芜湖市住房公积金管理中心SQL注入涉及全市公积金缴纳人员信息

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0171043

漏洞标题：芜湖市住房公积金管理中心SQL注入涉及全市公积金缴纳人员信息

漏洞作者： abb

提交时间：2016-01-19 16:48

修复时间：2016-03-05 09:52

公开时间：2016-03-05 09:52

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-01-19：细节已通知厂商并且等待厂商处理中
2016-01-22：厂商已经确认，细节仅向厂商公开
2016-02-01：细节向核心白帽子及相关领域专家公开
2016-02-11：细节向普通白帽子公开
2016-02-21：细节向实习白帽子公开
2016-03-05：细节向公众公开

简要描述：

详细说明：

**.**.**.**:8088/search_wh.aspx

current user:    'YXGJJUSER'
current schema (equivalent to database on Oracle):    'YXGJJUSER'

available databases [22]:
[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] EXFSYS
[*] FLOWS_FILES
[*] MDSYS
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] WMSYS
[*] XDB
[*] YXDWGJJUSER
[*] YXGJJUSER
[*] YXGJJUSERWHJR
[*] YXSCANUSER

[477 tables]
+---------------------------+
| ALL_DW                    |
| BANKKM_DZ_RESULT          |
| BANKKM_MXDZ               |
| BANKKM_TEMP_DAY_DZ        |
| BANKKM_TEMP_DZ            |
| BANK_GRYQDK               |
| COL_CHANGE_CONFIG         |
| DBFJS_TMP                 |
| DKCJ_RECORD               |
| DOC_HJQC_HIS              |
| DOC_HUIJIAO_QINGCE        |
| DWGJJXX                   |
| DWGJJXX_TEMP              |
| DWPININFO                 |
| DWZM201                   |
| DZ_DWXX                   |
| DZ_GRXX                   |
| DZ_RQ                     |
| ENTITY_CHANGE_TEMP        |
| FX_REPORT                 |
| FX_REPORT_SLOG            |
| FX_TJXX                   |
| FX_TJXX_BEIZHU            |
| FX_TJXX_CONFIG            |
| FX_TJXX_FORMULA           |
| FX_TJXX_TEMP              |
| FX_TJXX_ZI                |
| GRGJJCX_RIZHI             |
| GRGJJXX                   |
| GRGJJXX_TMP               |
| GRXINXI_TEMP              |
| GRXX_PWD                  |
| GRZM201_TEMP              |
| GRZM_TEMP                 |
| GRZQZM                    |
| HDSH_CONFIG               |
| HNKY_GRZH                 |
| HNK_GZ                    |
| HNK_TEMP_PZK              |
| HS_QINGCE                 |
| INT_CONFIG                |
| JIESUANXINXI              |
| JIESUANXINXI_COPY         |
| JIESUANXINXI_HIS          |
| JIESUANXINXI_TEMP         |
| JIESUAN_REQUEST           |
| JIEXI_REQUEST             |
| JIEZHUAN_MAP              |
| JOURNEY_CONFIG            |
| JPRINT_COL                |
| JPRINT_COL_BACKUP         |
| JPRINT_PAGE               |
| JPRINT_PAGE_BACKUP        |
| KM                        |
| KMMANAGER_TEMP            |
| KM_TEMP                   |
| LMK_ZHIFU_DATA            |
| LMK_ZHIFU_DZ_DATA         |
| LMK_ZHIFU_DZ_HZ_DATA      |
| MAP_DONG                  |
| MAP_DONG_LOG              |
| MAP_DONG_TEMP             |
| NDGRDK_LOG                |
| ND_BZRXX_MA               |
| ND_DKCESUAN_TMP           |
| ND_GRDKXX                 |
| ND_GRDKYW                 |
| ND_GRDKYW_MA              |
| ND_GRDK_LIXI              |
| ND_GRDK_LIXI_HIS          |
| ND_GRDK_NLL               |
| ND_GRDK_YSLX              |
| ND_GTJKR_TM               |
