
| Xxqkb                                      |
| Ybdysqb                                    |
| Zzhyb                                      |
| Zzjcb                                      |
| Zzjcxxb                                    |
| dtproperties                               |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: model
[2 tables]
+--------------------------------------------+
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: ele_info
[7 tables]
+--------------------------------------------+
| dtproperties                               |
| errant_subject                             |
| single_subject                             |
| student                                    |
| sysconstraints                             |
| syssegments                                |
| teacher                                    |
+--------------------------------------------+
Database: MJSQLDB
[90 tables]
+--------------------------------------------+
| ALARM_DISTRIBUTE                           |
| ALARM_ICON                                 |
| AlarmCondition                             |
| AlarmEvents                                |
| AlarmPoints                                |
| AllName                                    |
| AmmeterPrice                               |
| AmmeterTypeInfo                            |
| AmmeterTypeInfo                            |
| BankBursePersonCheckInfo                   |
| CardLogAnalysis                            |
| CardLogAnalysis                            |
| Config_WorkStation_INT                     |
| Config_WorkStation_STRING                  |
| Container                                  |
| CustomAlarmClass                           |
| DEVICE_ICON                                |
| DOORCAPTURE                                |
| DOWNLOADQUEUE                              |
| DeviceAct                                  |
| DeviceCaptureSetting                       |
| DeviceChannel                              |
| DeviceEvent                                |
| DeviceName                                 |
| DevicePoint                                |
| DispatchCardNO                             |
| Fingerprint                                |
| InherentAlarmClass                         |
| LOG_VIEW                                   |
| LOG_VIEW                                   |
| LinkageAct                                 |
| LinkageCondition                           |
| LinkageEvent                               |
| MAP_INFO                                   |
| MeetingInfo                                |
| MeetingPersonelInfo                        |
| MeetingRoom                                |
| MeetingSign                                |
| NameObject                                 |
| NeedRepairEvent                            |
| ObjectType                                 |
| OpenDoorRcd                                |
| Operator                                   |
| PICTURE_SNAP                               |
| PatrolAnalyzeResult                        |
| PersonelAreaScheme                         |
| Personnel                                  |
| PersonnelSquadArrangeDetail_View           |
| PersonnelSquadArrange_His                  |
| PersonnelSquadArrange_His                  |
| PersonnelSquadArrange_View                 |
| PointValue                                 |
| PrivilegeClass                             |
| PrivilegeClass                             |
| RecordOfDeposit                            |
| RecordOfDeposit                            |
| SPLAN_VIEW                                 |
| SPLAN_VIEW                                 |
| SecurityObjectBind                         |
| SecurityObjectBind                         |
| SecurityType                               |
| Sign                                       |
| SocialSecurity                             |
| SquadArrangeObject_His                     |
| SquadArrangeObject_His                     |
| SquadArrangeObject_View                    |
| SquadSchedule_His                          |
| SquadSchedule_His                          |
| SquadSchedule_View                         |
| Squad_His                                  |
| Squad_His                                  |
| Squad_View                                 |
| TSG2_View                                  |
| TSG_His                                    |
| TSG_His                                    |
| TSG_View                                   |
| TemplateData                               |
| UNSQUAD                                    |
| VERSION                                    |
| WriteLogTypeDefine                         |
| alarm_confirm                              |
| alarm_confirm                              |
| alarm_station_param                        |
| attendance_reader                          |
| custom_alarm_tab                           |
| defend_device                              |
| dtproperties                               |
| relief                                     |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+
Database: aspnet
[11 tables]
+--------------------------------------------+
| User                                       |
| apply                                      |
| classrooms                                 |
| dtproperties                               |
| duomeiti                                   |
| kaoqin                                     |
| status                                     |
| stuCard                                    |
| students                                   |
| sysconstraints                             |
| syssegments                                |
+--------------------------------------------+

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：6

确认时间：2016-01-08 12:22

厂商回复：

通知处理中

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0168167

漏洞标题：南京航空航天大学某站注入漏洞，sa用户，dba权限

相关厂商：南京航空航天大学

漏洞作者：路人甲

提交时间：2016-01-08 11:07

修复时间：2016-02-20 15:48

公开时间：2016-02-20 15:48

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0168167

漏洞标题：南京航空航天大学某站注入漏洞，sa用户，dba权限

相关厂商：南京航空航天大学

漏洞作者： 路人甲

提交时间：2016-01-08 11:07

修复时间：2016-02-20 15:48

公开时间：2016-02-20 15:48

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(CCERT教育网应急响应组)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0168167"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云