| ND_GYR_TM                 |
| ND_HKGR_PLAN              |
| ND_ZM                     |
| ND_ZM_HIS                 |
| NEWGD_GRYQDK              |
| NEWGD_OP_CHANGE_BANK      |
| NEWGD_OP_DAIKUAN          |
| NEWGD_OP_HK_HIS           |
| NEWGD_OP_HUANKUAN         |
| NEWGD_OP_HYSLX            |
| N_YINHANG_LIXI            |
| N_ZHONGXIN_DATA           |
| N_ZHONGXIN_LIXI           |
| OPERATION_GENERAL         |
| OPERATION_GJJ_DEFRAY      |
| OPERATION_GJJ_ENTER       |
| OPERATION_GJJ_ENTER_FORGR |
| OPERATION_GJJ_GRBJ        |
| OPERATION_GJJ_GRHJ        |
| OPERATION_GJJ_JIEXI       |
| OPERATION_TIAOZHANG       |
| OPERATION_XIAOHU          |
| OPERATION_ZHUANCHU        |
| OPERATION_ZHUANRU         |
| OPERATION_ZHUANYI         |
| OP_BZJ_TK                 |
| OP_GJJ_ENTER_FORGR_HIS    |
| OP_GJJ_LIXI               |
| OP_HONGCHONG              |
| OP_YHKM_JX                |
| PBCATCOL                  |
| PBCATEDT                  |
| PBCATFMT                  |
| PBCATTBL                  |
| PBCATVLD                  |
| PZH_MAP                   |
| PZH_MAP_DELETED           |
| PZK                       |
| PZK_DELETED               |
| PZK_HIS                   |
| PZ_TEMPLATE               |
| PZ_TEMPLATE_INFO          |
| ROLE_MANAGER_TEMP         |
| RULESCONFIG               |
| SEARCH_CONFIG             |
| SEARCH_CONFIG_TEMP        |
| SIMPLE_GDXX               |
| SIMPLE_GRXX               |
| SIMPLE_YXWT_HKYW          |
| SKR_DIC_TMP               |
| SYNCD_YXGD_KFGS           |
| SYSPAGEPERMISSION         |
| SYSTEM_CONFIG             |
| SYS_APPLICATIONS          |
| SYS_EVENT                 |
| SYS_FIELD                 |
| SYS_FIELDVALUE            |
| SYS_GROUP                 |
| SYS_MODULE                |
| SYS_ONLINE                |
| SYS_ROLEAPPLICATION       |
| SYS_ROLEPERMISSION        |
| SYS_ROLES                 |
| SYS_SYSTEMINFO            |
| SYS_USER                  |
| SYS_USERROLES             |
| SYS_USERROLES_TEMP        |
| SZDZ_GJXX                 |
| SZDZ_GRXX                 |
| SZDZ_GRZM                 |
| TIQU_HUIZONG              |
| TJFXREP_CONFIG            |
| TJFXREP_CONFIG_TMP        |
| TJ_BANK_CONFIG            |
| TZM                       |
| TZM_DIR_TMP               |
| TZM_MAP                   |
| USER_BANKS                |
| USER_INFO                 |
| WBZJZH                    |
| WEB_DWHJ_PRINT            |
| WEB_GD_TUIDAN             |
| WEB_HD_TUIDAN             |
| WEB_QINGCE_TUIDAN         |
| WH_GJJ_KM                 |
| YHJSXX902_TEMP            |
| YHKMJX_TEMP               |
| YHKMXX                    |
| YH_GJJ_DATA               |
| YSGJJ_REMOTE_BANK         |
| YSGJJ_REMOTE_DKBANK       |
| YSGJJ_WDRIGHT             |
| YSGJJ_WDXX                |
| YSGJJ_WD_BANK             |
| YSGJJ_WD_BZJ_BANK         |
| YSGJJ_WD_DKBANK           |
| YSGJJ_WD_FZGS             |
| YSGJJ_WD_JRCZ_BANK        |
| YSGJJ_WD_JRFK_BANK        |
| YSGJJ_WD_JRSK_BANK        |
| YXBANK_DATA               |
| YXBANK_HD_DATA            |
| YXBANK_HD_DATA_HIS        |
| YXBANK_HD_LOG             |
| YXBANK_HUIDAN             |
| YXCOL_NAME_CONFIG         |
| YXCREDENTIALSLIST         |
| YXCRED_CONFIG             |
| YXDATA_ERROR              |
| YXDBND_JIESUAN            |
| YXDKPZ_TEMP               |
| YXDWXX_TEMP               |
| YXDW_SCAN                 |
| YXDW_SCAN_COMPUTER        |
| YXEXCEL_CONFIG            |
| YXFZ_HKD                  |
| YXFZ_HKHZD                |
| YXFZ_HKMX                 |
| YXFZ_REG                  |
| YXFZ_REG_TEMP             |
| YXGDDOC_CREDENT           |
| YXGD_AUTODZ_RESULT        |
| YXGD_BZJZH                |
| YXGD_BZJZHLX              |
| YXGD_BZJ_ZM               |
| YXGD_BZRXX                |
| YXGD_BZRXX_TEMP           |
| YXGD_CESUAN_DATA          |
| YXGD_CONTROL_TMP          |
| YXGD_CREDENT              |
| YXGD_CRED_TEMP            |
| YXGD_DANGAN               |
| YXGD_DANGAN_HTBG          |
| YXGD_DANGAN_HTBG_TEMP     |
| YXGD_DANGAN_TEMP          |
| YXGD_DATA_TEMP            |
| YXGD_DKTZS                |
| YXGD_DKXINXI              |
| YXGD_DKXINXI_TEMP         |
| YXGD_DZ_RESULT            |
| YXGD_FWXINXI              |
| YXGD_FWXINXI_TEMP         |
| YXGD_GRHK_TEMP            |
| YXGD_GRXINXI              |
| YXGD_GRXINXI_TEMP         |
| YXGD_GTJKR_TEMP           |
| YXGD_GTJKR_TM             |
| YXGD_GYR                  |
| YXGD_GYR_TEMP             |
| YXGD_JIESUAN              |
| YXGD_KFGS                 |
| YXGD_KFGS_BZJZH           |
| YXGD_KFGS_TEMP            |
| YXGD_LOG                  |
| YXGD_NEWSCAN              |
| YXGD_OPLIST               |
| YXGD_SCAN                 |
| YXGD_SCAN_COMPUTER        |
| YXGD_XM                   |
| YXGD_XMKC                 |
| YXGD_XM_TEMP              |
| YXGD_XM_ZJZH              |
| YXGD_YDDK                 |
| YXGD_YHDZ_DATA            |
| YXGD_YHHK_DATA            |
| YXGD_YUQI_DATA            |
| YXGD_ZJ                   |
| YXGD_ZXDZ_DATA            |
| YXGENERAL_SCAN_COMPUTER   |
| YXGF_ZHIQU_TEMP           |
| YXGJJ_AUTODZ_RESULT       |
| YXGJJ_DINGCUN             |
| YXGJJ_DW_LOG              |
| YXGJJ_DZ_RESULT           |
| YXGJJ_FENGCUN             |
| YXGJJ_GRKAIHU             |
| YXGJJ_GR_CONTROL          |
| YXGJJ_GR_LOG              |
| YXGJJ_GR_LOG_HIS          |
| YXGJJ_GZCONFIG            |
| YXGJJ_JIESUAN             |
| YXGJJ_SERVICE             |
| YXGJJ_SIMPLE_JIESUAN      |
| YXGJJ_WZHUANRU_TEMP       |
| YXGJQC_CHANGE_TEMP        |
| YXGJQC_DOC_HJQC_TEMP      |
| YXGJQC_FENGCUN            |
| YXGJQC_FENGCUN_TEMP       |
| YXGJQC_GRKAIHU            |
| YXGJQC_GRKAIHU_TEMP       |
| YXGJQC_NEAR_HJQC_TEMP     |
| YXGJQC_QIFENG             |
| YXGJQC_QIFENG_TEMP        |
| YXGJQC_ZONGHE             |
| YXGJQC_ZONGHE_TEMP        |
| YXGJ_CWZD_TUIDAN          |
| YXGJ_HSQINGCE             |
| YXGJ_HUIJIAO              |
| YXGJ_HUIJIAO_BANKHD       |
| YXGJ_HUIJIAO_TEMP         |
| YXGJ_QINGCE               |
| YXGJ_QINGCE_BACKUP        |
| YXGJ_QINGCE_LOG           |
| YXGJ_QINGCE_TEMP          |
| YXGJ_QINGCE_TUIDAN        |
| YXGRFC_SCAN               |
| YXGRGZ_SCAN               |
| YXGRID_TEMP               |
| YXGRKH_SCAN               |
| YXGRQF_SCAN               |
| YXGRTJ_TEMP               |
| YXGRXX_TEMP               |
| YXGR_SCAN                 |
| YXGR_SCAN_COMPUTER        |
| YXHDREG_SCAN              |
| YXHDREG_SCAN_COMPUTER     |
| YXHD_CRED                 |
| YXHD_CRED_TEMP            |
| YXHD_DATA                 |
| YXHD_GRGJJXX              |
| YXHD_GRGJJXX_TEMP         |
| YXHD_LOG                  |
| YXHD_NEWSCAN              |
| YXHD_SCAN                 |
| YXHD_SCAN_COMPUTER        |
| YXHD_TS_GRFC              |
| YXHD_TS_GRFC_TEMP         |
| YXHD_TS_GRQF              |
| YXHD_TS_GRQF_TEMP         |
| YXHD_TUIDAN               |
| YXHIS_ONLINE_TMP          |
| YXHREG                    |
| YXHREG_MX                 |
| YXINT_LOG                 |
| YXJRGS_WTHK_TEMP          |
| YXLMK_ZHIFU               |
| YXLMK_ZHIFU_LOG           |
| YXLMK_ZHIFU_ZM            |
| YXLOGCONFIG               |
| YXNAME_CONFIG             |
| YXND_HK_PLAN              |
| YXND_HK_PLAN_TEMP         |
| YXND_JIESUAN              |
| YXND_TUOQIAN              |
| YXPRINT_CONFIG            |
| YXPZ_SCAN                 |
| YXPZ_SCAN_COMPUTER        |
| YXQC_NEWSCAN              |
| YXQC_SCAN                 |
| YXQC_SCAN_COMPUTER        |
| YXREP_JECONFIG            |
| YXRH_DWXX                 |
| YXRH_GRXX                 |
| YXSCAN_DBMAP              |
| YXSFZHM_TEMP              |
| YXSMS_CONFIG              |
| YXSMS_SENDER              |
| YXSMS_SLOG                |
| YXSTR_LOG                 |
| YXSYDK_ZM                 |
| YXSYS_INFO                |
| YXSYS_PROGRESS            |
| YXSYS_VERSION             |
| YXTEMPKM                  |
| YXTEMP_PZK                |
| YXTEMP_ZMPRINT_KM         |
| YXUCCOL_CONFIG            |
| YXUSER_COL                |
| YXWD_PZHMAP               |
| YXWD_PZH_MAP              |
| YXWD_PZH_MAP2             |
| YXWD_PZK                  |
| YXWD_PZK2                 |
| YXWTGRID_TEMP             |
| YXWTHKHD_CRED             |
| YXWTHKHD_CRED_TEMP        |
| YXWTHKHD_LOG              |
| YXWTHKHD_SCAN             |
| YXWTHKHD_SCAN_COMPUTER    |
| YXWTHK_CRED               |
| YXWTHK_CRED_TEMP          |
| YXWTHK_HUIDAN_SLOG        |
| YXWTHK_NEWSCAN            |
| YXWTHK_SCAN               |
| YXWTHK_SCAN_COMPUTER      |
| YXWTSRV_SCAN              |
| YXWTSRV_SCAN_COMPUTER     |
| YXWT_GYR                  |
| YXWT_GYR_TEMP             |
| YXWT_HKD                  |
| YXWT_HKDPZ                |
| YXWT_HKHZD                |
| YXWT_HKMX                 |
| YXWT_HKYW                 |
| YXWT_HKYW_TEMP            |
| YXWT_HKYW_YXUPDATE        |
| YXWT_HKYW_YXUPDATE_TEMP   |
| YXWT_JLHD                 |
| YXWT_LOG                  |
| YXWT_SERVICE              |
| YXWT_SYDK_HKD             |
| YXWT_SYDK_HKHZD           |
| YXWT_SYDK_HKMX            |
| YXWT_SYDK_HKZM            |
| YXWT_YHDATA               |
| YXWT_ZHDK                 |
| YXWT_ZHHD                 |
| YXZHIQU_CONTROL           |
| YXZHIQU_DKXX_TEMP         |
| YXZHIQU_DKZM              |
| YXZHIQU_DKZM_TEMP         |
| YXZHIQU_REGISTER          |
| YXZHIQU_REGISTER_TEMP     |
| YXZHIQU_REG_LOG           |
| YXZHIQU_REG_MX            |
| YXZHIQU_REG_MX_TEMP       |
| YXZHIQU_ZM                |
| YX_BANK_LIST              |
| YX_CHECK                  |
| YX_CHECK_MX               |
| YX_CUNZHE_PRINT_TEMP      |
| YX_DANGAN                 |
| YX_DANGAN_DIR             |
| YX_DANGAN_TEMP            |
| YX_GUOZHAI_HUIZONG        |
| YX_GUOZHAI_MINGXI         |
| YX_HD_GRXX_TEMP           |
| YX_HUIDAN                 |
| YX_HUIDAN_BANK_HK         |
| YX_HUIDAN_BZJLX           |
| YX_HUIDAN_BZJLX_TEMP      |
| YX_HUIDAN_BZJ_TKTZS       |
| YX_HUIDAN_BZJ_TKTZS_TEMP  |
| YX_HUIDAN_BZRXX           |
| YX_HUIDAN_DINGCUN         |
| YX_HUIDAN_DINGCUN_TEMP    |
| YX_HUIDAN_DKFF            |
| YX_HUIDAN_DONG            |
| YX_HUIDAN_DWCJ_RECORD     |
| YX_HUIDAN_DWGJJXX         |
| YX_HUIDAN_DW_CUIJIAO      |
| YX_HUIDAN_FZ_REG          |
| YX_HUIDAN_GRBJ            |
| YX_HUIDAN_GRBJ_TEMP       |
| YX_HUIDAN_GRHJ            |
| YX_HUIDAN_GRHJ_TEMP       |
| YX_HUIDAN_GRKAIHU         |
| YX_HUIDAN_GRKAIHU_TEMP    |
| YX_HUIDAN_GUOZHAI         |
| YX_HUIDAN_GUOZHAI_TEMP    |
| YX_HUIDAN_HREG_MX         |
| YX_HUIDAN_HREG_MX_TEMP    |
| YX_HUIDAN_KHZY            |
| YX_HUIDAN_KHZY_PZXX       |
| YX_HUIDAN_KHZY_TEMP       |
| YX_HUIDAN_MD_ND_DATA      |
| YX_HUIDAN_NDHK            |
| YX_HUIDAN_NDHK_PZXX       |
| YX_HUIDAN_NDHK_TEMP       |
| YX_HUIDAN_NDQZXX          |
| YX_HUIDAN_NDQZXX_TEMP     |
| YX_HUIDAN_SLOG            |
| YX_HUIDAN_TIAOZHANG       |
| YX_HUIDAN_TIAOZHANG_TEMP  |
| YX_HUIDAN_XIAOHU          |
| YX_HUIDAN_XIAOHU_TEMP     |
| YX_HUIDAN_XM              |
| YX_HUIDAN_XMDK            |
| YX_HUIDAN_XMDK_TEMP       |
| YX_HUIDAN_YDDK            |
| YX_HUIDAN_YUANYIN         |
| YX_HUIDAN_ZHIQU           |
| YX_HUIDAN_ZHIQU_TEMP      |
| YX_HUIDAN_ZHUANRU         |
| YX_HUIDAN_ZHUANRU_TEMP    |
| YX_HUIDAN_ZHUANYI         |
| YX_HUIDAN_ZHUANYI_TEMP    |
| YX_HUIDAN_ZJD             |
| YX_HUIDAN_ZQBJ            |
| YX_HUIDAN_ZQBJ_TEMP       |
| YX_MESSAGE                |
| YX_MESSAGE_FJ             |
| YX_PAGEID                 |
| YX_PERSON                 |
| YX_SERVICE_CONTROL        |
| YX_XMDK_ZM                |
| YX_XM_DAIKUAN             |
| YX_YHJSXX                 |
| YX_ZHUANHU_XX             |
| ZIDWGJJXX                 |
| ZIFU_CONFIG               |
| ZIFU_CONFIG_BACKUP        |
| ZIFU_HUIZONG              |
| ZIFU_TEMP                 |
| ZJBYHJSLSXX902            |
| ZJB_BANKZM_CHANGE         |
| ZM                        |
| ZM201                     |
| ZM201_HIS                 |
| ZM226                     |
| ZM226_BACKUP              |
| ZM_HIS                    |
| ZXKM_MXDZ                 |
| ZX_GJJ_DATA               |
+---------------------------+

Database: YXGJJUSER
+---------------------------+---------+
| Table                     | Entries |
+---------------------------+---------+
| ZM201                     | 10800246 |
| DOC_HUIJIAO_QINGCE        | 9748336 |
| OPERATION_GJJ_ENTER_FORGR | 6565784 |
| PZK                       | 4855738 |
| ZM                        | 4649875 |
| NEWGD_OP_HUANKUAN         | 4081264 |
| ND_GRDK_LIXI              | 3818983 |
| DWZM201                   | 2623617 |
| YXHD_LOG                  | 2502902 |
| GRZQZM                    | 1293780 |
| YXHD_SCAN                 | 1267175 |
| JIESUANXINXI              | 1255346 |
| OPERATION_GJJ_DEFRAY      | 1084799 |
| OP_GJJ_LIXI               | 1067958 |
| PZH_MAP                   | 922613  |
| YXGJJ_GR_LOG              | 918028  |
| OPERATION_GJJ_GRBJ        | 905890  |
| YX_HUIDAN_GRBJ            | 897408  |
| YX_HUIDAN                 | 786441  |
| YXWT_HKD                  | 763052  |
| YXWT_HKMX                 | 706693  |
| GRGJJXX                   | 626582  |
| YXGJQC_ZONGHE             | 621906  |
| YXHD_SCAN_COMPUTER        | 573329  |
| YXRH_GRXX                 | 559189  |
| YXZHIQU_DKZM              | 538719  |
| YXGD_LOG                  | 536140  |
| YX_HUIDAN_SLOG            | 529163  |
| KMMANAGER_TEMP            | 478916  |
| GRXINXI_TEMP              | 471144  |
| YX_HUIDAN_ZHIQU           | 458096  |
| YXGJ_QINGCE_LOG           | 419499  |
| YXGJQC_NEAR_HJQC_TEMP     | 413492  |
| YXGJJ_JIESUAN             | 377435  |
| N_YINHANG_LIXI            | 358188  |
| YXGD_OPLIST               | 357964  |
| YXHD_CRED                 | 318619  |
| YXGD_SCAN                 | 263873  |
| YXWD_PZK                  | 256514  |
| YXGJQC_DOC_HJQC_TEMP      | 212856  |
| N_ZHONGXIN_LIXI           | 204495  |
| OPERATION_GJJ_ENTER       | 200693  |
| YXWD_PZK2                 | 195810  |
| YXGJQC_GRKAIHU            | 194419  |
| YXGJQC_GRKAIHU_TEMP       | 188811  |
| YXGD_SCAN_COMPUTER        | 180931  |
| ZM226                     | 179519  |
| YXGJQC_FENGCUN            | 174561  |
| YXZHIQU_CONTROL           | 163501  |
| YXGJ_QINGCE               | 160795  |
| DZ_GRXX                   | 155568  |
| YX_HUIDAN_XIAOHU          | 133294  |
| OPERATION_XIAOHU          | 119678  |
| YXGRID_TEMP               | 118330  |
| YX_HUIDAN_GRHJ_TEMP       | 108089  |
| YXZHIQU_REG_LOG           | 105671  |
| YXGJ_HUIJIAO              | 99176   |
| YXZHIQU_REG_MX            | 97919   |
| KM                        | 80997   |
| YXGJJ_DW_LOG              | 77885   |
| YXGJQC_CHANGE_TEMP        | 77250   |
| ND_GRDKXX                 | 76639   |
| ND_GRDKYW                 | 76639   |
| ND_GRDKYW_MA              | 76639   |
| NEWGD_GRYQDK              | 75435   |
| YXGJ_QINGCE_BACKUP        | 70691   |
| YXGD_FWXINXI              | 69550   |
| YXGD_DKXINXI              | 69548   |
| YXGD_GRXINXI              | 69548   |
| YXZHIQU_REGISTER          | 68181   |
。。。。。。。

漏洞证明：

同上

修复方案：

过滤。。。。。。。

版权声明：转载请注明来源 abb@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：6

确认时间：2016-01-22 10:12

厂商回复：

漏洞重复，CNVD不在重复处置。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0171043

漏洞标题：芜湖市住房公积金管理中心SQL注入涉及全市公积金缴纳人员信息

相关厂商：芜湖市住房公积金管理中心

漏洞作者： abb

提交时间：2016-01-19 16:48

修复时间：2016-03-05 09:52

公开时间：2016-03-05 09:52

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 abb@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0171043

漏洞标题：芜湖市住房公积金管理中心SQL注入涉及全市公积金缴纳人员信息

相关厂商：芜湖市住房公积金管理中心

漏洞作者： abb

提交时间：2016-01-19 16:48

修复时间：2016-03-05 09:52

公开时间：2016-03-05 09:52

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0171043"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 abb@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：